d7e118a3...5a3b

Monitored Processes

Process Overview

ID	PID	Monitor Reason	Integrity Level	Image Name	Command Line	Origin ID
#1	0x8c4	Analysis Target	High (Elevated)	flashplayer_install.exe	"C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe"	-
#2	0xc24	Child Process	High (Elevated)	wscript.exe	"C:\Windows\System32\WScript.exe" "C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msg.vbs"	#1
#3	0xc14	Child Process	High (Elevated)	enc.exe	"C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enc.exe"	#1
#4	0x8fc	Autostart	Medium	dec.exe	"C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dec.exe"	-
#6	0x57c	Autostart	Medium	enc.exe	"C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enc.exe"	-
#7	0x7a4	Child Process	Medium	vssadmin.exe	vssadmin delete shadows /all	#6
#9	0x758	Child Process	Medium	cmd.exe	cmd.exe /c powershell -WindowStyle Hidden Start-Process Dec.exe -WindowStyle maximized	#6
#11	0xadc	Child Process	Medium	powershell.exe	powershell -WindowStyle Hidden Start-Process Dec.exe -WindowStyle maximized	#9
#12	0xa34	Child Process	Medium	cmd.exe	cmd.exe /c start dec.exe	#6

Behavior Information - Grouped by Category

Process #1: flashplayer_install.exe

263

Information	Value
ID	#1
File Name	c:\users\ciihmnxmn6ps\desktop\flashplayer_install.exe
Command Line	"C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe"
Initial Working Directory	C:\Users\CIiHmnxMn6Ps\Desktop\
Monitor	Start Time: 00:00:53, Reason: Analysis Target
Unmonitor	End Time: 00:01:06, Reason: Self Terminated
Monitor Duration	00:00:13

OS Process Information

Information	Value
PID	0x8c4
Parent PID	0x57c (c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\windows\start menu\programs\startup\enc.exe)
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x 150 0x C08 0x C58 0x A38 0x B80 0x C9C 0x 648 0x B24 0x 820 0x B20 0x 900 0x 518 0x 2EC 0x 524 0x 4F8 0x 148 0x 2CC 0x 538 0x CAC 0x 65C 0x 61C 0x 564 0x C98 0x 2C8 0x 4F0 0x 2E4 0x 51C 0x 924 0x CC8 0x BF8 0x A40 0x CCC 0x CC4 0x CC0 0x 41C 0x C2C 0x C28 0x C04 0x C20

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000090000	0x00090000	0x000affff	Private Memory	rw	-
pagefile_0x0000000000090000	0x00090000	0x0009ffff	Pagefile Backed Memory	rw	-
private_0x00000000000a0000	0x000a0000	0x000a3fff	Private Memory	rw	-
private_0x00000000000b0000	0x000b0000	0x000b1fff	Private Memory	rw	-
private_0x00000000000b0000	0x000b0000	0x000b0fff	Private Memory	rw	-
pagefile_0x00000000000c0000	0x000c0000	0x000d3fff	Pagefile Backed Memory	r	-
private_0x00000000000e0000	0x000e0000	0x0011ffff	Private Memory	rw	-
private_0x0000000000120000	0x00120000	0x0021ffff	Private Memory	rw	-
pagefile_0x0000000000220000	0x00220000	0x00223fff	Pagefile Backed Memory	r	-
pagefile_0x0000000000230000	0x00230000	0x00232fff	Pagefile Backed Memory	r	-
private_0x0000000000240000	0x00240000	0x00241fff	Private Memory	rw	-
private_0x0000000000250000	0x00250000	0x00250fff	Private Memory	rw	-
flashplayer_install.exe	0x00260000	0x002e0fff	Memory Mapped File	rwx	... Region Actions Download Dump
locale.nls	0x002f0000	0x003adfff	Memory Mapped File	r	-
private_0x00000000003b0000	0x003b0000	0x003effff	Private Memory	rw	-
windowsshell.manifest	0x003f0000	0x003f0fff	Memory Mapped File	r	-
private_0x00000000003f0000	0x003f0000	0x003f0fff	Private Memory	rw	-
pagefile_0x0000000000400000	0x00400000	0x00401fff	Pagefile Backed Memory	r	-
private_0x0000000000410000	0x00410000	0x0044ffff	Private Memory	rw	-
pagefile_0x0000000000450000	0x00450000	0x00450fff	Pagefile Backed Memory	r	-
pagefile_0x0000000000450000	0x00450000	0x00453fff	Pagefile Backed Memory	r	-
private_0x0000000000460000	0x00460000	0x0046ffff	Private Memory	rw	-
private_0x0000000000470000	0x00470000	0x0050ffff	Private Memory	rw	-
private_0x0000000000470000	0x00470000	0x004effff	Private Memory	rw	-
user32.dll.mui	0x004f0000	0x004f4fff	Memory Mapped File	r	-
private_0x0000000000500000	0x00500000	0x0050ffff	Private Memory	rw	-
private_0x0000000000510000	0x00510000	0x00513fff	Private Memory	rw	-
private_0x0000000000520000	0x00520000	0x0061ffff	Private Memory	rw	-
private_0x0000000000620000	0x00620000	0x0071ffff	Private Memory	rw	-
pagefile_0x0000000000720000	0x00720000	0x008a7fff	Pagefile Backed Memory	r	-
private_0x00000000008b0000	0x008b0000	0x008cbfff	Private Memory	rw	-
private_0x00000000008d0000	0x008d0000	0x008dffff	Private Memory	rw	-
pagefile_0x00000000008e0000	0x008e0000	0x00a60fff	Pagefile Backed Memory	r	-
pagefile_0x0000000000a70000	0x00a70000	0x01e6ffff	Pagefile Backed Memory	r	-
sortdefault.nls	0x01e70000	0x021a6fff	Memory Mapped File	r	-
oleaut32.dll	0x021b0000	0x02240fff	Memory Mapped File	r	-
private_0x00000000021b0000	0x021b0000	0x0224ffff	Private Memory	rw	-
private_0x00000000021b0000	0x021b0000	0x021cbfff	Private Memory	rw	-
private_0x00000000021b0000	0x021b0000	0x021b0fff	Private Memory	rw	-
pagefile_0x00000000021c0000	0x021c0000	0x021c0fff	Pagefile Backed Memory	r	-
private_0x00000000021d0000	0x021d0000	0x021fffff	Private Memory	rw	-
pagefile_0x00000000021d0000	0x021d0000	0x021dffff	Pagefile Backed Memory	rw	-
pagefile_0x00000000021e0000	0x021e0000	0x021effff	Pagefile Backed Memory	rw	-
pagefile_0x00000000021f0000	0x021f0000	0x021fffff	Pagefile Backed Memory	rw	-
private_0x0000000002200000	0x02200000	0x0221bfff	Private Memory	rw	-
pagefile_0x0000000002220000	0x02220000	0x02220fff	Pagefile Backed Memory	r	-
pagefile_0x0000000002230000	0x02230000	0x02232fff	Pagefile Backed Memory	r	-
private_0x0000000002240000	0x02240000	0x0224ffff	Private Memory	rw	-
private_0x0000000002250000	0x02250000	0x0234ffff	Private Memory	rw	-
pagefile_0x0000000002350000	0x02350000	0x02407fff	Pagefile Backed Memory	r	-
private_0x0000000002410000	0x02410000	0x02510fff	Private Memory	rw	-
pagefile_0x0000000002410000	0x02410000	0x02901fff	Pagefile Backed Memory	rw	-
private_0x0000000002910000	0x02910000	0x02913fff	Private Memory	rw	-
staticcache.dat	0x02920000	0x0395ffff	Memory Mapped File	r	-
private_0x0000000003960000	0x03960000	0x03b66fff	Private Memory	rw	-
private_0x0000000003960000	0x03960000	0x03a68fff	Private Memory	rw	-
pagefile_0x0000000003960000	0x03960000	0x03960fff	Pagefile Backed Memory	r	-
private_0x0000000003960000	0x03960000	0x03b6ffff	Private Memory	rw	-
private_0x0000000003960000	0x03960000	0x03a65fff	Private Memory	rw	-
private_0x0000000003960000	0x03960000	0x03b64fff	Private Memory	rw	-
private_0x0000000003b70000	0x03b70000	0x03f7ffff	Private Memory	rw	-
private_0x0000000003f80000	0x03f80000	0x0407ffff	Private Memory	rw	-
private_0x0000000004080000	0x04080000	0x0427ffff	Private Memory	rw	-
pagefile_0x0000000004280000	0x04280000	0x04280fff	Pagefile Backed Memory	rw	-
private_0x0000000004290000	0x04290000	0x042cffff	Private Memory	rw	-
private_0x00000000042d0000	0x042d0000	0x043cffff	Private Memory	rw	-
private_0x00000000043d0000	0x043d0000	0x0440ffff	Private Memory	rw	-
private_0x0000000004410000	0x04410000	0x0450ffff	Private Memory	rw	-
private_0x0000000004510000	0x04510000	0x0454ffff	Private Memory	rw	-
private_0x0000000004550000	0x04550000	0x0464ffff	Private Memory	rw	-
private_0x0000000004650000	0x04650000	0x0468ffff	Private Memory	rw	-
private_0x0000000004690000	0x04690000	0x0478ffff	Private Memory	rw	-
private_0x0000000004790000	0x04790000	0x047cffff	Private Memory	rw	-
private_0x00000000047d0000	0x047d0000	0x048cffff	Private Memory	rw	-
private_0x00000000048d0000	0x048d0000	0x0490ffff	Private Memory	rw	-
private_0x0000000004910000	0x04910000	0x04a0ffff	Private Memory	rw	-
private_0x0000000004a10000	0x04a10000	0x04a4ffff	Private Memory	rw	-
private_0x0000000004a50000	0x04a50000	0x04b4ffff	Private Memory	rw	-
private_0x0000000004b50000	0x04b50000	0x04b8ffff	Private Memory	rw	-
private_0x0000000004b90000	0x04b90000	0x04c8ffff	Private Memory	rw	-
private_0x0000000004c90000	0x04c90000	0x04ccffff	Private Memory	rw	-
private_0x0000000004cd0000	0x04cd0000	0x04dcffff	Private Memory	rw	-
private_0x0000000004dd0000	0x04dd0000	0x04e0ffff	Private Memory	rw	-
private_0x0000000004e10000	0x04e10000	0x04f0ffff	Private Memory	rw	-
private_0x0000000004f10000	0x04f10000	0x04f4ffff	Private Memory	rw	-
private_0x0000000004f50000	0x04f50000	0x0504ffff	Private Memory	rw	-
private_0x0000000005050000	0x05050000	0x0508ffff	Private Memory	rw	-
private_0x0000000005090000	0x05090000	0x0518ffff	Private Memory	rw	-
private_0x0000000005190000	0x05190000	0x051cffff	Private Memory	rw	-
private_0x00000000051d0000	0x051d0000	0x052cffff	Private Memory	rw	-
private_0x00000000052d0000	0x052d0000	0x0530ffff	Private Memory	rw	-
private_0x0000000005310000	0x05310000	0x0540ffff	Private Memory	rw	-
private_0x0000000005410000	0x05410000	0x0544ffff	Private Memory	rw	-
private_0x0000000005450000	0x05450000	0x0554ffff	Private Memory	rw	-
private_0x0000000005550000	0x05550000	0x0558ffff	Private Memory	rw	-
private_0x0000000005590000	0x05590000	0x0568ffff	Private Memory	rw	-
private_0x0000000005690000	0x05690000	0x056cffff	Private Memory	rw	-
private_0x00000000056d0000	0x056d0000	0x057cffff	Private Memory	rw	-
wow64cpu.dll	0x5baa0000	0x5baa7fff	Memory Mapped File	rwx	-
wow64win.dll	0x5bab0000	0x5bb22fff	Memory Mapped File	rwx	-
wow64.dll	0x5bb30000	0x5bb7efff	Memory Mapped File	rwx	-
tiptsf.dll	0x73f40000	0x73fbcfff	Memory Mapped File	rwx	-
windowscodecs.dll	0x73fc0000	0x74130fff	Memory Mapped File	rwx	-
comctl32.dll	0x74140000	0x74348fff	Memory Mapped File	rwx	-
msls31.dll	0x74350000	0x7437cfff	Memory Mapped File	rwx	-
usp10.dll	0x74380000	0x74395fff	Memory Mapped File	rwx	-
riched20.dll	0x743a0000	0x74420fff	Memory Mapped File	rwx	-
bcrypt.dll	0x74430000	0x7444afff	Memory Mapped File	rwx	-
rsaenh.dll	0x74450000	0x7447efff	Memory Mapped File	rwx	-
sfc_os.dll	0x74480000	0x7448efff	Memory Mapped File	rwx	-
version.dll	0x74490000	0x74497fff	Memory Mapped File	rwx	-
gdiplus.dll	0x744a0000	0x7460afff	Memory Mapped File	rwx	-
dwmapi.dll	0x74610000	0x7462cfff	Memory Mapped File	rwx	-
uxtheme.dll	0x74630000	0x746a4fff	Memory Mapped File	rwx	-
bcryptprimitives.dll	0x74750000	0x747a8fff	Memory Mapped File	rwx	-
cryptbase.dll	0x747b0000	0x747b9fff	Memory Mapped File	rwx	-
sspicli.dll	0x747c0000	0x747ddfff	Memory Mapped File	rwx	-
rpcrt4.dll	0x74a00000	0x74aabfff	Memory Mapped File	rwx	-
kernel.appcore.dll	0x74ab0000	0x74abbfff	Memory Mapped File	rwx	-
shlwapi.dll	0x74da0000	0x74de3fff	Memory Mapped File	rwx	-
msctf.dll	0x74df0000	0x74f0ffff	Memory Mapped File	rwx	-
imm32.dll	0x74f10000	0x74f3afff	Memory Mapped File	rwx	-
kernel32.dll	0x74f40000	0x7502ffff	Memory Mapped File	rwx	-
gdi32.dll	0x75030000	0x7517cfff	Memory Mapped File	rwx	-
profapi.dll	0x75180000	0x7518efff	Memory Mapped File	rwx	-
kernelbase.dll	0x75190000	0x75305fff	Memory Mapped File	rwx	-
shell32.dll	0x75310000	0x766cefff	Memory Mapped File	rwx	-
windows.storage.dll	0x76790000	0x76c6cfff	Memory Mapped File	rwx	-
user32.dll	0x76c70000	0x76daffff	Memory Mapped File	rwx	-
msvcrt.dll	0x76f20000	0x76fddfff	Memory Mapped File	rwx	-
clbcatq.dll	0x76fe0000	0x77061fff	Memory Mapped File	rwx	-
oleaut32.dll	0x770d0000	0x77161fff	Memory Mapped File	rwx	-
ole32.dll	0x77170000	0x77259fff	Memory Mapped File	rwx	-
powrprof.dll	0x77260000	0x772a3fff	Memory Mapped File	rwx	-
sechost.dll	0x772b0000	0x772f2fff	Memory Mapped File	rwx	-
shcore.dll	0x77300000	0x7738cfff	Memory Mapped File	rwx	-
combase.dll	0x77390000	0x77549fff	Memory Mapped File	rwx	-
advapi32.dll	0x77550000	0x775cafff	Memory Mapped File	rwx	-
ntdll.dll	0x776b0000	0x77828fff	Memory Mapped File	rwx	-
pagefile_0x000000007f100000	0x7f100000	0x7f1fffff	Pagefile Backed Memory	r	-
pagefile_0x000000007f200000	0x7f200000	0x7f222fff	Pagefile Backed Memory	r	-
private_0x000000007f224000	0x7f224000	0x7f224fff	Private Memory	rw	-
private_0x000000007f226000	0x7f226000	0x7f228fff	Private Memory	rw	-
private_0x000000007f229000	0x7f229000	0x7f22bfff	Private Memory	rw	-
private_0x000000007f22c000	0x7f22c000	0x7f22efff	Private Memory	rw	-
private_0x000000007f22f000	0x7f22f000	0x7f22ffff	Private Memory	rw	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	r	-
private_0x000000007fff0000	0x7fff0000	0x7ffc57b4ffff	Private Memory	r	-
ntdll.dll	0x7ffc57b50000	0x7ffc57d11fff	Memory Mapped File	rwx	-
private_0x00007ffc57d12000	0x7ffc57d12000	0x7ffffffeffff	Private Memory	r	-
For performance reasons, the remaining 93 entries are omitted. The remaining entries can be found in flog.txt.

Created Files

Filename	File Size	Hash Values	Actions
__tmp_rar_sfx_access_check_18127031	0.00 KB	MD5: d41d8cd98f00b204e9800998ecf8427e SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 SSDeep: 3::	... File Actions Show Properties
Dec.exe	583.50 KB	MD5: 6b4ed5d3fdfefa2a14635c177ea2c30d SHA1: 50b8940981d51cea6bac3a6849f7df3008a43ace SHA256: f2f4323df1a065cde9269b1c801fa912b296e36d08452e038778ba16b05dcba9 SSDeep: 12288:fF/mBn4BnBQJc48dP2nlrvArNwjpYDNh5B38GJdZ+1SvMXFQatpYuzxNT:lEqB8H8dPst4yjcNWYEXqanYIT	... File Actions Show Properties Download
msg.vbs	0.04 KB	MD5: eae8d08312fbbb511effa07e71ebf73e SHA1: f55b9028098bba49fa87dfa7412b52869cfdfb79 SHA256: ae3e856a3a707e9ed600a988a3855cdb5375de93c2c54619741225404d2edad1 SSDeep: 3:sYo9KnNu5THmy:sYoon8THH	... File Actions Show Properties Download
Enc.exe	806.00 KB	MD5: 5b640be895c03f0d7f4e8ab7a1d82947 SHA1: 3f2b30d3e72df24632fdf505a194e3027723240f SHA256: 22488abddbd4a61bb32bb7c2883b56e2f97541f85125f8d4c1593f65853a1d48 SSDeep: 12288:LSRLR0COrHA5bvnaQxERIKPsE7R3M/JRUhkSsUuiCSf8FbujCx9GI5wFeD+Fro9f:L6R0COrgTaQxERj0D/J2yoMbjyerD1b	... File Actions Show Properties Download

Host Behavior

File (133)

Operation	Filename	Additional Information	Count	Logfile
Create	C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ	1	Fn
Create	__tmp_rar_sfx_access_check_18127031	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ	1	Fn
Create	Dec.exe	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	Enc.exe	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create	msg.vbs	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ	1	Fn
Create Directory	C:\Users	-	1	Fn
Create Directory	C:\Users\CIiHmnxMn6Ps	-	1	Fn
Create Directory	C:\Users\CIiHmnxMn6Ps\AppData	-	1	Fn
Create Directory	C:\Users\CIiHmnxMn6Ps\AppData\Roaming	-	1	Fn
Create Directory	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft	-	1	Fn
Create Directory	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows	-	1	Fn
Create Directory	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu	-	1	Fn
Create Directory	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs	-	1	Fn
Create Directory	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup	-	1	Fn
Add Search Path	-	-	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\Desktop\DXGIDebug.dll	type = file_attributes	1	Fn
Get Info	C:\Users	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Roaming	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup	type = file_attributes	1	Fn
Get Info	Dec.exe	type = file_attributes	1	Fn
Get Info	\\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dec.exe	type = file_attributes	1	Fn
Get Info	Dec.exe	type = file_type	1	Fn
Get Info	Enc.exe	type = file_attributes	1	Fn
Get Info	\\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enc.exe	type = file_attributes	1	Fn
Get Info	Enc.exe	type = file_type	1	Fn
Get Info	msg.vbs	type = file_attributes	1	Fn
Get Info	\\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msg.vbs	type = file_attributes	1	Fn
Get Info	msg.vbs	type = file_type	1	Fn
Get Info	msg.vbs	type = file_attributes	1	Fn
Get Info	Enc.exe	type = file_attributes	1	Fn
Open	STD_INPUT_HANDLE	-	1	Fn
Open	STD_OUTPUT_HANDLE	-	1	Fn
Open	STD_ERROR_HANDLE	-	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe	size = 8192, size_out = 8192	47	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe	size = 7, size_out = 7	6	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe	size = 2097136, size_out = 1733086	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe	size = 1, size_out = 1	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe	size = 10, size_out = 10	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe	size = 17, size_out = 17	2	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe	size = 35, size_out = 35	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe	size = 167, size_out = 167	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe	size = 7, size_out = 7	12	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe	size = 2097136, size_out = 1733086	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe	size = 1, size_out = 1	2	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe	size = 10, size_out = 10	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe	size = 17, size_out = 17	3	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe	size = 35, size_out = 35	3	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe	size = 167, size_out = 167	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe	size = 584055, size_out = 584055	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe	size = 765553, size_out = 765553	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe	size = 33, size_out = 33	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe	size = 12, size_out = 12	1	Fn Data
Write	Dec.exe	size = 597504	1	Fn Data
Write	Enc.exe	size = 825344	1	Fn Data
Write	msg.vbs	size = 37	1	Fn Data
Delete	__tmp_rar_sfx_access_check_18127031	-	1	Fn

Process (2)

Operation	Process	Additional Information	Success	Count	Logfile
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msg.vbs	show_window = SW_SHOWNORMAL		1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enc.exe	show_window = SW_SHOWNORMAL		1	Fn

Module (86)

Operation	Module	Additional Information	Count	Logfile
Load	<pi-ms-win-core-synch-l1-2-0	base_address = 0x0	2	Fn
Load	kernel32	base_address = 0x74f40000	2	Fn
Load	<pi-ms-win-core-fibers-l1-1-1	base_address = 0x0	2	Fn
Load	<pi-ms-win-core-localization-l1-2-1	base_address = 0x0	1	Fn
Load	C:\Windows\system32\version.dll	base_address = 0x74490000	1	Fn
Load	C:\Windows\system32\DXGIDebug.dll	base_address = 0x0	1	Fn
Load	C:\Windows\system32\sfc_os.dll	base_address = 0x74480000	1	Fn
Load	C:\Windows\system32\SSPICLI.DLL	base_address = 0x747c0000	1	Fn
Load	C:\Windows\system32\rsaenh.dll	base_address = 0x74450000	1	Fn
Load	C:\Windows\system32\UXTheme.dll	base_address = 0x74630000	1	Fn
Load	C:\Windows\system32\dwmapi.dll	base_address = 0x74610000	1	Fn
Load	C:\Windows\system32\cryptbase.dll	base_address = 0x747b0000	1	Fn
Load	C:\Windows\system32\riched20.dll	base_address = 0x743a0000	1	Fn
Load	ole32.dll	base_address = 0x77170000	1	Fn
Load	COMCTL32.dll	base_address = 0x74140000	1	Fn
Load	SHELL32.dll	base_address = 0x75310000	1	Fn
Load	USER32.dll	base_address = 0x76c70000	1	Fn
Load	GDI32.dll	base_address = 0x75030000	1	Fn
Load	SHLWAPI.dll	base_address = 0x74da0000	1	Fn
Load	api-ms-win-appmodel-runtime-l1-1-1	base_address = 0x74ab0000	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x74f40000	1	Fn
Get Handle	c:\users\ciihmnxmn6ps\desktop\flashplayer_install.exe	base_address = 0x260000	4	Fn
Get Handle	mscoree.dll	-	1	Fn
Get Filename	<pi-ms-win-core-localization-l1-2-1	process_name = c:\users\ciihmnxmn6ps\desktop\flashplayer_install.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe, size = 260	1	Fn
Get Filename	<pi-ms-win-core-localization-l1-2-1	process_name = c:\users\ciihmnxmn6ps\desktop\flashplayer_install.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe, size = 2048	1	Fn
Get Filename	C:\Windows\system32\DXGIDebug.dll	process_name = c:\users\ciihmnxmn6ps\desktop\flashplayer_install.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe, size = 2048	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionEx, address_out = 0x74f66030	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsAlloc, address_out = 0x74f5a330	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsSetValue, address_out = 0x74f59910	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsGetValue, address_out = 0x74f57580	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringEx, address_out = 0x74f59970	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetDllDirectoryW, address_out = 0x74f64c10	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetDefaultDllDirectories, address_out = 0x752c0790	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = OleInitialize, address_out = 0x77199c50	1	Fn
Get Address	c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849\comctl32.dll	function = InitCommonControlsEx, address_out = 0x741c0d20	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetMalloc, address_out = 0x754b0c10	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = LoadIconW, address_out = 0x76c87710	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = LoadBitmapW, address_out = 0x76c90550	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CreateStreamOnHGlobal, address_out = 0x773f0a50	1	Fn
Get Address	c:\windows\syswow64\gdi32.dll	function = GetObjectW, address_out = 0x750b2220	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetDC, address_out = 0x76ca4dd0	1	Fn
Get Address	c:\windows\syswow64\gdi32.dll	function = GetDeviceCaps, address_out = 0x750b0820	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = ReleaseDC, address_out = 0x76c889f0	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DialogBoxParamW, address_out = 0x76ccc010	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetWindowRect, address_out = 0x76c85930	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetClientRect, address_out = 0x76c82650	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetWindowTextW, address_out = 0x76c94710	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = SetWindowTextW, address_out = 0x76c94580	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetSystemMetrics, address_out = 0x76c855d0	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetWindow, address_out = 0x76c8b590	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = SendMessageW, address_out = 0x76c838f0	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = SendDlgItemMessageW, address_out = 0x76c91500	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetDlgItem, address_out = 0x76c91540	2	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetClassNameW, address_out = 0x76c8ce80	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = FindWindowExW, address_out = 0x76ca2240	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = SHAutoComplete, address_out = 0x74dbbc80	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PeekMessageW, address_out = 0x76c8ac30	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetMessageW, address_out = 0x76ca3230	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = TranslateMessage, address_out = 0x76c8b9d0	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DispatchMessageW, address_out = 0x76c83e40	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetDlgItemTextW, address_out = 0x76c91620	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = SetFocus, address_out = 0x76ca5240	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = LoadStringW, address_out = 0x76c8cf10	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = ShowWindow, address_out = 0x76ca52a0	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = SetDlgItemTextW, address_out = 0x76c914d0	2	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetWindowLongW, address_out = 0x76c84e80	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = SetWindowLongW, address_out = 0x76c81830	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = CharUpperW, address_out = 0x76c8df20	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteExW, address_out = 0x754a4cb0	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = EnableWindow, address_out = 0x76ca0a50	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = EndDialog, address_out = 0x76c9b430	1	Fn
Get Address	c:\windows\syswow64\gdi32.dll	function = DeleteObject, address_out = 0x750b0050	2	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = OleUninitialize, address_out = 0x77199170	1	Fn
Get Address	c:\windows\syswow64\kernel.appcore.dll	function = GetCurrentPackageId, address_out = 0x74ab2c80	1	Fn

Window (2)

Operation	Window Name	Additional Information	Success	Count	Logfile
Find	-	class_name = EDIT		1	Fn
Set Attribute	-	index = 18446744073709551600, new_long = 1342341248		1	Fn

System (13)

Operation	Additional Information	Count	Logfile
Get Time	type = Local Time, time = 2019-03-03 07:08:09 (Local Time)	1	Fn
Get Time	type = Ticks, time = 127031	1	Fn
Get Time	type = System Time, time = 2019-03-02 20:08:10 (UTC)	1	Fn
Get Info	type = Operating System	1	Fn
Get Info	type = System Directory, result_out = C:\Windows\system32	9	Fn

Environment (5)

Operation	Additional Information	Count	Logfile
Get Environment String	-	1	Fn Data
Set Environment String	name = sfxcmd, value = "C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe"	1	Fn
Set Environment String	name = sfxpar	1	Fn
Set Environment String	name = sfxname, value = C:\Users\CIiHmnxMn6Ps\Desktop\flashplayer_install.exe	1	Fn
Set Environment String	name = sfxstime, value = 2019-03-03-07-08-09-086	1	Fn

Process #2: wscript.exe

Information	Value
ID	#2
File Name	c:\windows\syswow64\wscript.exe
Command Line	"C:\Windows\System32\WScript.exe" "C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msg.vbs"
Initial Working Directory	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor	Start Time: 00:01:03, Reason: Child Process
Unmonitor	End Time: 00:01:07, Reason: Self Terminated
Monitor Duration	00:00:04

OS Process Information

Information	Value
PID	0xc24
Parent PID	0x8c4 (c:\users\ciihmnxmn6ps\desktop\flashplayer_install.exe)
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x C38 0x 36C 0x A44

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000060000	0x00060000	0x0007ffff	Private Memory	rw	-
pagefile_0x0000000000060000	0x00060000	0x0006ffff	Pagefile Backed Memory	rw	-
private_0x0000000000070000	0x00070000	0x00073fff	Private Memory	rw	-
private_0x0000000000080000	0x00080000	0x00081fff	Private Memory	rw	-
wscript.exe.mui	0x00080000	0x00082fff	Memory Mapped File	r	-
pagefile_0x0000000000090000	0x00090000	0x000a3fff	Pagefile Backed Memory	r	-
private_0x00000000000b0000	0x000b0000	0x000effff	Private Memory	rw	-
private_0x00000000000f0000	0x000f0000	0x001effff	Private Memory	rw	-
pagefile_0x00000000001f0000	0x001f0000	0x001f3fff	Pagefile Backed Memory	r	-
pagefile_0x0000000000200000	0x00200000	0x00200fff	Pagefile Backed Memory	r	-
private_0x0000000000210000	0x00210000	0x00211fff	Private Memory	rw	-
private_0x0000000000220000	0x00220000	0x0025ffff	Private Memory	rw	-
private_0x0000000000260000	0x00260000	0x00260fff	Private Memory	rw	-
private_0x0000000000270000	0x00270000	0x00270fff	Private Memory	rw	-
pagefile_0x0000000000280000	0x00280000	0x00280fff	Pagefile Backed Memory	r	-
pagefile_0x0000000000280000	0x00280000	0x00283fff	Pagefile Backed Memory	r	-
private_0x0000000000290000	0x00290000	0x0029ffff	Private Memory	rw	-
wscript.exe	0x002a0000	0x002b0fff	Memory Mapped File	r	-
pagefile_0x00000000002c0000	0x002c0000	0x002c0fff	Pagefile Backed Memory	r	-
pagefile_0x00000000002d0000	0x002d0000	0x002d0fff	Pagefile Backed Memory	r	-
user32.dll.mui	0x002e0000	0x002e4fff	Memory Mapped File	r	-
private_0x00000000002f0000	0x002f0000	0x003effff	Private Memory	rw	-
locale.nls	0x003f0000	0x004adfff	Memory Mapped File	r	-
private_0x00000000004b0000	0x004b0000	0x005affff	Private Memory	rw	-
private_0x00000000005b0000	0x005b0000	0x005effff	Private Memory	rw	-
private_0x00000000005f0000	0x005f0000	0x005f3fff	Private Memory	rw	-
pagefile_0x0000000000600000	0x00600000	0x00600fff	Pagefile Backed Memory	r	-
private_0x0000000000630000	0x00630000	0x0063ffff	Private Memory	rw	-
pagefile_0x0000000000640000	0x00640000	0x007c7fff	Pagefile Backed Memory	r	-
pagefile_0x00000000007d0000	0x007d0000	0x00950fff	Pagefile Backed Memory	r	-
private_0x0000000000960000	0x00960000	0x00a7ffff	Private Memory	rw	-
private_0x0000000000960000	0x00960000	0x00a5ffff	Private Memory	rw	-
private_0x0000000000a70000	0x00a70000	0x00a7ffff	Private Memory	rw	-
sortdefault.nls	0x00a80000	0x00db6fff	Memory Mapped File	r	-
pagefile_0x0000000000dc0000	0x00dc0000	0x00e77fff	Pagefile Backed Memory	r	-
private_0x0000000000e80000	0x00e80000	0x00efffff	Private Memory	rw	-
pagefile_0x0000000000f00000	0x00f00000	0x00f59fff	Pagefile Backed Memory	rw	-
wscript.exe	0x00fa0000	0x00fc7fff	Memory Mapped File	rwx	-
pagefile_0x0000000000fd0000	0x00fd0000	0x04fcffff	Pagefile Backed Memory	-	-
pagefile_0x0000000004fd0000	0x04fd0000	0x063cffff	Pagefile Backed Memory	r	-
pagefile_0x00000000063d0000	0x063d0000	0x068c1fff	Pagefile Backed Memory	rw	-
staticcache.dat	0x068d0000	0x0790ffff	Memory Mapped File	r	-
wow64cpu.dll	0x5baa0000	0x5baa7fff	Memory Mapped File	rwx	-
wow64win.dll	0x5bab0000	0x5bb22fff	Memory Mapped File	rwx	-
wow64.dll	0x5bb30000	0x5bb7efff	Memory Mapped File	rwx	-
mpoav.dll	0x74460000	0x74475fff	Memory Mapped File	rwx	-
version.dll	0x74490000	0x74497fff	Memory Mapped File	rwx	-
amsi.dll	0x744a0000	0x744acfff	Memory Mapped File	rwx	-
vbscript.dll	0x744b0000	0x7452efff	Memory Mapped File	rwx	-
sxs.dll	0x74560000	0x745dffff	Memory Mapped File	rwx	-
dwmapi.dll	0x74610000	0x7462cfff	Memory Mapped File	rwx	-
uxtheme.dll	0x74630000	0x746a4fff	Memory Mapped File	rwx	-
bcryptprimitives.dll	0x74750000	0x747a8fff	Memory Mapped File	rwx	-
cryptbase.dll	0x747b0000	0x747b9fff	Memory Mapped File	rwx	-
sspicli.dll	0x747c0000	0x747ddfff	Memory Mapped File	rwx	-
rpcrt4.dll	0x74a00000	0x74aabfff	Memory Mapped File	rwx	-
kernel.appcore.dll	0x74ab0000	0x74abbfff	Memory Mapped File	rwx	-
msctf.dll	0x74df0000	0x74f0ffff	Memory Mapped File	rwx	-
imm32.dll	0x74f10000	0x74f3afff	Memory Mapped File	rwx	-
kernel32.dll	0x74f40000	0x7502ffff	Memory Mapped File	rwx	-
gdi32.dll	0x75030000	0x7517cfff	Memory Mapped File	rwx	-
kernelbase.dll	0x75190000	0x75305fff	Memory Mapped File	rwx	-
user32.dll	0x76c70000	0x76daffff	Memory Mapped File	rwx	-
msvcrt.dll	0x76f20000	0x76fddfff	Memory Mapped File	rwx	-
clbcatq.dll	0x76fe0000	0x77061fff	Memory Mapped File	rwx	-
oleaut32.dll	0x770d0000	0x77161fff	Memory Mapped File	rwx	-
ole32.dll	0x77170000	0x77259fff	Memory Mapped File	rwx	-
sechost.dll	0x772b0000	0x772f2fff	Memory Mapped File	rwx	-
combase.dll	0x77390000	0x77549fff	Memory Mapped File	rwx	-
advapi32.dll	0x77550000	0x775cafff	Memory Mapped File	rwx	-
ntdll.dll	0x776b0000	0x77828fff	Memory Mapped File	rwx	-
pagefile_0x000000007f440000	0x7f440000	0x7f53ffff	Pagefile Backed Memory	r	-
pagefile_0x000000007f540000	0x7f540000	0x7f562fff	Pagefile Backed Memory	r	-
private_0x000000007f565000	0x7f565000	0x7f565fff	Private Memory	rw	-
private_0x000000007f566000	0x7f566000	0x7f568fff	Private Memory	rw	-
private_0x000000007f569000	0x7f569000	0x7f56bfff	Private Memory	rw	-
private_0x000000007f56c000	0x7f56c000	0x7f56efff	Private Memory	rw	-
private_0x000000007f56f000	0x7f56f000	0x7f56ffff	Private Memory	rw	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	r	-
private_0x000000007fff0000	0x7fff0000	0x7dfc57b4ffff	Private Memory	r	-
pagefile_0x00007dfc57b50000	0x7dfc57b50000	0x7ffc57b4ffff	Pagefile Backed Memory	-	-
ntdll.dll	0x7ffc57b50000	0x7ffc57d11fff	Memory Mapped File	rwx	-
private_0x00007ffc57d12000	0x7ffc57d12000	0x7ffffffeffff	Private Memory	r	-

Host Behavior

COM (2)

Operation	Class	Interface	Additional Information	Success	Count	Logfile
Create	B54F3741-5B07-11CF-A4B0-00AA004A55E8	00000000-0000-0000-C000-000000000046	cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER		1	Fn
Create	6C736DB1-BD94-11D0-8A23-00AA00B58E10	6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8	cls_context = CLSCTX_INPROC_SERVER		1	Fn

File (1)

Operation	Filename	Additional Information	Success	Count	Logfile
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msg.vbs	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ		1	Fn

Registry (21)

Operation	Key	Additional Information	Count	Logfile
Create Key	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings	-	1	Fn
Create Key	HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings	-	3	Fn
Open Key	HKEY_CLASSES_ROOT\.vbs	-	1	Fn
Open Key	HKEY_CLASSES_ROOT\VBSFile\ScriptEngine	-	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings	value_name = Enabled, data = 140, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings	value_name = LogSecuritySuccesses, data = 0, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings	value_name = IgnoreUserSettings, data = 0, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings	value_name = TrustPolicy, data = 136, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings	value_name = UseWINSAFER, data = 1, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings	value_name = Timeout, data = 240, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings	value_name = DisplayLogo, data = 1, type = REG_SZ	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings	value_name = Timeout, data = 240, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings	value_name = DisplayLogo, data = 49, type = REG_NONE	1	Fn
Read Value	HKEY_CLASSES_ROOT\.vbs	data = VBSFile, type = REG_SZ	1	Fn
Read Value	HKEY_CLASSES_ROOT\VBSFile\ScriptEngine	data = VBScript, type = REG_SZ	1	Fn

Module (13)

Operation	Module	Additional Information	Count	Logfile
Load	kernel32.dll	base_address = 0x74f40000	1	Fn
Load	amsi.dll	base_address = 0x744a0000	1	Fn
Get Handle	c:\windows\syswow64\wscript.exe	base_address = 0xfa0000	2	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x74f40000	1	Fn
Get Handle	c:\windows\syswow64\kernelbase.dll	base_address = 0x75190000	1	Fn
Get Filename	c:\windows\syswow64\wscript.exe	process_name = c:\windows\syswow64\wscript.exe, file_name_orig = C:\Windows\SysWOW64\WScript.exe, size = 261	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapSetInformation, address_out = 0x74f5a200	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = QueryProtectedPolicy, address_out = 0x75259ec0	1	Fn
Get Address	c:\windows\syswow64\amsi.dll	function = AmsiInitialize, address_out = 0x744a3d40	1	Fn
Get Address	c:\windows\syswow64\amsi.dll	function = AmsiScanString, address_out = 0x744a40e0	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = ResolveDelayLoadedAPI, address_out = 0x75244e60	1	Fn
Get Address	c:\windows\syswow64\kernelbase.dll	function = ResolveDelayLoadsFromDll, address_out = 0x752c0770	1	Fn

Window (3)

Operation	Window Name	Additional Information	Count	Logfile
Create	-	class_name = WSH-Timer, wndproc_parameter = 6497608	1	Fn
Create	-	-	1	Fn
Set Attribute	-	class_name = WSH-Timer, index = 18446744073709551595, new_long = 6497608	1	Fn

System (7)

Operation	Additional Information	Count	Logfile
Sleep	duration = -1 (infinite)	4	Fn
Get Time	type = Ticks, time = 129187	1	Fn
Get Info	type = Operating System	1	Fn
Get Info	type = Operating System	1	Fn

Process #3: enc.exe

4685

Information	Value
ID	#3
File Name	c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\windows\start menu\programs\startup\enc.exe
Command Line	"C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enc.exe"
Initial Working Directory	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor	Start Time: 00:01:04, Reason: Child Process
Unmonitor	End Time: 00:01:25, Reason: Self Terminated
Monitor Duration	00:00:21

OS Process Information

Information	Value
PID	0xc14
Parent PID	0x8c4 (c:\users\ciihmnxmn6ps\desktop\flashplayer_install.exe)
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x 554 0x 534 0x 278 0x D00 0x D3C 0x CFC 0x CB8 0x 0

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	rw	-
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	rw	-
private_0x0000000000020000	0x00020000	0x00023fff	Private Memory	rw	-
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	rw	-
private_0x0000000000030000	0x00030000	0x00030fff	Private Memory	rw	-
pagefile_0x0000000000040000	0x00040000	0x00053fff	Pagefile Backed Memory	r	-
private_0x0000000000060000	0x00060000	0x0009ffff	Private Memory	rw	-
private_0x00000000000a0000	0x000a0000	0x0019ffff	Private Memory	rw	-
pagefile_0x00000000001a0000	0x001a0000	0x001a3fff	Pagefile Backed Memory	r	-
private_0x00000000001b0000	0x001b0000	0x001b1fff	Private Memory	rw	-
private_0x00000000001c0000	0x001c0000	0x001fffff	Private Memory	rw	-
private_0x0000000000200000	0x00200000	0x00200fff	Private Memory	rw	-
private_0x0000000000210000	0x00210000	0x0021ffff	Private Memory	rw	-
private_0x0000000000220000	0x00220000	0x0022ffff	Private Memory	rw	-
private_0x0000000000230000	0x00230000	0x0032ffff	Private Memory	rw	-
private_0x0000000000330000	0x00330000	0x0036ffff	Private Memory	rw	-
private_0x0000000000370000	0x00370000	0x0037ffff	Private Memory	rw	-
mswsock.dll.mui	0x00380000	0x00382fff	Memory Mapped File	r	-
wshqos.dll	0x00380000	0x00387fff	Memory Mapped File	r	-
private_0x0000000000380000	0x00380000	0x0038ffff	Private Memory	rw	-
wshqos.dll.mui	0x00390000	0x00390fff	Memory Mapped File	r	-
private_0x0000000000390000	0x00390000	0x0039ffff	Private Memory	rw	-
private_0x00000000003a0000	0x003a0000	0x003affff	Private Memory	rw	-
private_0x00000000003b0000	0x003b0000	0x003effff	Private Memory	rw	-
enc.exe	0x00400000	0x005fcfff	Memory Mapped File	rwx	... Region Actions Download Dump
locale.nls	0x00600000	0x006bdfff	Memory Mapped File	r	-
private_0x00000000006c0000	0x006c0000	0x007bffff	Private Memory	rw	-
pagefile_0x00000000007c0000	0x007c0000	0x00947fff	Pagefile Backed Memory	r	-
pagefile_0x0000000000950000	0x00950000	0x00ad0fff	Pagefile Backed Memory	r	-
pagefile_0x0000000000ae0000	0x00ae0000	0x01edffff	Pagefile Backed Memory	r	-
private_0x0000000001ee0000	0x01ee0000	0x120dffff	Private Memory	rw	-
private_0x00000000120e0000	0x120e0000	0x324dffff	Private Memory	rw	-
private_0x00000000120e0000	0x120e0000	0x121dffff	Private Memory	rw	-
private_0x00000000121e0000	0x121e0000	0x1221ffff	Private Memory	rw	-
private_0x0000000012220000	0x12220000	0x1231ffff	Private Memory	rw	-
private_0x0000000012320000	0x12320000	0x1235ffff	Private Memory	rw	-
private_0x0000000012360000	0x12360000	0x1239ffff	Private Memory	rw	-
mswsock.dll	0x123a0000	0x123edfff	Memory Mapped File	r	-
private_0x00000000123a0000	0x123a0000	0x123dffff	Private Memory	rw	-
private_0x0000000012400000	0x12400000	0x323fffff	Private Memory	rw	-
private_0x0000000032400000	0x32400000	0x324fffff	Private Memory	rw	-
private_0x0000000032500000	0x32500000	0x325fffff	Private Memory	rw	-
sortdefault.nls	0x32600000	0x32936fff	Memory Mapped File	r	-
private_0x0000000032940000	0x32940000	0x329effff	Private Memory	rw	-
private_0x00000000329f0000	0x329f0000	0x32a2ffff	Private Memory	rw	-
private_0x0000000032a30000	0x32a30000	0x32a6ffff	Private Memory	rw	-
private_0x0000000032a70000	0x32a70000	0x32b6ffff	Private Memory	rw	-
private_0x0000000032b70000	0x32b70000	0x32baffff	Private Memory	rw	-
private_0x0000000032bb0000	0x32bb0000	0x32beffff	Private Memory	rw	-
wow64cpu.dll	0x5baa0000	0x5baa7fff	Memory Mapped File	rwx	-
wow64win.dll	0x5bab0000	0x5bb22fff	Memory Mapped File	rwx	-
wow64.dll	0x5bb30000	0x5bb7efff	Memory Mapped File	rwx	-
winmm.dll	0x73f90000	0x73fb3fff	Memory Mapped File	rwx	-
rsaenh.dll	0x743f0000	0x7441efff	Memory Mapped File	rwx	-
bcrypt.dll	0x74420000	0x7443afff	Memory Mapped File	rwx	-
cryptsp.dll	0x74440000	0x74452fff	Memory Mapped File	rwx	-
devobj.dll	0x74530000	0x74550fff	Memory Mapped File	rwx	-
winmmbase.dll	0x745e0000	0x74602fff	Memory Mapped File	rwx	-
apphelp.dll	0x746b0000	0x74740fff	Memory Mapped File	rwx	-
bcryptprimitives.dll	0x74750000	0x747a8fff	Memory Mapped File	rwx	-
cryptbase.dll	0x747b0000	0x747b9fff	Memory Mapped File	rwx	-
sspicli.dll	0x747c0000	0x747ddfff	Memory Mapped File	rwx	-
rpcrt4.dll	0x74a00000	0x74aabfff	Memory Mapped File	rwx	-
ws2_32.dll	0x74d30000	0x74d8bfff	Memory Mapped File	rwx	-
msctf.dll	0x74df0000	0x74f0ffff	Memory Mapped File	rwx	-
imm32.dll	0x74f10000	0x74f3afff	Memory Mapped File	rwx	-
kernel32.dll	0x74f40000	0x7502ffff	Memory Mapped File	rwx	-
gdi32.dll	0x75030000	0x7517cfff	Memory Mapped File	rwx	-
kernelbase.dll	0x75190000	0x75305fff	Memory Mapped File	rwx	-
user32.dll	0x76c70000	0x76daffff	Memory Mapped File	rwx	-
msvcrt.dll	0x76f20000	0x76fddfff	Memory Mapped File	rwx	-
cfgmgr32.dll	0x77080000	0x770b5fff	Memory Mapped File	rwx	-
nsi.dll	0x770c0000	0x770c6fff	Memory Mapped File	rwx	-
sechost.dll	0x772b0000	0x772f2fff	Memory Mapped File	rwx	-
advapi32.dll	0x77550000	0x775cafff	Memory Mapped File	rwx	-
ntdll.dll	0x776b0000	0x77828fff	Memory Mapped File	rwx	-
private_0x000000007fea4000	0x7fea4000	0x7fea6fff	Private Memory	rw	-
private_0x000000007fea7000	0x7fea7000	0x7fea9fff	Private Memory	rw	-
private_0x000000007feaa000	0x7feaa000	0x7feacfff	Private Memory	rw	-
private_0x000000007fead000	0x7fead000	0x7feaffff	Private Memory	rw	-
pagefile_0x000000007feb0000	0x7feb0000	0x7ffaffff	Pagefile Backed Memory	r	-
pagefile_0x000000007ffb0000	0x7ffb0000	0x7ffd2fff	Pagefile Backed Memory	r	-
private_0x000000007ffd5000	0x7ffd5000	0x7ffd7fff	Private Memory	rw	-
private_0x000000007ffd8000	0x7ffd8000	0x7ffdafff	Private Memory	rw	-
private_0x000000007ffdb000	0x7ffdb000	0x7ffddfff	Private Memory	rw	-
private_0x000000007ffde000	0x7ffde000	0x7ffdefff	Private Memory	rw	-
private_0x000000007ffdf000	0x7ffdf000	0x7ffdffff	Private Memory	rw	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	r	-
private_0x000000007fff0000	0x7fff0000	0x7ffc57b4ffff	Private Memory	r	-
ntdll.dll	0x7ffc57b50000	0x7ffc57d11fff	Memory Mapped File	rwx	-
private_0x00007ffc57d12000	0x7ffc57d12000	0x7ffffffeffff	Private Memory	r	-

Created Files

Filename	File Size	Hash Values	Actions
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\History\container.dat.jcry	0.01 KB	MD5: 1daa5397a0887c397ef37996abb27346 SHA1: 8896eb09471ea4b70f2eb2bdc10ef2b307fe1278 SHA256: 5e5415aa22d9716c67f485d78de38ef3add9a33a2677be79f3453b19c1f352ee SSDeep: 3:AZrn:Arn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log.jcry	0.55 KB	MD5: aea2cedbb6854d87f75d74224c12da88 SHA1: 4ad8a06126b4172f3a126a088963c9273615961b SHA256: a1b864565125cc499f5fd8df8d539df201863ff8b06cf81a5e7796ece12bd013 SSDeep: 12:4kHYoDykmYc3lhjE2Biz1I3CVJ1vJQThfnsmAGB7Nn7++itamuHMhL:pHYI2YujwdtW6mpBn7+bca	... File Actions Show Properties Download
C:\Boot\Fonts\malgun_boot.ttf.jcry	164.30 KB	MD5: a4acac7d8c10268d0005f66520fa3d4e SHA1: 361aa7fa509b67c33977629d2a85fd524cd6e25b SHA256: 69bbc488cc00e8544aef840c0952ceb0f11f0a344714500cc709985a87064569 SSDeep: 3072:XBEQpQd1fBrLmYdE8olGYKoMdeOTqF04NqcP6g2OqcnVjfyna+YC3rFO:RE2Qd1FLmY6pMHTmicP6U5fynv7FO	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\page_embed_script.js.jcry	0.25 KB	MD5: df443ad5e925766487067825acbb4ca0 SHA1: 7a325d5cc09951e3d6292e33b452c728334a9e02 SHA256: f398f82592a48b33856a4f4328f07e58e7f2be69cf6d274f86fa80f689a3fe45 SSDeep: 6:1uhwz4RH628tc5ZaAu9h/RPcdIsgoDkNL5cts+DCC27ahj:cRH6iycdseou522	... File Actions Show Properties Download
C:\Boot\Fonts\kor_boot.ttf.jcry	2.00 MB	MD5: 0071baf7fede10cf1acb1894e18c7cac SHA1: ec4c876ff1edf0dc2a6936cfc7bdd906ff9e54ae SHA256: 45043b7c0a6a1924f4f6679ec571ab3c1c368886badf6cca966b5af16a6ea69d SSDeep: 24576:NBkD2TcRjnZjqoSxRdarRXOc+GazR4sygbTaPYdduL2yDp7Rbb:zkqcRrZea/azOs7TYYdUae	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatUaCache\container.dat.jcry	0.01 KB	MD5: 7bb4c7da05d803690fd5e0ea6be0d70e SHA1: be2e1382154646daff3bd413f19fe516089880e4 SHA256: 3707f8908288bee6503d46271975a4fc4d92b6c33e048380ed4c6ccd9b0a0003 SSDeep: 3:/2GHavn:/2G6vn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\devices.html.jcry	0.08 KB	MD5: 06a39677dbc977fdc65b76a422944a26 SHA1: f1b4505647166f89d509ce580f0c7f9d6b75455f SHA256: 03035fe0e96c8681d542db265466de6ee2e6a1df1950254e70b3b6025c806618 SSDeep: 3:VPHx3fIG81Y6u4uTM1yOMmDrVYexQ:12J31dMmDri	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\ETFMMWBM\www.bing[1].xml.jcry	81.96 KB	MD5: eaef6604e7db6c89e286e54832bbe077 SHA1: 2498cd681038e49feb391f1da01f3c54bffd4272 SHA256: e55f4062989fb18c32d0d186419360b12d9b3c1695b91004c964bfad83703d2e SSDeep: 1536:Q6iceoVi3JnE8SqaUm/IlrsOcV4M2ijW4mQoJOLjFo:QjHoVi3mY/dcVL2cW4mQoJ2Fo	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\AppCache\container.dat.jcry	0.01 KB	MD5: 251f1ed65a8c4c4ae17ff269a352c6e7 SHA1: 3a9cb9ba1518b4224a12e4fa3a5c05a26b294f32 SHA256: 11db241e47c65ebac2c3582a0f89babe95cfbddb5ce3412daf9ad330c6a216eb SSDeep: 3:9Tl7:X7	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html.jcry	0.12 KB	MD5: d116e6e99fdf5d30d4f2fe49942c9cab SHA1: 3b857b56082117a902bb36b3fff328041976450c SHA256: afc95e90e4f30eba54457e42a9c1d184831a0242b6462c55436189cde7b9bd89 SSDeep: 3:DJBKV2zy9NM8XUx8Wy1yxt46nwLriSYmXx:NB6/N148WLzBwLuzm	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\container.dat.jcry	0.01 KB	MD5: 764baa0594f9483f54f43331390612a4 SHA1: d68bf8d84f083ff6d5b784bc1697bd95962fee64 SHA256: bd757d9dcdec746165f5a3aa7910747e17814e586fdfc0b0c86ea6153b4867cd SSDeep: 3:Flrn:Flrn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\cast_app.css.jcry	6.56 KB	MD5: f255a26875138614dc9c86a9d14b8be4 SHA1: fc7b7e280fab4313b94e8487c7cab796ad840473 SHA256: 1af75c7e7eef1cfb45fc17d262351811911ebc10e2d2c911c3f1051cea40495c SSDeep: 192:kSNFuqtCpP+LjEcsrNREejc6OmFcIenOtP:kSN4NpsjMNREet86	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\previews_opt_out.db.jcry	16.03 KB	MD5: d766939ca24de220a5a8d6d8af41c4b5 SHA1: c9047780e5344b872381432bfa93507448a4d440 SHA256: ddbdff148aea0b6052247dc416bc13ac2884173dfe35b375448bfa3b8f9bc2c6 SSDeep: 384:V+uLmEoL7kA2N5wwedNBSfQv/52/0JJ74n/4iXbkVaqkE+xy:V+u47kZN5wJdNBSfQ8/A74/4iXYVa7EH	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_close.png.jcry	0.27 KB	MD5: 7f4a3fe98bcca111456ecf5cfed1a3c3 SHA1: 68f7bec42bff63f0414f39dbb9da36fd280e73c6 SHA256: 06ad0aef5aa73726cb725637e53d606a6d6bebf9104149fef2270216d9ab299c SSDeep: 6:0akR1abLOQaotU+cYdHzkfYYspUyEv6rmIX5U9xMJMDUiWhJcwcsr+hU:0afbftU+cKTkAYysCkuMDUizwCC	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat.jcry	0.07 KB	MD5: 7f222b84bd727f2bd9ddf881031a674a SHA1: 5fdeb27cd4101bcfea64f0eb7ae64721f9cb4222 SHA256: f1a2f0f55aae75c4c278a8c05aa8ca19677a94f8c32eb2e8282fa80c7ea5886c SSDeep: 3:Yfguivi50Bsz3Vw5TRV1UY0:YIuMiWS3aR70	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatCache\container.dat.jcry	0.01 KB	MD5: 8e66bbf6468d6b78fcbc0f99a43997ae SHA1: a1046c7770edc8609229b6ae0215efd24ffd7551 SHA256: 476a1accd2bef8e6b461f192bbb29b74182288be1189fdcc360ccc5f7de99849 SSDeep: 3:FpMn:4	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Microsoft.XboxIdentityProvider_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.jcry	16.03 KB	MD5: 0500613cb13b330e4e6dc6267511eedc SHA1: f74b1391e6015d83b50e80f5561418c148566cd9 SHA256: 85654c2be0fb8933b728841a07d0e24345d09061d4b2ee805f056d9646fc6144 SSDeep: 384:uPR67X6xVjtFc+RjfMgEm0vieGUcjTHN9eYB:uPR6w/t1MgEZarXt9x	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\flapper.gif.jcry	68.74 KB	MD5: 8a05714c1faea2bfdb072edcaf2d267e SHA1: fb884fde9f2ef7c57bea87b55e31bcaabc99e373 SHA256: 5abe4f27a96e85b4cfe8ed73ef94d26de95b4149160be906934f14817e8959ac SSDeep: 1536:4kHmGV/UT1cgqWNjrVzadO7HohLHF2GiQ+EJnW1pCI0ysPmTV3:4kHmGVm1nqWNjZ+0bohLH7i9KIjsPmTF	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000004.log.jcry	2.79 KB	MD5: 65756514ff759866e68c0feb0514bf86 SHA1: 00fb6e25539c95a195f6513a91f91914672fac44 SHA256: 186a528c2d00f84acdfdff758d4a0a3121ab097272a43b490bc8f0cc5db01e1e SSDeep: 48:2nX3B8NXGB454IewwBHRPJ1RfY3yZGCwPm5uASmJT2mUR5LMYFl:K3yXqR3BHRDdYCMTPCEoToAYv	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\container.dat.jcry	0.01 KB	MD5: 21eedc84fd9fa90cf87d677e231ee9bb SHA1: a0d40b2ed197e36162727ca9afbdd2aa25bf456e SHA256: ffa0d8aa0b5a7ff2771d273865bfbf8dfb9b4355aacdc7a26ada6c6000330587 SSDeep: 3:C5on:C58	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt.jcry	0.18 KB	MD5: 679e42cb1b4a0a39bf6172a5a660ff4e SHA1: e41c93a6a0bba4add27404dd169b389c4f8bbac8 SHA256: d1f02a109387724d325cd1ec5b2476f96d7e6c8e28013ba67448fad9c9eef6b3 SSDeep: 3:aOFMeRVHrP8ZkxfQDChrGDvA1HUQcYP9Dd+ZCk8kWV+CJdtgciFKXn:aO3THb8gvKDvA1HiYVNkLWkCT9Z	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\P1T4DCFU\www.msn[1].xml.jcry	0.73 KB	MD5: 3c6d854b43a3bb262c6ae41ca5e551c3 SHA1: a6dd049817981059cf5a26bcc26bfde26c3ec062 SHA256: 39887da164eca6b77018bde070402cc13db345e08e331b1d280ac85d02bd78f1 SSDeep: 12:yOLlXiDD8szWRk86hn++M0uRtvBOoykrqg47c7tPPwuDU/hHCuVpO/dPF2C:yGC8siRk80++2tJfxrqg47AtPYuDUZry	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatCache\container.dat.jcry	0.01 KB	MD5: 822df4dc57cea65a073d2cd9194b09ab SHA1: 7677d9fd3068abcebc76218d7a4909a6be9757d9 SHA256: c0f5e5d575901af5b18c89c7d9eb1f8055e5de04b3b9c59dde03ace1d96331bd SSDeep: 3:zOpywn:uywn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatCache\container.dat.jcry	0.01 KB	MD5: 1d1ac96877fe01e71e3e3db7f1398dd0 SHA1: db376778ad85a011c9aa6440ca1f2416b7b26f2b SHA256: 53d60c695eed0e6bd69b0ee92dcd343225315e9f40ae56f03f430d3690911fec SSDeep: 3:8GIGF4:8X	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\index.html.jcry	2.07 KB	MD5: c1fc2ac97a784d0525909e2c236da315 SHA1: 61698f3117a1ad8a7d09e9f624ed932a1bc6c19a SHA256: 6f4f5bffccd5599218241d48139f20699853a598c3a96ff9c747acde4594b4d3 SSDeep: 48:5sCHzz5bP512XFXny19hGwwHwa7ZdgSncnlFVUX1hJbdMa:5LlD2hnyF1Uwi0TVw17v	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_route_details.js.jcry	0.01 KB	MD5: beadcce7c6f3cde0489509d65d74f3ba SHA1: e9b37281af50e61d5a54d304620d79e001ab5ccc SHA256: 21f648ecf0186846eaaaa4c16f377928252f1c66ab009202262f2b6bdb0cf51a SSDeep: 3:h4l6tg:y3	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_route_details.html.jcry	68.50 KB	MD5: 30cde194704dd0a0511f4845c21606b0 SHA1: 5878ea897990f0ada2f7a8a338388e4119165ad8 SHA256: c72c5947541ddec4abbe11d7d1bac8c08eb8dd41c92596407cae0e562a23ab6c SSDeep: 1536:RoJKc+fiZWkLeqOGxEDk3fy4z7ktF/tsS6IxoFdCPsZ:RoAc+fiZWkcJJa61JDK	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\KW0ULAFV.txt.jcry	0.38 KB	MD5: 99c83511a76c9c01a69e134bf74b0ea8 SHA1: 5bc0466cbe364eaf87cfb3e374ff90e5dbc5a7d5 SHA256: 4ad7753eb9be519a7d9608de8110a83e7fc7abf2706907d7b237d82a6018edb4 SSDeep: 6:UZIVVyO3ZsiJUlUMGdbASRstxo3HQfbRILfzh5ZZHNiPq47KSbqUzbwG+xXX4I:UZIVByiJUuMG9A2EWCKtteBbXziXXn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApi\container.dat.jcry	0.01 KB	MD5: 383ef5abf8e4c658a142f48b4c30a820 SHA1: 219b22827a205476c6d0393c066c83c3e03b6f31 SHA256: 3f90cf65b7ea6e4b326f1d992a72b5d8c5b2d0c70d2db7c6767b93a957a8202b SSDeep: 3:aH/:aH/	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\feedback.html.jcry	14.19 KB	MD5: 2dd0b10ebc0e5a661c9d6b4300cf743e SHA1: b763857d8ece5dfd851605587c3da8aad0c9674b SHA256: f834625704abc8be4fe8f9eb005f565db311d19dc1b26714692ae093d6d5f825 SSDeep: 384:HuJKf1m/FQrFSd/t4iEtmCMZMbgmo3GgFP0Xj:OJKf1m/qrcfPE1Mj5GgFP0z	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat.jcry	8.03 KB	MD5: ebad9825c46b07b1b01f91c870c40f3c SHA1: aea40c6d13312b9cd2bb2f7ebb04cff0110a8b02 SHA256: 51cb43767dba9e4b99d7669ea5b153bc65183e1b7cb9fb88eca9c84ec98414b9 SSDeep: 192:wT05vuEUpTiGdVAU36FMuJ0eq6COUJp6BthoQrKOq8qrfA:wYBuxpOcVAi6FFJTZJd1zrKZG	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\128.png.jcry	4.89 KB	MD5: 9961e56f9aaf35c7e514005370b04544 SHA1: 858764c26c05a2c0101a8b4b9a3ae3085fc89349 SHA256: 44b9317849266bedf48a221ef35651ff3d38759357c795a109227a63c71434d1 SSDeep: 96:3bSC9AFgUFMbKY8OTZHXyvoAee/YHYOK6wpYNM0Cuq131qCRkLFB:rSCaiWSZHXPAeNHYOK6wp8oqzB	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png.jcry	3.17 KB	MD5: 23cdc64407be8617f8a401313d6ca6ce SHA1: b511056621de8b1cecddd479edd5142b61b2a334 SHA256: 64357d96ea66317f2265358a6f74e0dc33aad0835e961fec34fd9467c81aa354 SSDeep: 48:WdjdVAK4+hFeSyOHZGW7EzUyH9b/aOCJn1ksNu/6C6GZic0QsbM3QdLjJ4W:Wdh1xRwBH9rannpuCCdkc0QsY3e1	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\container.dat.jcry	0.01 KB	MD5: a1eace12699406baed4c129f5c3389bb SHA1: d5ff3b61ec4c83b40303843934b59dad29433555 SHA256: af9c225526fef59b7a6a68de57f21cee15514c566027a84876784fc6a65cfba0 SSDeep: 3:G+4n:X4	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\History\container.dat.jcry	0.01 KB	MD5: 8d921148181e0595aa997e460ba6bb94 SHA1: e36435118001059c3dec84a94ba5794722129908 SHA256: 13739a4e15030fe03c2eaeed9c81ab1c073a3cffd4524654c9f98118892d7c10 SSDeep: 3:snSGIn:USGIn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCache\container.dat.jcry	0.01 KB	MD5: 081cd1611849c27984b1b3a27f3f57a5 SHA1: 5c5d3b3c50079876d725629ded12b3c562c11a67 SHA256: a72d9eb5fd57103b3d5b7c8a566e2c67cb1e3cd33d3654ce9167ff01f0a57daa SSDeep: 3:926n:o6n	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\container.dat.jcry	0.01 KB	MD5: 897818ac26e4e4b41c5821de5ec54ae3 SHA1: f70ae6a8ebdaa3523645845a40c61232d035c083 SHA256: 7e4eb56457505f7a2ec3013333a762b3993002b86068d5e44193faa048812ad0 SSDeep: 3:8T1:C1	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003B.log.jcry	512.03 KB	MD5: 87cd90496f3b7ea8f3724d3e8b799df7 SHA1: 42b607120d920fad3132b0207515a27813c7dd06 SHA256: 651640a238cadefa592a2629e77ac26dc1b1e985773ce1254ba6ddefecadcd05 SSDeep: 12288:MMt8VGw4Nu/ehaLxAOW3TTT863nYrtsJNpZQ6SG8t41YnS3:zyV3ehaLx4fXctaNpKng	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js.jcry	34.38 KB	MD5: 49e76b9c454a65de201f8fb5d5a7a04e SHA1: 365e947fe035701e688d49ce851a04a1a1195085 SHA256: 0954b9b1711377a91cd018b6cb684baa7991a8b946a36f12a063249696993e28 SSDeep: 768:hP4A98qZe7ry8xcSDZjRgPS7Yb+CNIv2XlhKtvkj:hP4eo68xceZFSSkhE2XXevkj	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\contentscript_bin_prod.js.jcry	4.28 KB	MD5: ddc58883e70dec6269695b724f6d67a7 SHA1: 071ad092bbe60aa1c10c64b1ea644df16e61425b SHA256: ce09504ad0c9c57480392a6938a39a55bf3eb7d172a7f21600ce0d57b42bd0f9 SSDeep: 96:/XjF1Sn7EXWVr2FLlX6fBen8Phoo364ic7mFB+OIFdmuUdg+M/GE/nK35:7Fs7EXWVcLhK/Phoo35mS/F0U///U	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\container.dat.jcry	0.01 KB	MD5: 6d37dc491c770d0d0b0e2c861151e3a5 SHA1: 2afbd3329f0536af61b30e1c6ccd5faf2ae02a23 SHA256: 0a689de830e55a325d24c7cfd28a5fa85218ca19294da7c4e06982e58ea72f82 SSDeep: 3:dD+f8n:i8	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.jcry	8.03 KB	MD5: 4a932fb4a8d03cfc4936e3d223ddd490 SHA1: a68402036442f1de6db0e998d83c6d2c9b912687 SHA256: 4bd8ad6a850cc2542c1863f08dc418e49907e4fceb9b697779a3b18883efb95f SSDeep: 192:lagv8p+vmvZc+Mkxzqmtbsz+xBYDk9uuifoxJ2:lBv8UvIc+MuzqmtoWaEb2	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	0.01 KB	MD5: 81ca2940ba4912f262f80d154cc35079 SHA1: c26fcf0a066d777c6321fb56d67670588c6a0e3f SHA256: d5ed11c0843341586adf0714a9a459b2c79c9c7a06fca33450bd92cc69e998ec SSDeep: 3:efc16:4	... File Actions Show Properties Download
C:\Boot\Fonts\segoe_slboot.ttf.jcry	75.62 KB	MD5: 33e9053bf17eb421b03ae6ead815a8f9 SHA1: 6db93f5bf4620e5aa8d7d0054794e765e0249e7b SHA256: bfe1a49618b6a4754aa8d86bc25cb1151e71dea9647516b71ebd6101628cec0c SSDeep: 1536:CvZMKMCSN/RvugwXtVHAwZPmyizR/Ax5Txc8QfGDkV32GJRxIwncN:CvZxMCSLulXfJZPmyEAxhuNfBPJcN	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png.jcry	0.01 KB	MD5: 2ebcded7197c4ef71a800ed624d5a5dd SHA1: 83e41a2ccef94cedd2d3484ef56d7361e06102dc SHA256: aa3398562e797a847fbaa53866e1eb96f9b538878df698f2d43a02af50bec8ec SSDeep: 3:XUst:E6	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js.jcry	197.53 KB	MD5: 013c28d10ab30ad4dd087b464f47ccb7 SHA1: b5f1049874d238650bb7e3d0b6a03bbad9dee6fa SHA256: b9903886a7575122fa93efac147e8ce2dd8b0823d959fffb4ce9d9182a3a7664 SSDeep: 6144:k5c5iPz7nMF093AK0dVF4RxprwPqueAFK/moYgm:ky5i77nhJ95knZFU5Ygm	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.jcry	8.03 KB	MD5: 1f97aba3b34b34c7fbc903e68e248575 SHA1: 77cbe37f936f9125888375e770ba0fc459481b29 SHA256: 5ee2d92ead46d2ef7a61f3eb6099a71fa50f28938dbba32f9151574acd2b6202 SSDeep: 192:0KtS+Tu6AlN8KFjXzL2EkKcOQc/Jh5CfnPsqWNTKgGfIUHPQ80:0bUM7OERZQE5CfnPxWN/G9HP/0	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_maximize.png.jcry	0.19 KB	MD5: 16cf4d04ca043277f041c9c5f55bc74d SHA1: 843013d181a724f7fe913322adc53f92e5d0ca6b SHA256: c764be927bdfa39022721ca95e928e8491d6dd30b32907d94dcacc4529795f99 SSDeep: 6:PLjZe+tAM8HzFCYLnw2xRmgfD+xrz+7efoHA9fn:PLjs9lzEYdHDHJg9f	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\container.dat.jcry	0.01 KB	MD5: a94016496a3c82712d23c4431f54b4eb SHA1: 0fa423305359c00ed7296023ccc65c35dc77b874 SHA256: e6ce4cba28cdb9fbfef34079c5f60cadb8ed2aaf9566dd7612790b5ec25774eb SSDeep: 3:IjZ48X:IjZl	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\5D19.tmp.jcry	0.01 KB	MD5: 1280cb6c8e210d95b1de19014d5208ec SHA1: 0a06083722df705f1e1d80a2be9af745734d2342 SHA256: 17d5c606d045be8b53e6230401fc869dcb43b683f3e0bb695758af251d128dac SSDeep: 3:NhwLtMs:D+T	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\eventpage_bin_prod.js.jcry	22.88 KB	MD5: 774ed4263d89a5eba80ea55350bfe696 SHA1: a8ada6b2a781c3534f5c0b8297bf75cefa97d10e SHA256: 6630bc46ec669f257a94fa2a04e7b24a1446daf772f8344476b46276cefd848e SSDeep: 384:fMPC+y2Am+UxM1g7wYhrURG5d1R2SH0bJrtjM3PWtjS7jot+4P7+nvqZlfb5+7mz:kPC+BZ+UxRrL1nSJRjMec70Qvul1Emyy	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\craw_window.js.jcry	236.11 KB	MD5: 981eb7c64c38c8854237a847bbbe0b92 SHA1: 99f1fc92abb6220e6480d79bf210001a752745a3 SHA256: d30d777fb3175df69d72bcd5210e60540a737285db1032b200116b97b768de87 SSDeep: 3072:ZpPnAGsTBvegcm5GQvYwg3ARw4p2C6pNBTwSocGroy0iTi1LFfqgwa7sIsiBJHkJ:/sdGgcqGHAz36pz3ocDiWJx7XbE1fpKC	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\container.dat.jcry	0.01 KB	MD5: 985730e66a5619e8abfbfe4ca7f73aa6 SHA1: ddf60921eaec81197dd044383728ae423ade89e7 SHA256: 21fd4f5aef7ec30a6d54af518297c05a62b364864903b4a284f75a016e01c7a8 SSDeep: 3:3YCo:3bo	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png.jcry	0.17 KB	MD5: 27c921d74b9d8123a1d1c50db2f93571 SHA1: a1d771cc27542f0f9a8bd7d26f37ef9ab3c02add SHA256: 9633a0b6292e7f422f019590fcb42d1e803c387e95146939421f324eca8d1449 SSDeep: 3:QOkb6zEFB/yJwVERtQROgOozlSafGHY+VHoJZGb+b+6+VqcdH6cg3nY+fWg5:QOkW2BVSHnFjah+VHoJobI+6+FH6RIs5	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\container.dat.jcry	0.01 KB	MD5: 74427078b8b19e371d7c9eaf5fd3364a SHA1: 5cb22670decea2e251d5f5ff4b0e6a81c811067a SHA256: 04a6331528f8d1854d3cd2ff78174610bb862336c85b3680755a63e00daadf76 SSDeep: 3:gi5uum:giNm	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VSMDVD55.txt.jcry	0.12 KB	MD5: 4bfa480d076176b38b71fb4beafc0669 SHA1: 3e7dfbf947efa29d3fc27148569b3dabdd0b9755 SHA256: 1aa7d6199db40d2d6806c2935527934307d67edb203993fc50f3bfa48a17537a SSDeep: 3:zp1XXS3nezfeg5zO2lcNkDD3OduS8+bdhvpXLZl+oFG39K+BkFmG/Ynn:Kce8zO2lcNkXOf8z398Fm6Ynn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\5D19.tmp.jcry	0.01 KB	MD5: 22c156b1f7b8d1f79b20265dca4e8c5c SHA1: 9faa19dd17c8043444e40687bc26842cf8aff1e8 SHA256: c3510d36af698bf03c0c4e9a67e1400918986b942f79d349f5a7e673f75d2595 SSDeep: 3:KBri2z4F:KBbzI	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\CortanaAssist\AllowList.dat.jcry	293.04 KB	MD5: b04bda5d5e894ac0e4037eb499fb949d SHA1: bc7701ee37011b5e291a2cabb5b97ce8e4cc974c SHA256: c30de594e68df3f29041e2da5a1a7e30e15d172f58f5c5d92232b1d8bc9c7b6b SSDeep: 6144:0afF6/yTFs5VF5b8hfBUTvQo73vtHLv3dyI8PgJkQ0a4NcqZ2:08TqVfohZ2Qm39LvdlXOa722	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Microsoft.WindowsFeedback_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.jcry	16.03 KB	MD5: 936155b44f83af279809d6f14b5daa0f SHA1: 7905b07b016f08b56cc8de70697f82a4eedf85ae SHA256: 110eb7ca8c3d7d3131fa1a5c77c7754f59755b835641251658165e3509e3da22 SSDeep: 384:uWF+QvjO9FYuwno11lBGSCPTHjBoVUIQBu8TDbQrpzTqTfb6ZUCKqyj:Y24SoTlBG1TNSXr8TXopHquyj	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\cast_app.js.jcry	136.49 KB	MD5: b2b3815968ef43b215b4d96ea6ec1991 SHA1: 19db033e37283523f7bd9acd94d697ba46468f41 SHA256: 41f787db7a771df3b8b61dd06b8d8d089e12560fe1ba42037594b2e1989f870e SSDeep: 3072:/JFmvU3zrDP6tvLlWONNVv7Tt2WLpZke7f1cnResFII2nJu8HN:rmvUDrDPaWOdQC7kmcReEIISrt	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\YZLQLSKF\www.bing[1].xml.jcry	5.96 KB	MD5: 75133bde666c7bb56927e4954c565c1e SHA1: 85fa4162d39b909ed1db0884a6791272fb5804de SHA256: 06ff2b4a94b4497684576d15fc08b8f132eb59ddaa15a7a3442ef9a9ece5d323 SSDeep: 96:Wej88HPTZVDhx7EIVmEqawI7moU6k2/2PhMZMmYijk9NMvz6FcAClzYScuPFLnpU:WezHPTZVtx9V+2lYMMmYgWujlzP/dtXk	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.jcry	0.12 KB	MD5: 11bdcf25631dbaa7df9a520408289f22 SHA1: ab316272e29f9e3014d70be198b57a7168ff1919 SHA256: 49d0be8d917f190d195cbce01c4f282ced06bbd75133d65983d8538635cd4f43 SSDeep: 3:kZjPK3sYnzXBFC6ewL0BiSgjgNgP/BxJqYydE/L6qUsqvcQi54:kZjonzx4Ne/vOE/L6vTc354	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\container.dat.jcry	0.01 KB	MD5: ff5029093ead29f1fecb97edc361a504 SHA1: 6221e845abd1e47cee039a7b46740313e98b0e3b SHA256: f207bb7eb2d6e4bc1f7d401c7da012f89882d62a32a46b8e1d5f27a18675dae3 SSDeep: 3:4wlkdn:462n	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.jcry	8.03 KB	MD5: ad64bf7c1d6f55e9a92e9e22d58da10a SHA1: 6fe203657e834016a9de321d1fd218fc1058b49f SHA256: 900a6e6cf97b42fac39b832d3c8c9dccfe9018152639824a5bd38ea004ffcbdc SSDeep: 192:WfSJx4mQySTpsXvuGSBpyBe+zIOHNb8Lfz/kvDLqnX6TdyTo4xf:Wf4nQyEsXmGSBv+0OHNwfMbGnCdyfxf	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_route_details.js.jcry	232.61 KB	MD5: 102ef276efd30915654b6075b25f2ab0 SHA1: 95ca7546211ae2ab7703c05c830b910744648fff SHA256: e5bae15a47c25a387c48cb98a09115e6185550bc17793e06cb0d74934c132b57 SSDeep: 6144:sJ8FKNx+GfWNERtZAlYaD7zPCR7E7P7tLzofdh9EiD:hkNx+JGO3zP6E3JzIvHD	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js.jcry	18.34 KB	MD5: 7573e984c6dd4c5c161e75527de1f973 SHA1: 6fc3119fa074d02fc59c215eaed7659ab69451a7 SHA256: cdd2580a14eec9e669bc8171d666b8a60bb4693cb26b841f6cee55975d0c4296 SSDeep: 384:kAKqEFRBaTdToNCUzL8dHXAuigNUKVECD8As89U18vZinuKu4O3zE70L:kAKq6fDzQvLUqB9zd	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApiGroup\container.dat.jcry	0.01 KB	MD5: d6d0e69fb9f629945db05d32ca6090d3 SHA1: 701d82388cdd58935addcdbe4e986c87fbc060d7 SHA256: 30a31ab6cf6f0f4971d6fdbb30b1a97fbb8c4d1767d51891fdfa11e86c3fdcbd SSDeep: 3:RaYn:IY	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\History\container.dat.jcry	0.01 KB	MD5: b1f3b0a6f695a69ae1aefc005cf3d481 SHA1: 50dd00a1fdc9bf0941df0c0616ccd89d77e6857d SHA256: 0ddf083ca060186592f0e3dcadf2d75d1badada5967c709ffbc3b32253d5ce77 SSDeep: 3:0tNAFwRD:ql	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\5D08.tmp.jcry	0.01 KB	MD5: d3721c0fc5a4156f2cf53255d1536039 SHA1: de1f66c3e03b08f6dd1f304c4d0b6a6e4f48fd43 SHA256: c9ab8b921849223557756673cbfc7d06ff12c784b12a482f2e47bdffe8ac401e SSDeep: 3:siX:F	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\000003.log.jcry	0.34 KB	MD5: 2b63a2b49aca77415ea212b143883faa SHA1: bda2ab3c1cd416994afa3a8df66492e81e614d1d SHA256: 56b9f7ecda47e2c15c52b0fe19866f0d7e9383edd16886c5bcde2d68de8656dc SSDeep: 6:0pD3tC/dUQTSYzBPK/Cie+rhF+jSzIY6MC6TRqfF+qtl+VrzrKa54pfFx5xDTs9r:ex8pSyK/fe+3BIYfRqt+qwqaUDWAw	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\container.dat.jcry	0.01 KB	MD5: 1ef9a8f258054773d9a653c753e30046 SHA1: e64e07d4a306a211bf9ec9197e8a6a3e544f8012 SHA256: d11c1d3f074f1cbe06838764e7bdf7c743f073b2524754c3599e96214f7cc64d SSDeep: 3:8Lfwqn:8L	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\container.dat.jcry	0.01 KB	MD5: 61a3515b31081139aa704f5b85ae3210 SHA1: fc645f4a39bfebcfd57e7b57b1219be791328a58 SHA256: 89f5f155b6c70f03c5830300efba720b65528131db6e4aa29d8d88d34e4e4d91 SSDeep: 3:9Nj:Hj	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatUaCache\container.dat.jcry	0.01 KB	MD5: f74537192e26a59f26ef50589b8c79d0 SHA1: d7b7689e6c09fd207c0b45eaf6df1c46f0e70536 SHA256: b78e9becc922c9b225ed41651939971ccfeff77ad853d3ce20c04981a1336d6b SSDeep: 3:7hc:7hc	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\cast_app_redirect.js.jcry	0.26 KB	MD5: 8bce7373d2e44c8b128250c5e0e7b7b1 SHA1: b83c1593e02e0c985928182d22a43e387062e293 SHA256: 26a75780bd1b603d5c27414861a544d2b81aa0c2d4d475d717606a2ae8d1e9b2 SSDeep: 6:XHIBiIgioRQ71BLWf/VHmUfS7RHBFmKLhBe/1steNcj5OButI:XuioMGUSBFmg8szm	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\128.png.jcry	4.89 KB	MD5: 8a6d03e4c34dc926443582cd12705743 SHA1: f7d00acfec5c3e0ed5bd4b45546ce0097b4dfeaa SHA256: ed8a554a65c43e26628fb64f5942c7e51a314c18c8c4612821f6930e00f2f989 SSDeep: 96:udFcHrxLFOAzrHyL+DG7M2CfJ//9v2KTbzDvu5XyqHJxiDdepik:udyNLFOAzr/DG7M2C9F+YzDvupyqkcH	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\77ec32dc2bee35c0b759503a76ed5b66.png.jcry	17.22 KB	MD5: f6f855540ffc709c0f0736eac43796b2 SHA1: 52c81c4f662a6bd13565bb29f85adfe3311022ce SHA256: 99feb629321a9dc579831dd8594d3966fe2acff707c6c5e118f89f4a6505d18f SSDeep: 384:Kx5apHKJOhKG4UGil0ix9vEmy2LScPCml0UiW2hwca7V2S:G56hKG4LKxNyiSHml0UWmsS	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.jcry	8.03 KB	MD5: e137f50f8bb27bf0a3555bc8b3907b85 SHA1: b9c32a51337b009db3f08b5bc6ab4b765eadb7a0 SHA256: ca8e887bc6a6edfdc8ec1699f3ddc8bb7b6339d0879e6503c16ceeefbd9c676c SSDeep: 192:gakGDSOQW+VL4+pqSD/eEeBWLCGK46b5AIxdeyxwWIpZs7z7YNA:wKSTWuU+Mu/heY36b5AAgfZsfUW	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\51TU1403.txt.jcry	0.15 KB	MD5: 4852f378c38e402f7c9827b85c34d709 SHA1: 41b119d2bef6172884b81c803ff787d1d47930ce SHA256: bd18d58719353c46f0967a769b4043aa42e60cc0e73944c6525c5abd5bd7bcf6 SSDeep: 3:W6WlS3fswLOkClS9i7ATtyZXLe9LCbGhAkX52vOqBFun:WlEfvs4LQ7iL2dkX5EOzn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatUaCache\container.dat.jcry	0.01 KB	MD5: 877f35bc4e754b616f1287445215cf3d SHA1: c8bbab1f4062772e24d642c8b6085bb50cb37d52 SHA256: 73ba82c07cd53a88e41d4940fc376ce1b03836c33944c74cad836a1c15edde6f SSDeep: 3:NPz:Bz	... File Actions Show Properties Download
C:\Boot\Fonts\chs_boot.ttf.jcry	3.52 MB	MD5: efdcb1291ba39a2f6084da821a7b1e1f SHA1: eee70e0b9577880bb787cab2946c3e265571dc82 SHA256: 212cfd2f90b53df53277ea7e892279a7a1a4d8e319302165f34c0e494ff9760d SSDeep: 49152:cjxG1C/fZLGVBB37wX2wQTZYGpxZ66/9WHrSGjwe18wGHLuRapXtb:ET9GVBM2wl8xZbkHrHwe1auRa1V	... File Actions Show Properties Download
C:\Boot\Fonts\wgl4_boot.ttf.jcry	46.37 KB	MD5: 07c4c807ccd22c32a8706dfaa0b62bff SHA1: e2d02d6338b4a56a08a3768e0f529dd9df461568 SHA256: 88a8e153ef01e5013d33d30afc0244da615930bebc03fdcd2ac2fc1a1296ceb4 SSDeep: 768:HF0J8IpmC7U1aTuTfCmnTydEDcbO1k0HaXnU8bDljNRdT06kIm7UF/I9:HmK1aSDCDEDmO1k0HaXUcHR9VjmoO	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\IconCache.db.jcry	6.00 MB	MD5: c3619e2c866b937215fce89d16cb2679 SHA1: 554732ffc52f1f3b2f2922ed3ed835d5399a6317 SHA256: 3a8b32edf88f226ad04d841f75afd7bd080a3f89b7bab03b13e22ebcc00c8bf2 SSDeep: 24576:96UVxvpOAzbUorAz/8qDZ/e+o5c7cjssawZEmCYu+bZkNq:96UVxI8UhhI+dc14wbKI	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_hover.png.jcry	0.18 KB	MD5: 0e5a5a4e285ef1c54c975f9ec6bb8511 SHA1: f2798120a58d8eca8f19a6547312d731f6ba86e8 SHA256: 454942ad4198bc17c1f6be501a25539b89a71bbf62b5d38cbf3d3eaa0eef2e39 SSDeep: 3:l+rvbjXmDvzQWxxVM029sxu2QPCwqsbiXL1zIHlT8J7Wm/nzKaBt91lQORkKtGNO:0brWDKd2xu2QPCgiXL1EH98J7Wmvz/xt	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\IconCache.db.jcry	2.00 MB	MD5: d5e346031b1cd2d2d24b21d9f26646b3 SHA1: c9ca6a671ba097d1017102e16602f3c99bee70bc SHA256: a49e57f2863fce4c15cef3a409f9b979b625a1093b364f9f7548a5070b3010cf SSDeep: 24576:96UVxvpOAzbUorAz/8qDZ/e+o5c7cjssawZEmCYu+bZkNq:96UVxI8UhhI+dc14wbKI	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IEFlipAheadCache\container.dat.jcry	0.01 KB	MD5: f6ef7f5b03ec9c3ee2651e9b44ea3224 SHA1: 73ee699333a32d3d2d10e317d4a69f9a92d5a289 SHA256: f3133460ba5ce3ade7044d3b6a55d29f2eda8f3922f3c9df81acb1853ad6330e SSDeep: 3:iIWj:iXj	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\5GJKP08H.txt.jcry	0.46 KB	MD5: 6bfda9940655d8a8bb4d92e6c55dcf3a SHA1: 23a1ae0090a67431b13123667e287f6f979db004 SHA256: 89cf2ff0cfc2ae71ba423189840423dbcef85b203521b494163c800fe82673d9 SSDeep: 12:b2hGrwI9iPXGw4X37zSpXCG+8HABZLuj7eSq3Q6cLWIgGa0:b2hacGw4XL2XCWgjijBpaIgGz	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.jcry	8.03 KB	MD5: 342505284b1bf46b99b01bb60fbdb2f8 SHA1: ecde31159fc7c59dd9b17a45ea2ac492134d316a SHA256: 76203151fdd65773867335f507ab2174da56fb501b1702fc8d04cb2399a9c8dc SSDeep: 192:9RiPTQB5F1cG2ZSblaxbQ2J3ip6n7Ii6wf+ea9sh3BdC:9RLn5bKUE3ip6EgSAi	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\AppCache\Y2EKXLK8\container.dat.jcry	0.01 KB	MD5: d1d41290c5088ae96bd862fd34cd7f5a SHA1: c8efc69d37a14d3f09dca639f226ad6008d1214f SHA256: 898ffcceb19fe0018f13a710448ad09da8c33c476fc02841fca145730c5a84b0 SSDeep: 3:zV0EZMn:q9	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js.jcry	122.45 KB	MD5: f6741ab1611bf56f4dc596e5af6ebfcf SHA1: 88b6b4232cc82013f3bf90fd5573c97fca9ffa00 SHA256: 0ef93383b97cfe324152197a5814735e8cf34a84ce7934171734dc8f3a1cbfbc SSDeep: 1536:TRknT1UB20Dh8pmbQJgU5ZwsH4JiySAwPp4srFLTEK7xPbBx73iaqlxjU4Uy:TRyUg3IbQfwFJi3xR4sxTbbx73iayxVf	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt.jcry	0.23 KB	MD5: 7a39f350091904b92f79dcb6ca58b4a3 SHA1: d54e0aa937977a3254de742891b3cbca6f76ea34 SHA256: 44557c9442f82fb4816e38144bc4296a38616898ec808c771291545559e61f2e SSDeep: 6:7gqQpPbxT01IywBlKcVugiIIJ7zuxuVfvVPs7Ykbn:NTWEBN5zB0X	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Microsoft.BingFinance_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	32.03 KB	MD5: 71ba1c4c366069c433c67925c7761079 SHA1: b1ba1698a23987dc1e0bcf067ecc809667f0a848 SHA256: b18a63f0365e18ad2d002722a49f6d4ec0ebaec78720089a5f13318bc3246556 SSDeep: 768:ujWaa9Ntcgahp1NE98y6ztBDnl3XmBKDMCUBUynF:uKaa9M/S9H6ztBp32B0MCSF	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\BingPageDataCache\container.dat.jcry	0.01 KB	MD5: 269a15885c721da31665d033ca3cb6ee SHA1: 560b503103bddedb3d9151b87c9283005b4af273 SHA256: 7baa35aedf42e1ca758f1f4e77d4a637892bf85c32a49014d1ce205d36342858 SSDeep: 3:ayH2o:5Wo	... File Actions Show Properties Download
C:\Boot\Fonts\meiryon_boot.ttf.jcry	129.80 KB	MD5: 2afdfe3733af6dd3df0e50d769a2c2de SHA1: e2dca247970ca33db9e8bf9fd62d852fc4c645b3 SHA256: cc08af2f02a6ab3c4cce585cbd4e07a6e22254f5fb4a3096eb73439930465166 SSDeep: 3072:hrXwEdHuCWDbUagJfwF5Zf7rYktXkk/+PSjuIx:h5dHlWD/gWF530ej	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USS.log.jcry	0.01 KB	MD5: e14b6e5b65acd5a95a3b7a5f1b5175c0 SHA1: 0455a535a31e177af7ca9b02407f5e89e3a7848d SHA256: 3bbdd80e5c892fe97e38ca2ac7500bab517a8a4e9835e96b09059f8f5df6fe73 SSDeep: 3:8jbCbsR1:831	... File Actions Show Properties Download
C:\Boot\Fonts\segmono_boot.ttf.jcry	35.20 KB	MD5: 341f51ae809d6b4f27085aeece978938 SHA1: a14845c14c32214ad46e0607f36d3dc850a4c2f4 SHA256: 25f9709075614ebea1b3b50f16e214dade8f672b72cb23bc2a9ad3679996999b SSDeep: 768:nICmadMFgr59VpajTXVdm3vDivOPLJYNBccVwtQ51eiLgW6BxbHm:IC1aFiQjVds7JPLJajSK5pLgW6BxbG	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\AppCache\container.dat.jcry	0.01 KB	MD5: c0b6f244c3dd43bf391f788c59889ed1 SHA1: 661a4e58a396a74d815cd54f9cc723249bfd50e4 SHA256: 16a2745aa596248455674dd0992dfaf51c156cd6fe6784050ce351d23e5558ad SSDeep: 3:qP5fR:qP5fR	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_cast_streaming.js.jcry	31.08 KB	MD5: 7cbeec64f6678f2127591907229d290b SHA1: 78dc050f9deb55591678a65a6315276e903e9d14 SHA256: 8f54c582eb3f6ab25ece8d65027e01dd45b6cd566af393fef0c39ebdec719943 SSDeep: 768:93zZo/PBTHdQNy4SVOCDf+rb0vxd34gq2ktGl1Yt2Ju:91o5dQNyDVOZwBktcu	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat.jcry	8.03 KB	MD5: bdbc1aae99a2ae94178ec419565b9464 SHA1: 67d18b57157b8fdb65c5b7a2ac327bc6025e0146 SHA256: 48ce8d082df0e1abbfda58565a9da5242d58f0c15ab95218cd52cb7a6f9211e1 SSDeep: 192:+TRoKSGuRFPVizQux5Tyti3yRu3x4FQYDt8jyDmo4fV9:+TOKSHFPVizQO5TythRuBSQY6jyDmok9	... File Actions Show Properties Download
C:\Boot\Fonts\jpn_boot.ttf.jcry	0.01 KB	MD5: 46aaa5a7a20fdf5847ad6e3471ec12cd SHA1: 4151c24586bcd09331b05d91f12d2aa5839b310a SHA256: b345ee795e0fbe4e0d7ec8ebf3131503db332fb8139109e2ebf2a7df47385775 SSDeep: 3:K1yo5uy:K1yoMy	... File Actions Show Properties Download
C:\Boot\Fonts\msjhn_boot.ttf.jcry	149.34 KB	MD5: c0e42e6d6476cbb49f0cffc732ff3631 SHA1: 8e4f2f136ac8590e7b18e2a7a7731b48adffa06c SHA256: 51fc39663a388dc7f4febff0c5a8401d3f09f33d141f3eab0123e94c376a0372 SSDeep: 3072:ScjcuriOloeX1lGQzJNcDRHH7tS5/UivQrta+zp5TRSQ7jousPCLqbuVvQ0uIKuk:SmcmlVX+Q/clIciYpzrT0os6SExuVgeF	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Microsoft.3DBuilder_10.0.0.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	16.03 KB	MD5: 32051303d85f437f146439b7cf211849 SHA1: ebd28090d6923f5b5c78501fcac5256a1e548a28 SHA256: 319836588f4bec3f3a310adc4d4ab60ccd0c83b3df45197c7081004a22216b40 SSDeep: 384:CVDAL0y/Q9Bm8LHO84X1XDFIYIWKeJ6XS8JnU6N+AIP0:WD8NiuhXOeTMnUA+78	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\container.dat.jcry	0.01 KB	MD5: fb066d80d08f3788d1944b43652be150 SHA1: a30c690735de3fe1da14a8c424aa130cb1bea7e2 SHA256: cc77df1d804b624d57b4fec91b17e9f9aac63a872ec488cd1c0d568a1451bd03 SSDeep: 3:RaGVN:Hn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\common.js.jcry	0.01 KB	MD5: f497df429dc8a7302df7b95e643c1338 SHA1: 4fcdd39ef3e67bd362333f5b7710d741ab439b94 SHA256: 3edc89d85eb230170cca34745a3fc46f872c2a0d237e25973c89876f06242c68 SSDeep: 3:g:g	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\AppCache\Y2EKXLK8\container.dat.jcry	0.01 KB	MD5: df345f385fec3edc580a55f4aceffe89 SHA1: b2b588830d6cf71686c4b093342bb832724210b8 SHA256: 763b0c0fba68c660745d3d952206e828e5c79f9b9470e1ca1b6389dde356b8da SSDeep: 3:AsOj:A7j	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003A.log.jcry	512.03 KB	MD5: 00b6dfda5f1613e6315ae21fc88fd1c7 SHA1: 7fd9fa4d68499d56510820a3adabfd9cf490dde0 SHA256: ae7dcd9f5626a64894fec661d50a3e62887c807942af0076b9ae28d7c50771fe SSDeep: 12288:xz/Lv8TGS6ui1QE1kPycTFXU/9gphbx8Ir9bvCNvOK2YI:x3NRQEe/E6Bz96NG5YI	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\container.dat.jcry	0.01 KB	MD5: e0aa727752df98413a1a62d45bece346 SHA1: 04a7b05767c845ec478ef6e00954461cb5c3e2be SHA256: 9f735f24f9befd662d183bb38f48d90d999544896955c14b466e4ee99cb90d22 SSDeep: 3:mPm4xyl:mPtx2	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log.jcry	1.25 KB	MD5: d88cfefedafd3e6e4822934b52e24b08 SHA1: 69a4ed25b85d9129840f81a7864ebb51f1f1d675 SHA256: dde9c36cd452ad55af3adf1a4e94ace28c3698ef32c79d6cd0745f7684b76cef SSDeep: 24:rQuRGTpEIIKYOuWGpvn/QF4JpHbD7T7Ave8S1wHdlXNqtDsi9Pw3panasx:8FTpYX3pvnYF+p7bR8ndlXNqtDsi9n9	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Microsoft.WindowsMaps_4.1505.50619.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	64.03 KB	MD5: 0b24b020f1d5cbbdf9e4bfa52f42a189 SHA1: e5b6cc4c12c25391b74e43e3750a55cf5b3ee1a3 SHA256: 9f1d7bea7dbdd247a8152522eb36a70f27d67010f1db6476500d5c71f94e2489 SSDeep: 1536:c9RsoZ+DTzai5/dEVViIt0cKYR61AdIVKNAbyrUitQ8B0U:c9bkP5/dwPdR0AdgPbAtNCU	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\CortanaAssist\AllowList.dat.jcry	0.01 KB	MD5: 4dc115042d6f1f5dfdc873664faaaf45 SHA1: 7b215da1f162e7fb43f0f11c5c52f4395377c485 SHA256: cdfb99a8e5bb359ee5f05221546a93e3997f29409ff4562274630f5fb50bf034 SSDeep: 3:PZwqn:pn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\container.dat.jcry	0.01 KB	MD5: 9d24feee377d9ddc827c45672fd46c17 SHA1: 1d82ecfbe5d593eac6df619b6272d3dfbf9a5301 SHA256: ebe05b1f16952601c84a9670797fcc7ff6a0be983bdc509c4b2b9af876da127d SSDeep: 3:cIrz:vv	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cloud_route_details\view.html.jcry	5.85 KB	MD5: 70e113ccced0899fd8f44b236525a99a SHA1: 2c80de36e22b36d2cc0ba865eeeab680e02351d9 SHA256: 345eb31fdf5758c1ec32371206449aacf14252c6cc66fc402b419f68125c5546 SSDeep: 96:nOKUwIrlEdPopWGSaVk6L34LznjKnC7dg5/td:Or6bkyznWC7Ktd	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\craw_background.js.jcry	0.01 KB	MD5: e6246b4f2795a3c5e0bdf9a180c63901 SHA1: 6fe00e38679bb9ea869cce55e34b0df03b0da493 SHA256: 842d689d08569137f9b09694450a7a8f8d7266d1a0af1132d1c63fc0344fa064 SSDeep: 3:vmPhO:2o	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat.jcry	8.03 KB	MD5: e8535a3044bd9daa1ba6045b2cafd866 SHA1: 6f25209b030c868aec295b3a86dfa437645f46b7 SHA256: 99e9bef8c3bdaceee32717858ba5c10082a7cc29d81bcbd39a517278cd36a927 SSDeep: 192:v/LDlsj6SmHcTYJGFxtOpABQMUUyeQ13DlT0DrYINMm:rBU5o/w3BqUXQNVC/NMm	... File Actions Show Properties Download
C:\Boot\Fonts\malgunn_boot.ttf.jcry	161.91 KB	MD5: 096a7451d7fa7739b6e2a55e0b1c63fd SHA1: 0af7cabd5021f03910b4f4241670e6d0ce8a87a9 SHA256: 0fdd3bfffd929c6aa7c64b690abe65ef5f83315e63e0840584da25dbb89b632b SSDeep: 3072:C/aBqKe7VwSEHZSMh3FK5NGmeB9HL4ijLy4QrdL6rdZZbb/N+6nBIxXJIFJf:C/aBAwSISMh3sVeBVLNytrdL6pZZbXa+	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_webrtc.js.jcry	2.34 KB	MD5: a1fbc0c5e98b34f8a5269f571c801065 SHA1: 215c5dd2bec8255f695891275bde2a04606f1c19 SHA256: c574081c8e9b8ab42617285fc1b00d60862a71a7f49991df5ffc7c6b0461fa81 SSDeep: 48:tio1Dp6cR2INVjmcIJfCcxLHM7wr4TVG//fA1BYBNqGQo6SX8NHMTws8:t51DZNVacIJ/5M7wkG/wrc6+86wj	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\container.dat.jcry	0.01 KB	MD5: b6ca8fd8c92ef9baed39c496593ef98f SHA1: 311d4c6ffb2c5cabfae093c1ef312f21ea2f559e SHA256: 71aa76851907abaa36b3b801713889131fe8962f5d0c0c4d33cebe6414d8937e SSDeep: 3:MUR:v	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\Temp\CalendarCache.dat.jcry	0.05 KB	MD5: 4ab7822388c4b52f751742422431b890 SHA1: 18701d03fb6562a313fe26bacd0ce10f31f25cc5 SHA256: 651c82ae4d912617016549dbd3bf86a5cf5f98a353fee0bdff1232c3861e68bb SSDeep: 3:glxxuVUbcwAP:glxxaQcwq	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat.jcry	8.03 KB	MD5: 0056d35f55cb95c5277d26449fb22aed SHA1: 9b872ef7454a5f068fc3361f9aaefea4360b9247 SHA256: 3b7968d052bd50c1cdac2174eb04d3eb76f92b0020593c140353493828afef62 SSDeep: 192:YJRc1IfKvtm9RL8wF8ztoC1P+N4LOPYVkrYvTNyP9:YooK1ygqK+mOPDhV	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\UserCache.bin.jcry	61.95 KB	MD5: a87daa69837c361c42c8b55cfca2ca0c SHA1: 2d03ceea1c7f7a1b20642cedab34c6bdc969650b SHA256: 30c83ed2d770189be1abceae5641657417c3d56775b46d56a41239ed9057fe99 SSDeep: 1536:bQHK1PpH24d8gSbCGRB791bTscDdwadR6UGe19djb12L:bH1hJeg5g7VRwadxRi	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\zinc[1].htm.jcry	0.01 KB	MD5: cc7b9acf0863ef622cba7b04cfc11ea5 SHA1: 6f01c4517590e3c390b83c975bff97f528f2835b SHA256: 448e145f77f498a20f22930eb1ee97374a3952df2a733b9d773d04f3a930496d SSDeep: 3:+rzXn:sX	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\000003.log.jcry	0.01 KB	MD5: e8cbdd6ca1c79107ddf68d3cde3001d7 SHA1: e5af0363d70d40f081df4d06db38d32508584580 SHA256: ff77148e301075c41643f0bedc9bd5ba22ab639e4f1e2f71e9fe9ae71e2bf381 SSDeep: 3:BjmRn:k	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Microsoft.ZuneVideo_3.6.10811.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	64.03 KB	MD5: 1ced3f0e0d14dd07bb9ceb97c123913f SHA1: 2d341518c65fbf4aeaaf600f35d9152f3ddbbf76 SHA256: 6a5cde76e9c020e668e44c7196ef64589dfc8301cc5c348c28b6f8e789688483 SSDeep: 1536:bicHWnJrE21iw2UNoIcjmf6ef9gH00eQWi04ZSf2vhv3gq0:WcHl82UBf6efX0eS04ZSf25m	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatCache\container.dat.jcry	0.01 KB	MD5: 157f8913356d2b2acd96bc307cc13874 SHA1: f689b058bf71c2164aac9dfd84d55da7b2af52be SHA256: 832c85f72932060d80fec5b068ed8784b9c2bfe382051e82b8896dad2abccc08 SSDeep: 3:IwHp:IwJ	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log.jcry	0.01 KB	MD5: bea91f5aed7dfd3153bdd1a3776e35e2 SHA1: 876afaae88e397f998ad363529e407c9e5569452 SHA256: 8404ecb21923f3e60b136f8a93439ad5ddf71902394a5fe9a4e01b82a76d99a5 SSDeep: 3:+HNje:+HNa	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.jcry	8.03 KB	MD5: 3294c116356a7f12a1db55996dc450f7 SHA1: 566df686c3f49dc8b84833692d8d643b881386fc SHA256: 446dc716d94426cf2a944096adcee85caef1729e2bf60e27e14d45f52f46cd1a SSDeep: 192:Yj8cnq8Uci3OHgUZBQiEjH8rHGWrBN0uQlySpQ4f+8:ABq8UcmOHgsEUHGQ0ewQV8	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\3727cd16[1].css.jcry	19.44 KB	MD5: f0c4740e79370df3e99e12d7bc1a9f66 SHA1: 387b292a070ae1b70b6402ba127c9c4727043de4 SHA256: 657208d579072da35cbcc3b49e47961568135f0c8fa9a842e699c47f951a7845 SSDeep: 384:2UP4WBfXxF4T595FTxTUeRF8PjieFnwJJiyJ2wb+595OjznJ:2UQWBfh6F9HxAeRF8PjxxwJPpWmfJ	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\d11fd6a0[1].js.jcry	22.50 KB	MD5: f6465ba2e63b043ac2e9ae5a607b7e43 SHA1: a3ee6748ce4dd0df98f8e2f2f5041fe1fbede132 SHA256: cf1b01def42288118ff26638c7410da736e0f63f414e1f7409063125c9b11bc9 SSDeep: 384:7rTLJelAtjwIqQxFKM3SJRtvTLIhHvVBc1VMw/LsvhZxyIh80/BX0P1eGkw6n:7rPolAxhJxQi4/2dBi/MJrm9nkBn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\History\container.dat.jcry	0.01 KB	MD5: 80eceae2c585638d2ef996380123dc1f SHA1: 2e1b70d218ccee75ccc86768c6617ce434aa3962 SHA256: f129822e76efee0635ef9d39bdfeb6714a964feb2cabdaeee0dd5bf881e1944c SSDeep: 3:wF2Hml:7ml	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00039.log.jcry	0.01 KB	MD5: 1bd6864040e01e23775c240f3335ee46 SHA1: 3667c4371a2540b2ae3aea08452308bda2207937 SHA256: 2086a07e96bee2443584187925a8ea6ba24466751fd12abbc9c3ea61fef291ce SSDeep: 3:ADd4:ADO	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IEFlipAheadCache\container.dat.jcry	0.01 KB	MD5: 15a4105daeed5918f623f55049b6806d SHA1: faebc95933951a3a3766e426051139a05334442a SHA256: 02fdaab29e9b5ed1e10f60388626e83d2e11cb06aa7ede677126c950341c8653 SSDeep: 3:9SS3Hbon:gS3bon	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\container.dat.jcry	0.01 KB	MD5: 668591fd8479ee0e3e1aefcb9977b4e8 SHA1: 69cc89b42d960c65cff4662eecd55d3c324f4134 SHA256: 3dc9cff27aa14537d5cc7c17c19b57eaacb1d8732a8bcf62695526c1c412776c SSDeep: 3:7Jn:d	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\background_script.js.jcry	42.18 KB	MD5: 6215ec41b8aeeb761734ae24843e9fa8 SHA1: 9f1c257fd5d445378006a2d0318e4e0c1c8dcdc8 SHA256: 858f0d6a64ecd1fa78ec6f6d98693b9f1db25930aa38f4c000ef99286acd64d2 SSDeep: 768:LOwTIQ9+M5Td7294JUJf4Tv+skCRND+uAh76AWVCJkAx+lyxM7eryzWTzkh92:WQ9+q5a4OJf4Tv+sa6AmCJbFxM7erj1	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_sender.js.jcry	51.55 KB	MD5: 6349a2c8c94afdf17479335f5a0ed324 SHA1: 15d7aba33e2ceca803bc07b00372c1a9fe83a39a SHA256: 1c07733b84014db613b246820de92ebd871baf2ce663e9b93a360ac029cf0e54 SSDeep: 1536:dqq1YXkqHjpZHEtkA9DnZmBhzYI/LhAygJ0O:X10jTZA9DsBaapgJ0O	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Microsoft.BingNews_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	32.03 KB	MD5: 52cabe735285981a239b43e1f61ec009 SHA1: 3bec48163fc91922f2370a10b617129eeafa8969 SHA256: d3eb6c3e68ad7bf869d8779308edc64eabfdbace94511cf3777740d946f52395 SSDeep: 768:wjsGwwIpv4gCb+yOvoJ3G7TCioeOnGOX2Dj+KbEri3Gd435qN2:w3wwIpt/vos7TCioeql4j+45Wd05R	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\128.png.jcry	3.35 KB	MD5: de2eb8382b286c246eb3c4498aafc4f9 SHA1: ca0f9e914390577b1a5b3a09ad973f1cd191c3ff SHA256: c84b379911e253694bb4003ef3f59f38a0f27673f01e8cc488109d98b40e0b22 SSDeep: 48:kbBe3yDGbzx0KpQRwxQJl0SRxivaiVUN8wxEJfahCZqGaHGu/Ls9z0J3Lxtb:kbB1Dizx0LlpibVUNVEJflTbQYz0J9tb	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Microsoft.WindowsStore_2015.7.1.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	128.03 KB	MD5: 515d051dcd0dc673650ab0fb1dd94560 SHA1: 45af40f593f8c046c0d1090289fe7f88d84ea6b5 SHA256: 67f51654679522698807c950bbc93347c97874b1048de2250e34f7f348dd9443 SSDeep: 3072:h9h90pF7217GdsJHoj/Pu0rJuQQVEnf/s061cLhK28szMoe:Z90/217GSJHOPtrJLRs061c1K28szO	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCookies\container.dat.jcry	0.01 KB	MD5: 4fc3352ae7788293c83b51d1f0350e0f SHA1: 575b600dd992a88296550cf2e594461fb7af380a SHA256: 32f15f5e1a4a9bea2e3948a80198ef47d6dafcc3fc9bef8f1c2bc1a38f221ad2 SSDeep: 3:f1:t	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\feedback.css.jcry	3.06 KB	MD5: 9cdd6afc267d6f0a2a70e5f393a1c56c SHA1: 949bb556b3acbf14ef140b49762ec0659df94b82 SHA256: 930bdf4c005eacc35cc4a5c1abc0d1af891a78f21a4b46466de5146d9645cbb6 SSDeep: 48:pdY3qN/1e5DjnCZvUlbBcX3HF5jFzTDwoVlgTVMEIclM66ubDq7pIkoKVZ7LSa2:pdtqlAXJ/0oDgTVMEIsffq7KkNZ7LS1	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log.jcry	512.03 KB	MD5: 35c4be0c3cf8631212b98314ba9cf17a SHA1: 0c2397e60054fb313c38216a75ac670c13c0eac4 SHA256: d7f64c593d3bdf2932ff2bd19cd202917ec991179d25a402f239913efc917fc1 SSDeep: 12288:MkgObojzEgjjEcD2DJs96+TQsz8MaNJ2SrVjHkyGFsJDnvriy:TjgjjFcxAQsohNJ2uEywspnvriy	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\container.dat.jcry	0.01 KB	MD5: 4f8f872b1c0c5462aa119bad2b4f892c SHA1: 5e978673cb77c9000a8d5102262b7b23f6fd4828 SHA256: f32af8314b17f330da113da66e8de2753001e8263c7eaa6f14cfcbd2da837350 SSDeep: 3:py8g:pyx	... File Actions Show Properties Download
C:\Boot\Fonts\msjh_boot.ttf.jcry	151.29 KB	MD5: eb9fa568b5beae71589a017cbbd1f5af SHA1: efd893cb17b66567edb1f07749ccac242c90b477 SHA256: 6fddabdd9c0e7062dac0dd7992354db0ea7898ac12fb7fe389889447aa06823f SSDeep: 3072:Wh36/NWuenEoIHGTsLZnE39Dr/RTTYpcvt/PMEKoCyuNDTK8YY:WqNWKoImTsBc9Dr/RTTwsPMwOTK8B	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\angular.js.jcry	560.21 KB	MD5: 772aeefe6635d43e61c6bda9813ef872 SHA1: 733ce1edc7ccc3b801833660f3a67376df24f686 SHA256: 943b20a51860207c03dcf5ae5e287fa336d9cfceab94aa72d97552a25604ea71 SSDeep: 12288:3sUg6JVw7JeEayG7UtJcPVKLTJUqwWHLxGZUJGoc4SKtn7:cUgiKeEaylCKJ8WVGho3N	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Header.bin.jcry	9.44 KB	MD5: 85c905e76440c23164b74a9c8c8bf294 SHA1: 2e4f78b44ffcacc2721ba3b5b00516c18ca0f2c6 SHA256: e6755e96da754f22ef07ebdb9e67c8e1ec3ab5378d586f484f104d1b596b471e SSDeep: 192:YHlTVxtWS3g/yFhkdQGJU5vA09eXMuajc+Llr8vVqqHwPijLmz9wlJMqnS:clTV7VFhkdQJlLK/ZtqqHcifmz9wjMqS	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\container.dat.jcry	0.01 KB	MD5: 2d32c8f4da5533d9271fa184fa3cfe4e SHA1: 1d8bcce2c8e0b346f6e6b3508cad07aaa70b140c SHA256: e60328e57321403731095fc69633fa33ce7b31297a118817be25ff9f73810654 SSDeep: 3:N2ntcxn:8nGx	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\000003.log.jcry	0.01 KB	MD5: c6b17fc75f65f4a9da23e03f9d2528dd SHA1: 2a0b39055a97ed855958ccf009082069b7314372 SHA256: ab803e9181ca428162cb3ab03c510d3eda884730009f2cd89fc0e645c020ad57 SSDeep: 3:t58gxn:T8gxn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\html\craw_window.html.jcry	0.82 KB	MD5: 1d4112f7456a32b38b105be20ef28edf SHA1: bc7ee23a6e465bc6aa6cb1d3cb2fc531dca20323 SHA256: 82e3be55cc515f049437b56c3eea9bdbe37c8499a5458b1d9898251c0f30987e SSDeep: 12:EA+K+7GbQ4H9XAl560hJA4JKEki2lfrXOWQVtq7Bb2vzMC9HqO0q6sGl+gI9pSn:EXK2G0GXq60flAEMrXAS++hlOS	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\cast_app.js.jcry	0.01 KB	MD5: 2e34eb874018508d56b6fa7049378814 SHA1: 0dc3994bfbfcc2ab28581d479573d1e165b8a910 SHA256: cbed1dfdb9801151324ced66dcb3cbf5bb8cf488cc8b5ee374eaa3beab030b3d SSDeep: 3:7Lw+n:4+n	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cloud_route_details\view.js.jcry	2.34 KB	MD5: 09753fd48613eebdfdf91b1425ae6386 SHA1: a7cefb36ea8d695cd62b3b31fde02306fbffd82e SHA256: 1f4efc2fcba46c8fba740b6c7f77168107d933d0cedb6e3de75ce93eb5224915 SSDeep: 48:2wP65xff21U2wvRa01VKwJJ9YXt8AmyLD2X2iLBH85cFXb9pat:2wi33f2oIqbyBtiNH8Ohbz8	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\container.dat.jcry	0.01 KB	MD5: c493de773ecb799bb0f38d3aa6b64c1e SHA1: 57c7308a27cb09525b474a5af8fbd966086672e3 SHA256: 4d75070eaca3744cdcd17c383aa454e00a175aa0c0e3ba9830a0c05bf761f095 SSDeep: 3:dENbL:GNbL	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr.dat.jcry	52.35 KB	MD5: 5f4c4ce26bbb23b8d34353823dd23607 SHA1: 376078246f813dc860062fbc1cbff5bf34c421aa SHA256: 113a20b9d12678342f44a64e45fea590e61c88a51eb6e2ade370203ed500cdcb SSDeep: 1536:8nCsM9jWRplVMx4d6zhZ3VuLsUfTKl85D9G:wCX5WPDMKd6zhZ8oUWqbG	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt.jcry	0.15 KB	MD5: 782884bd9a290dd75639654b7177c5e6 SHA1: 8608a3a230ad32d362ea1dde0df02e8d839daa4b SHA256: 0f7fe6213c7f6de3c679ed920b34868042310c074007d14346938be6d658d15e SSDeep: 3:7r3PDxKM2tLgnGUjwPTY4eslTKHfaVJbZsEtPRtclcLyV5iC+ph+fMzmTG:UlLLUjcU4ztV1S6iGGjh+ph4MiTG	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\eventpage_bin_prod.js.jcry	22.88 KB	MD5: a662ede082880baf7430bc1987a4d760 SHA1: 01f1d8550b159e04fc60b136b8a40a557f50fac9 SHA256: ea6148d1ce0e6d3f9c7ec305597aefa33c7ee995b03dfb5f525e6a8fe2fa3daf SSDeep: 384:bXvQEKUsQsmQMweV7zjD3PXhz7VWL2A1W400o3mVM3fIcmpkQyXtX4kbhW0Ykcuz:b/QNUsQsmEwzjD/R/Vx400o3mViIcv4G	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\J9KFLZDX.txt.jcry	0.40 KB	MD5: aad3f7f6c3a647a6366fb43a92e5fa83 SHA1: e3f9c408606bf408346f53c50753a0a51e0fa2e0 SHA256: dfd13123c9aed39083ac8e37432ced50d0e15822e51bd9e3e868c07f54ee9a9f SSDeep: 12:ZOcbHsIzT3h7fqpZREAG0tjvY1OJILXsWYlBO8:/zth7fqpZRpG6rgOJILXsDBO8	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\128.png.jcry	6.04 KB	MD5: 2e8119a281b19cfb1e5a3467aca3e2b5 SHA1: 8affc4f9198fc2c9738d90c110873a23502d59b3 SHA256: 648e359c880e16d754ac6522cc74f2e4e442807e5c4b05bc47086a1a776bbf9d SSDeep: 192:ls47r2ZJGXC5f8EQzNYeXZuXrEyp5oN36j1H0:3qGyuzNYoZu4w5oN3u1U	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\5d432dc88d56856d87faecfa9b48853b.png.jcry	19.67 KB	MD5: 9c6de5cb85173b8184d3092102ced7b5 SHA1: 2100dfc32b4a2128b69c3d7755f5171f3ec246dd SHA256: 54113ed7b08803bcb2b1015e7eb6bb26d0cae9a2666711eb2aacde7162e5932d SSDeep: 384:NVA8CqrAleWs1dDXd7ot5mx5riAHtrxTdgCUtRkN0vbGMKVsMnIr:zLrAPs15VoG1lxTdgCL0TsVRnIr	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Microsoft.Windows.Cortana_1.4.8.152_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.jcry	256.03 KB	MD5: fd53de5dbef3e2f5094d8fa49cc1377f SHA1: 68f0dfda08457ec34cb25f3ea9ef74b0cf4743fc SHA256: d555b7ffed9ac164b8731801c1a473eb5e522d32ecee79d557ea91db29dc6e29 SSDeep: 6144:cNxBCRwezJynwX6iLi56DY7A4IsugxRB6DjtV7Zm:ixebzInt8i5q/4I7Uj6ftV7I	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.jcry	0.01 KB	MD5: 532b1e0a26112510db5d86e86a4993cb SHA1: 4840608fa1422277896371db1ab5e31aadd047de SHA256: e75f1a1f0da7eb7366465914c07325864716b26c5aaa888e875f05cc975020ca SSDeep: 3:5Bg6u4n:H3	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\5D07.tmp.jcry	0.01 KB	MD5: e0e5a8ee8db4c7608bb74356616794be SHA1: 0d19494f948ebeccfaade66ab2b41d431e851bb0 SHA256: 93055f4962fbbd5d6e11ec7d85dbebd82b26c7f68de5ae0171bb3b4e293a0b69 SSDeep: 3:dbmZ:NI	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat.jcry	8.03 KB	MD5: 6436ce0a5c998eb8f106eafc6fc7e647 SHA1: 5939fd73c0fe90e15eab06357429b525971e4535 SHA256: da3f8aee3ece47aa67edc280f5603b103f44444b8d9d5cf61e47b06886accaba SSDeep: 192:W6mGYed223brDxzkcePqiU5OOaSxqrpWh:W69YD0b54cejUJrxeWh	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\e214427ea25af5774381fe2c2582382e.png.jcry	0.01 KB	MD5: 8359c582a802e68202af93fa944c5471 SHA1: 7471b3a184f6956a3b29535151ad28be092ebed9 SHA256: 846172b2ba8226d34035e3859c31a5c2bad85ab005f028d1640502134bc02216 SSDeep: 3:xMm4pn:qn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\container.dat.jcry	0.01 KB	MD5: 85821eb31759dc6f7dfe11a9adec2f69 SHA1: 1fe4f912d139a091840138ff4fc27da30c150ef6 SHA256: 3b7dacefd1256b7c199fa7092785277cd4a48c7055357cb2533d2c2cc7f7a6d7 SSDeep: 3:VF/vABn:n/vqn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\container.dat.jcry	0.01 KB	MD5: 7e0383ca56c1a33612c2bfa7867a6365 SHA1: f20ca275afb9bb316de95cf2b4e073cc271921fc SHA256: 4f3d98c94df4c60f9d05b8a45536fbb80a0ea1b5a1cf56de118815e4e472c91d SSDeep: 3:u7v:u7v	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Microsoft.Getstarted_2.1.9.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	16.03 KB	MD5: be34e35ad1f5f37c126839f73a881a98 SHA1: 67c90b7a8317f6c366f50a7dff2a6c103201fd8c SHA256: da722611c8d4a8b60fda616635d3df55e6bdad172a89faf63b22364d44632168 SSDeep: 384:ripEFKkB/JvjI10LoWlprRZYM0ITW3b1XVK9N9nI:rpVhvnjlfTcb1lKflI	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\41795194[1].css.jcry	0.01 KB	MD5: c88d40f720459d2b7850a0f481daaeec SHA1: a043135ecc9dbfba89bc562e9b299fc2247726df SHA256: 7df6fb057e60e0ce17dfcef9b4e6f96e2ba229bbec6f3d9537e60477f8d7b157 SSDeep: 3:dJNxb:dJ3	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IEFlipAheadCache\container.dat.jcry	0.01 KB	MD5: 15420962a1c5b5a5c832b7ea80228cb7 SHA1: 439778d08d16c39c29d6d560aaf9056c3c4a6c88 SHA256: 5fe89d62bcbfc6c406031e01d788a87a9b5493624c12171750cefa2ecafd9f5d SSDeep: 3:hVlhLn:nLn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\236a1503[1].js.jcry	15.27 KB	MD5: 28afcdee27b3549cce588d43cf5ce3c0 SHA1: 80033a76632e40bdf7146c7e1d8990c5ac913578 SHA256: 3b011114642519e6e2903f3925cd6f5731cbd4aa777844f33402621651c3ed34 SSDeep: 384:GBWmR3eh1/H37D0hnDeUzhqq4AOtEskVW+6gDIlF:Eu3/HLD0hzzhqTZtEskbhc/	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\5D08.tmp.jcry	0.01 KB	MD5: dca9ab8178efccb5f9af0657d974d586 SHA1: ab1397e41af0274b079fd4d43999df7ba8cca075 SHA256: 5725608c88bdffad63ae31bf0e857bae83aa7920b743e01b4216ed33d260b376 SSDeep: 3:wW9Pon:wWa	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat.jcry	8.03 KB	MD5: d7a2dfe61b0e579fcd9fafeaa99cd23b SHA1: 091e8c226486a70bb3d71f6a2b9716bd25781c74 SHA256: c46d5e162fefdcf441120ca7c6e7a96470aac9dfb19235b6caeab38db3f62a39 SSDeep: 192:gg3QA77JWGjYMOqlb14VtXuH+XC24jVTc4xNS1CYEJHkYHLOYxc2H5AR6:pvX8GmAbuVtXueJ45YoNoLEpkwBTH66	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\884.tmp.jcry	0.01 KB	MD5: 81a40bf90cf8b3427a5ab0dc38330171 SHA1: 7102b3742054cae390e16b4998a83a509a09f815 SHA256: 8833f7425e306c3f46ec441aa1d0266a5b419fe14621310fc8271666b0f6be10 SSDeep: 3:yKHdlC:yKHbC	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\YZLQLSKF\www.bing[1].xml.jcry	0.34 KB	MD5: f96abb1ef8b3cce574fe98bb6fdc40c2 SHA1: fc99327d6483fd885a7055ae51fc7560202a1e70 SHA256: 0a3e2712ddc416c4ea8539a71a073c61d9518ecda571656c8d3a1777227c3198 SSDeep: 6:P9brHJrwPKDsOyDrhA1+jlz0E9ZcyIpbFwh5WjDub40OBuTpEY2:PtCPKgPraemEy3phwh5WQ40c0p92	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00038.log.jcry	512.03 KB	MD5: b37925287c610ced78aeef763e9b0219 SHA1: 98b9d3647cae8875c2e8bdf407a46d424161fac6 SHA256: 446baf3bd48c5d4f17a02bcbdbbcfb0a72b4fa389338d0b03c2df678ef17592c SSDeep: 12288:ktLOmrl/mihItQYhcN4sCKlj3ikh2WNj/+1oJK4KLZ1OVsDN8sc:kr02WQYhgRH13ikwWd/+1onqRbc	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat.jcry	8.03 KB	MD5: 0cdb9438d775ed303df63914bd2a34c1 SHA1: af1014da070da32b0432026e9c9e052bcefc3125 SHA256: bc91b8dcdfac0ca15f505c28770ff79b8fa8bc6ed993626b9801e297087f261a SSDeep: 192:pv23NVTezz+INFE/mh+pgv6dPoKrPWEqDM2RWuCbDPy1PO:923T6FC+v6PrO42QusYO	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_hangouts.js.jcry	485.23 KB	MD5: a88369b4fb5062504cf812398c430540 SHA1: 844956f281e69218e2c69f095cf714e62fecf876 SHA256: 54b492d9e4fa6a7cfc80a58c0ff062881f8d3d6d3baba9b1acf5623e97568e87 SSDeep: 6144:QgrpaCTK5y2o36qslTNwWLuiFplEy7O8QPUZwlyd+xZyLIygxGsC4YV4ij0rt6S6:Qg1UDNed+Sysygg4YErtlK	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.jcry	8.03 KB	MD5: 0379d832aecc00df825ebe18d85b3eba SHA1: fcfe1f2971427a380b6d4d882dc948fccd3ef078 SHA256: 5ab2a112aee090ec43a03e91eb911b628c62a98c33b440769b328aebae6daf0a SSDeep: 192:wYDIg/yy983gv+CWVkYv8FreZQfbQ8dqWAC60jDRqa:wy/LG2zjs8ReZAblqWj60jDRp	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\f544a93b[1].css.jcry	1.42 KB	MD5: 48d46bf4d7960b4c33d0cec1b80cef14 SHA1: 0abb753a1eb4cf28b3eadce7ca59b419894d6418 SHA256: 8bffe5647b8190c42c833678811cf72db767ece2ab7f6e5dea3e76ff1153c6a7 SSDeep: 24:oRZE2EJeNFE0FVrJawRq34ODxIuX0Eih5rF/fqFddIEXMog4NJ8Luf9oy8BxYpdI:ovdy6FvFhEwQvVk9ZNiFddyog4lf9n8z	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Microsoft.WindowsSoundRecorder_10.1506.15100.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	32.03 KB	MD5: 30d6b91162fddf3263fba2151d4ca093 SHA1: fbecb3da11feea31ba02581ed73e50eff360d4b7 SHA256: 42cfd720cadfd8de3fd774c09dfed9f1e70d46d122c241bc591fd8511deb7811 SSDeep: 768:DJMj9FJUvSI888lw38zWwDVrd0286vhCQ8+DrXtuU5Qz7uZpbyTFeV/z+UMM5DM:FcbYSpcMW28MhCQ8+DRuV7opUgZ+UMMa	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat.jcry	8.03 KB	MD5: ee1fa6915f1c1be36ab1f4d2cb3d332f SHA1: 0467c9f440c7a226e3400e2ff6f5772ee48f423b SHA256: 2ca5fe827287d2ef11932d4f7b854fff09c8a95ab57a83a205c1dbedee26d657 SSDeep: 192:jR4bTiB6ALn/jBMtBXCmaEKSoWERPmlXXuCAT/hhKFhg0WSMg:t4viBF/jEwwX6/QuSMg	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\container.dat.jcry	0.01 KB	MD5: c8a2955db9343c4c6c801e582dd05282 SHA1: d2f8e479cd677bd2271075a504d49081f84eba57 SHA256: e979ce28d07d53a838baf6e904746152fcb482e54b758c76e4a6b1169f01ec3c SSDeep: 3:BAUjUSg:266	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TU6XBKFE.txt.jcry	0.22 KB	MD5: 61bd212f54e7d1ad38d90bec1e325320 SHA1: 5c63ff69f9dcda6f3d9fbf2d35446dad5a6e9e4c SHA256: 603910903f7bf667827614465306b6d5532fbc7fd69684b8c06bb47431f71040 SSDeep: 3:37tEsg376PTcC/1mvMAiwCwA5vyWrWEB1nZCkjG3odlnKHbYIWGmAAluBnJOUmtZ:Lk3YmvT0nKpozAYdlcbPKlOJOULDUx	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000003.log.jcry	0.01 KB	MD5: 5340825ab785de1d47b1b72d51cfb310 SHA1: 97ebc1e93d654abe4cd51f0d434561a6ce0e5147 SHA256: a8f3f574a4543307cab5ee5822f0a9372700e0a9bcc95ba8cb1406d1589a701d SSDeep: 3:c4ewXy:c8i	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00037.log.jcry	0.01 KB	MD5: 236f342ed7280fe489b9b6bb35edc1f2 SHA1: 1bcdfabdb2145022191869ad14d1a8a198dcd234 SHA256: 19955c837e108ac5ca20a27862c445092a6a0a82826fed972969e7f58abe31ef SSDeep: 3:RYYfZ:9R	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Microsoft.XboxApp_5.6.17000.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	64.03 KB	MD5: 9cce31af697b54ee6c65025eedcc9f14 SHA1: 6c2ca9d536214378ada43233efa9c9d4f97ebab4 SHA256: 42589911d789f95f73dd92e61ca98978d2df3accee8d98ce4a4c05439c438f6b SSDeep: 1536:rtcQSuUzXn2IQmF8JbE8Z8RvMcZpvDGUYNJuGmR5D:rtcQSuZIQSyEOqvMcL8NJCRN	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\container.dat.jcry	0.01 KB	MD5: 7e0da25c2853bc46b623643d12f0718a SHA1: c133368a0837b2b98be471c720f953223268a0b1 SHA256: 5db76ebff90487bd627df1efe9e6778061e8b2672d3f8b91f7ad4f83ab4794c8 SSDeep: 3:XX/B:XvB	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.jcry	8.03 KB	MD5: 8bfc0f70e77dd43d28ecf1520400d14c SHA1: a0ce1fbb774102d93613847543e0b0973f3446d3 SHA256: 06b12d6f257f2bdc7c62a275b3c4f41c5cbd46c50ddad7c0ad2532ed6c782ba0 SSDeep: 192:w7y5W7gOzFQowGfz4lRH5/FSqHcFvMav5REvVzKUW4y4:6y5U1QopC55/FZHc6M5i9zXH	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button.png.jcry	0.18 KB	MD5: 2880fd516251dd42902fbc6bd2d9c90d SHA1: 7d4d22a914aece304b1d7db1eac6782598676d5c SHA256: bed268b40bc263508f979f18cb8e2b789f370a1f024802cbecf8ec11363bc792 SSDeep: 3:/a3Nk4bTmWMzUNVn/f6miGALi3+rSMzrmz+Y5YnLmY3MJD2A/tpus0zZWXuWn:kNk43mWMUB/f6RSArmz+UY7MJ3/tpIZe	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\container.dat.jcry	0.01 KB	MD5: 5cb39ab8bd40876c3dd84eb6179ae837 SHA1: 84b5bd74743e59f1c01129003338c4ad596149d9 SHA256: 2ee5aa8a50ad9c15fb0c0915fb2a8a7b01f8f2ff0a49af713921e1bd72881447 SSDeep: 3:f6OxkY:SOxR	... File Actions Show Properties Download
C:\Boot\Fonts\msyhn_boot.ttf.jcry	138.82 KB	MD5: 0bde05d3c0f49d05eb591c15ea889909 SHA1: 387fed6e63be208d55506329eba9b9c8c08eed4f SHA256: 49642f445882d6f47c18e558432ed6fb9fdcf0e827b85c0e1f4e7bc7dde9a140 SSDeep: 3072:LV+b93/iDXhELkBo/PDT/+edOn0QQimMD2Okq:LV+ZsXhELki/HFdOn3mMDL	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.jcry	182.59 KB	MD5: 820f4b7d71d33196c64cf7478d46c684 SHA1: 540a98973cb11ccc9662a563b1df5600276c1eb9 SHA256: c9fa188e8ceaa7e022eacc229d3ff06e48b9829a49a2f89e3745c29c1d1b60ec SSDeep: 3072:+4IyS4dOpwxUhlOVEU3IQMN9mxaAPeO9+ZLVEcmrJSF71pnOoKw9cm688N1e:/c8UhlOVt7MjqaSedplYJC71pnjVWs8q	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1ZJA02JO.txt.jcry	0.14 KB	MD5: 2d23837d118c7381d5ac781b8697b249 SHA1: b3e84305c11b6772c69e717f2f2e6a21bd5fbc05 SHA256: 1d81d35aafda0faed247f8b0f277eaf507d1fd9a46a954537956c69ec7aa4d55 SSDeep: 3:HvOfFh8pVpSyv3F22iMFWic8Xw+XZmqFS+BRPgSUFctrOSsdXTlaI:2fFhWDSyN2zMFW8XwwQYNoYifJlN	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\contentscript_bin_prod.js.jcry	4.28 KB	MD5: e1b6aa70a838ff793275bf8293e11e52 SHA1: 0f29ef405930a0f1728f78379e9d4a5ca84bcaf0 SHA256: eb9e361d0ce7828e36acdf0bb614ff128f72f20bc7832ea3cce7e4f1c525c712 SSDeep: 96:fVefppygwoo+dtLMgp+WsCzqkVApyNQKbHUMXoRRiXFF5Vt1AUfdnX:sfppte+dWgp+R3EHUMXO4XV17nX	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_game_sender.js.jcry	96.44 KB	MD5: c9757f98e9704ba861c390884e6986ef SHA1: 4eb061bc1e9e12d62aa2cd8b8cca30e64340e5ea SHA256: a0fe2f5e086ba5b118a2b827f8f896d31da2cb9e9876888bb54e93cba6db61f9 SSDeep: 1536:+xSsBtthpeU15ZDCCsRrJOLge7A638OfBpSoa88Wj5exTVWg+WhoY:Cthz15ZD9sRrH63LfBpSo19e1Ig+WhoY	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003B.log.jcry	0.01 KB	MD5: 34671d59f960020637f7262673c5b030 SHA1: f18441cfd73952723320a5aedbd07a1afca8760b SHA256: 110b99ec155a3bedd912a17da8179f455dc4f737c861eb92aca3ad6cd9e1c054 SSDeep: 3:Fyj+L:g+L	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Header.bin.jcry	9.44 KB	MD5: 5ff359754c97026547877b31889018f9 SHA1: da8348259c7b60463a11bf8b5e534e6bc922c7f1 SHA256: 3c39e1c0c46f87c8a956b271eb7820eb1b7c13717967b7810fbb9fa37da9047f SSDeep: 192:abI2UEu3HNiZbii81XMmlVxsMj0xtHQPiVpAG9bT2Zkqa93T9xDO:abI2xOtiZb581prxskOtFJZqCq1	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js.jcry	0.12 KB	MD5: 8e3565a5a146df3a9f8cb94390bae175 SHA1: 5170d8614eb2be471b57be2da603d1606a0fd969 SHA256: 6612598ebb9bbe1493a22b33180301d2701384c0a4da7260044b3658f5069e4d SSDeep: 3:pIYmffZwB1aVlCEcDrgxeyPTCz+qGTnVLg:pIjx01klCEcDkxpmz+vTVU	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Microsoft.BioEnrollment_10.0.10240.16384_neutral__cw5n1h2txyewy\ActivationStore\ActivationStore.dat.jcry	8.03 KB	MD5: 96b93442b4d543ba890433d98db80e08 SHA1: c0949298e0eba3b6d4ab46bf3bc57a2dcaa4bb7d SHA256: 5d0408a1563ab74969b0b589f2d509cfdee3d73f576c5cef8b5ff0e59ed96b58 SSDeep: 192:wbq66bIj1seRCwTUshdW7F1jrpmN5Fy/5fqi8XRIB8X8q1pX6:wbMbCWTaEjtuLyhfSIwn6	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000004.log.jcry	0.01 KB	MD5: 909614a5b809df2b3c139a7ad24e1bd3 SHA1: df0d299ea3bff520cf927754ca796732665ed6f7 SHA256: 55717a999c2941c05de3bbe21cb8e1dd77dda72eccd0a933484b99d22aa0e362 SSDeep: 3:QKA:Qd	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js.jcry	0.12 KB	MD5: bd23afdf9b7d571e6e50f74d2964702c SHA1: 07e369d33453e30e387f340223291bdce09d7ffe SHA256: 9e74d631a5d6b1cd465ac90b6c178ca8bfc2ef3ed7cb7d15e69dbbf6935573ea SSDeep: 3:4JFaa+JGu4bEpA85pY6gunTSFdbXppxvnlfo+vYC4NGn:4JfiGjEpC6dSTb1TgC48	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Microsoft.BingWeather_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	32.03 KB	MD5: fa2c61459f8b631633d895dde777087d SHA1: 4649200cb33e5ac63fe5e144d33bb4cfc07f5096 SHA256: b68f56832a49802d57a939512faeae2a95b97356eb7fefec6a343eeb01e815f5 SSDeep: 768:q3Yl0ekNDnzkABGtnT5eG2t/Qi4bE90/9wAjItEpmNxQgyYE:q3i0e+nzkABA1EYi4brzaEexTyj	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApiGroup\container.dat.jcry	0.01 KB	MD5: 925152a34dec9195deee4604d193b964 SHA1: 533dd599c4f9e6c9557c9d83fa69edbfcf75077e SHA256: e5a591f9c1316ca856f66f977a25d29cb042ff78b83c8cd448177e23259366d1 SSDeep: 3:mRmn:mRmn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\feedback_script.js.jcry	10.81 KB	MD5: fa3f92f3823b0dfd94be357614db88fc SHA1: 4ddb736ab4f73e582f876f8d467a9047c87b0108 SHA256: 14ff25a7e1e8a8d30d9dbdb510152aa7b68033f43870b6dd443528f7eb9ed7c0 SSDeep: 192:Gx8Bm3IcO8Pb135x+/HcEVWcJoEzbLwvrFA7uGV+xtW7xXeAEGRDS7BCgauD+18:GKm3XO4b7YHcGDJoEzbQN/xSxFEGRAoq	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\e214427ea25af5774381fe2c2582382e.png.jcry	16.78 KB	MD5: 7f78914ad3145d4e3e9acc83f0c83ea9 SHA1: 822c51b4e34c4e13b43fbeebe798bec4ec0c0f24 SHA256: 000f8321d51128a51bef50f4cdb5a8a56431309f16f9ad660faa5aa06cf92720 SSDeep: 384:+wAKFMl7Y7BvZr8gyjaCG1BJ5FoZPYPGAkOP89ZW4J5XIq:+nEndp8wbkOPQfJ9H	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\container.dat.jcry	0.01 KB	MD5: e340d9ca6f6715ac202a0c77521cb7a7 SHA1: eb7e720b512d098474ae1b63dea2b69ffc54bd60 SHA256: 6bff4bdbfd38062c92ab80cb86b600eaec2823f649ef35d9a2b08ac6476cbfc0 SSDeep: 3:6jn:wn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatUaCache\container.dat.jcry	0.01 KB	MD5: d816af14cd022514368573f8d804643b SHA1: 94f1f48d9b8eb09b9e58135b2dd2194cbec31cdf SHA256: af947bc40d19ed0ee21f65d003c8a1b47afc5c2932d533520afc07b26977f093 SSDeep: 3:Tzal:TzA	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\fce27fce[1].js.jcry	37.82 KB	MD5: 96eafe720dd4f514e337d92b44bc2109 SHA1: ed62e4f310706589d8d87829a4ef3d74b78a3557 SHA256: 2a76c3ebb637521b9a6c875fe592a6be3e10b8a8e03e97ba4f48e83e341fe0d8 SSDeep: 768:S3Hwz/pxsPO1Rk6lFB1GBsf07O5UFsEMyDWcFeP1O/NcKu7jwg:S3Hwrs8Rvlv1Gc0iCsEVDWcFeP1GNw7H	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\index.log.jcry	4.60 KB	MD5: d349939b50ab1b051c1edd356efe9d3c SHA1: b1ce975a87f82d2b80607937205efe3164a5dca1 SHA256: d8ef486904fe694d21078d52299659d3e2f540d1d6c3f5b8b2af1fcfaed64f4a SSDeep: 96:L2dxrh+zEPo2FL1U9hMQuwpFzAtxrqIhXuEfd39Zynbd2UNkUhNvB4uXC+l:6dZh+zElf7SFM1eEf/ZynZ24kUmu9l	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat.jcry	8.03 KB	MD5: 21a35caf08c8004ac866a8d18bf3e1ea SHA1: bca1744715f7f8a866469c0e142e3ecd51422bfa SHA256: 5ea6cb4a6b88bdf536c1af015124fdd8f5812badbe6c7796eae43155f31a0a2d SSDeep: 192:3KEkfVYHxYwBHiOaV82O5IasN2G3cA8aO:cfVaxxC9V8t5IaSsP1	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCookies\container.dat.jcry	0.01 KB	MD5: d7153a959e9b26badaffeab89bb3c03d SHA1: ae6b8d06ef84b33c4a42f4fa766ceb24e347f967 SHA256: 91e9748bfbd9b3ad2ab9dc875c6c77efd86f5115c186ba1551107331e84d2130 SSDeep: 3:DyaaN:Ds	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	16.03 KB	MD5: 2dfeddc1015189e113f989a0fc1edf26 SHA1: f069a2efee1a7eed60d273b218dccf647f7cbc86 SHA256: 6e63e2ddbaaf6615c1f74b580937aaf4f9b23dd0bc047f71a7b64fe55f4532bf SSDeep: 384:1dO/P9CNaf9wNnT2eRsz0eeT60bXOmuqTL2TQAI:1dRJhRsjeW0b+I2E	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\zinc[1].htm.jcry	117.13 KB	MD5: 9649b4192477b8aca8421cb959ab3731 SHA1: 9eca943d58d3cf2a278189bf92962caf75837458 SHA256: 38018081efd53f8bcb42c63d40448f7ac223f94c839ad0eddf293f2215877d41 SSDeep: 3072:Q9tYCZ4wDlNrPB0njCxEVzdmXCOzflW363+KaftMh:QZhDzqCxEuvfA3CifU	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\container.dat.jcry	0.01 KB	MD5: 402fd73ad644b2c48052bdc9510a7bb5 SHA1: b368d0f22186a16060044578374afc1b992045d5 SHA256: b4630d7d5b70a964ed45f51afba88704cec1508750c537e3041678a8d3b75fd2 SSDeep: 3:JLGn:lGn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00037.log.jcry	512.03 KB	MD5: a16e80dbfdb35314805ff3dbdcedb7d0 SHA1: 4aef3cf2e06ed2cb44dc17666083baa5810df7c2 SHA256: 56eed35ca7255bf32cd7b6b9096246a87122afcdb012f9c9d43a964882029bbe SSDeep: 12288:eKWVuz1nAPwNriS/uYl6TttiJ5bkyohn1mEAIka:D4a1nAPwV/uQ8t4LXoVQEAIka	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000003.log.jcry	0.01 KB	MD5: a87276470ab7a18b3a9462fe5cc413d4 SHA1: 425453abc7d30ed5875ae82fe9cbe462cab1d4e8 SHA256: 0218cd544ab21d5d19586dbf4090f89099a328063b2c82c6947245a31c994bd4 SSDeep: 3:f+kbAtf:fAtf	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\BingPageDataCache\container.dat.jcry	0.01 KB	MD5: 0ef4ed1d21c810a709caf923ad5faf50 SHA1: 62046e5ad649706066c0b84e6e74870fb78f34d1 SHA256: e1db9c99f819095c017dc8ee22c51ec5e78d751956d8d649a30e83622474686a SSDeep: 3:p1an:p1a	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003C.log.jcry	512.03 KB	MD5: cb6908b3b5a565ef942f0e2300231b7f SHA1: 782c9297e3a14672f3e821ffdbec8cb934caf86c SHA256: 8648c98cc2100e7aa443e5ef04a7f3d32fbb0985b06b3206eec928aa810f543b SSDeep: 12288:TA5J/WLQDwnEmUKT0BqwtQ5nNMN5MwZigwGt7Y:M5J/WkDMUKkqwD5M2ig5tE	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.jcry	8.03 KB	MD5: 18d2bd2c7f332cf698b51fd5f20c3e01 SHA1: c888b3a2833ac324f280c182c21ce48bbf7bf68f SHA256: cea8f18ceaae1bec1e8ec7bffad5665cb5e6a818503dacb240af089159faed38 SSDeep: 192:U5VVdmcMyyReOmf1tmbjKov9a7eah6/QJQge1DtYWIo2DMhRzEFJ/u:U5VvBOgIj3Q7eaPJQgKDtA1MhRzmJ/u	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Microsoft.Windows.ParentalControls_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.jcry	16.03 KB	MD5: ec20165a4ae89a4a2eb8b3f91733effa SHA1: bd2161538484eaef518c85fef37c7465a2bce0a8 SHA256: 535b5cd91dff55c53a432525e0b76c00c45c75b0979ef1b663f32a706b154b12 SSDeep: 384:jwexDDJuW9WVu+S8TOAHyIY/MwszZcOYX15ztReZ:UexD9uQW08TOAHyIYIZcrrxI	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\container.dat.jcry	0.01 KB	MD5: 3947c80b7c0d40169177b90fe22bacd1 SHA1: d61f01d073a16a392585035b8c06480af9ec2456 SHA256: 45e6247c7a9559f049b7f19a07a3e7c73578bdc4ed81683a30abfc41a2c51d59 SSDeep: 3:+rgYb:+gYb	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\36a8ead3[1].js.jcry	154.14 KB	MD5: 9f0536f82eb31e22d8a616c650769068 SHA1: 00b7126c8380be3ca31154f7e3f36eb01559a97b SHA256: e319417fe848845d53db56b22943903ae230f1e09437c578c5578e9892617b1a SSDeep: 3072:DXSriFe4W1s38BEbahIdXpqnBXUNwnviftzOnaZPl3kg03iNpnwrTGl2Dh:Y0nW1s38BEHqBXUGnaxtZ1kg0uwrTm2l	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCache\container.dat.jcry	0.01 KB	MD5: 76c44bc42547a4af220a3ca4e20c357b SHA1: b9e0b8fb18f609d36842b5a0684136ebbcf7c772 SHA256: 94bbca359659426b33007605aa24ee9bfd415e3f966e9e28e8b0f63a861cf479 SSDeep: 3:o4V:oY	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js.jcry	168.17 KB	MD5: 9c4a102faa304b01c6a0b246d215adad SHA1: 75469a4c754956799a15815c05aa67a2f49388de SHA256: 25121eb3f1ddeed20e48b0ebd3c5af616b79bdd0565a35fcb7fdb0189d6b5bc4 SSDeep: 3072:ZR13tyl3hnB4NjqqagItIEBUl2oEz1Noz8HnCieq4nFsqr8Xxzk6dK7j:n1+3hniNjqq9M5nw6CTF9r8XZk6g	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\container.dat.jcry	0.01 KB	MD5: 11b981d467a406ff91df179956968c04 SHA1: 78b2b0df1eeef528fe9e8906523f6d6af663d030 SHA256: cb6db214b38dc1ee903e1f8d9134d79562c7820fb6e8aafaf8698539fd2bb5b5 SSDeep: 3:oI+:oI+	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\page_embed_script.js.jcry	0.25 KB	MD5: 1f7d59123b9001958b5fafed1696ca1d SHA1: 870d61a6b7d6df77522ed34ddf5274255bf729e9 SHA256: ca89e3572a664234dd5946b4c6459d1d7ccfbc54390afdfdd2222173568763d4 SSDeep: 6:0DBtAXxK9fLtzXMBJtpKdAij3LfoY77aG1zrnvf4nm:KtCxKBWh+AirToYiG1zrvfx	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db.jcry	7.03 KB	MD5: 216c3a65cf2c8346016465c66720fa64 SHA1: 03d2a803f130d532c1072980fd5f586458b15d31 SHA256: f08c568780b87e086fdb9e93abfdd2eeae904b17eeff1af35a52ffc5205a3739 SSDeep: 192:9vGE251LQknXOhyLwoXyGFfOZx/AmMnrvOm:4H513PkoXR2j/AmMrvF	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JN00AKV9.txt.jcry	0.11 KB	MD5: fa2c8fac179e2372891f13c34426866d SHA1: cacdf99274c427f86ec70ae6f43e12b1a6c3277c SHA256: 3942d4ff8cccaf1e3c64c98120788dad756dc999100b5e1a7cd397fa1f848fd3 SSDeep: 3:cKvgEmIogBd5VCgQYxU7mPhvba1kLsnOPd:c07mVOd5VCgQEUqtbY/OV	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\9101d3f2[1].js.jcry	18.23 KB	MD5: b7fee5c550689856519025832f0e817f SHA1: 8998330abf5c3b2666f32c96b67453a7f4adc88e SHA256: 5191ea1ee0405dbfa68affbcb9ef441e7c7ea495ab94ed05008cdd4ddb8eae1c SSDeep: 384:7ZjSxpuPJlTXITxcobndBM60pXcVZE0r2L+A7Oxt7HgH9+Am:1mxpuDKxxbnUvcVZuL5OQ9+R	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApi\container.dat.jcry	0.01 KB	MD5: d6e1c471452f191887a6acb665cf46a2 SHA1: aef224a75f79d77f5a8fd087504cb02c601cf2ba SHA256: f2d9078d4c009fdf6c8f7d9690f1d9a54332893fae3074dd6db7c3ec7635bd13 SSDeep: 3:jd9hzPN:1PN	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat.jcry	8.03 KB	MD5: 58452f774af5b393c61c763522871516 SHA1: 17b7577b4ffd5b45608bb01cc0488a66669bb8aa SHA256: b33890962293fee76f630b49264c4f98689d091132a74d78226ec6205dcdd168 SSDeep: 192:CpT1O/we3YmfeoMpSkjGTt9WJDd+O/sQb9vvIcBIAqlFUUE:MO4e36p+WJR+OEQRvyHi	... File Actions Show Properties Download
C:\Boot\Fonts\meiryo_boot.ttf.jcry	131.38 KB	MD5: 921ab99d06cece526ca598e382daa00e SHA1: a5b5f9e80f07139478a5511217d8794ca6f237db SHA256: 415cd18d4f6017a0168d1a545332721177dda42776cee14f397d27d103fae36e SSDeep: 3072:L642BW47vlJ2yMxviMeZ1ExIHfLSxIBCH7Yssb31Ar2PUIxNydv6lF:etW47NJ2yMxz9aHYUCks6lQqUIzydClF	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\chromecast_logo_grey.png.jcry	7.01 KB	MD5: 7e3c7425ce8eba3c8f059ef2fd05c770 SHA1: 76e54ebed751beb051743b5d6a99cd7cb0401daf SHA256: d7669e149d9b09f8c2653ee39382c9d1086a321ce4b52487116ed8bec5883f68 SSDeep: 192:bJYu09UFxu4RD/NAWEoANu6DXd1s11fEN/LJLwR:Fb0+nD/cPgQiEtLwR	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\background_script.js.jcry	0.01 KB	MD5: de496331ba4db1202aa37951ac847a00 SHA1: 0316b5fbfb8bd43f3ed31ecacd779fd83c4489bd SHA256: f9b3e26d0e4d6b84d88bfb723ab5a9b8879c2409f3cead61996f9fb4a34da175 SSDeep: 3:edyddn:edyddn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.jcry	0.01 KB	MD5: 8b95bd8bfeda4d5d55f1c20e299bdeee SHA1: 4fe65f835b2d3db5d956092b4e0dddbe97b8ee1b SHA256: 33eaab3918b2209d5095e52b3af513745aea44c94f3941f27743f2cf7ca62a93 SSDeep: 3:HSQfV:b9	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatCache\container.dat.jcry	0.01 KB	MD5: 90217a37506c3bdfd0bd16e5bcc6c919 SHA1: eb3a2c9fb03358bd1234c8efe1b97023bd18f367 SHA256: 124d25c702d1f4d6c648f9e8f090f7918e4070fc680a2afc0ceface8d9d7e4d5 SSDeep: 3:OF0csvW:O3s+	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USStmp.log.jcry	3.00 MB	MD5: fd8c5e84bdba7b05457d9a5cd8986eaa SHA1: 622fdac40d05f02c982493ce17d4d8686545305f SHA256: 06d6dd5f705363c2cfe6702b58698fb96626128a4c04df4f2a674a3cb5e275e1 SSDeep: 24576:m1OyFRvy9YNCRqySBdB4UT+jqsfOkQYQXYYL8eDjC7:m1DFRvyyiqRPKQYNYLXjC7	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Microsoft.AccountsControl_10.0.10240.16384_neutral__cw5n1h2txyewy\ActivationStore\ActivationStore.dat.jcry	64.03 KB	MD5: c9846461560da8a4168f0cde59440bda SHA1: a4d1d7ca74a6452e7570a26fa9cd13ccb833b182 SHA256: 874a294508defe9fb57ce5f56506bba27176a2e129b0e434f4dedef35fe9ef74 SSDeep: 1536:9gLjYQ0+shjiFUJfh4LrjslJoFg3zaMrfMmQsrkWRS3f6he0Jbzu:S74iFUJZI0lOFOznfMTsgWcf6heB	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\container.dat.jcry	0.01 KB	MD5: a4c8ae9f2d0cf3fc6e57e8672f259088 SHA1: b389428126321e0e91b8fb53b8159429f3ae9f38 SHA256: 6673c5b9728fada2ad54a01caef0daafb324af5fcd0bc8b48e676126a7b343f0 SSDeep: 3:H6m:am	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OR8K8VRM.txt.jcry	0.28 KB	MD5: 30299248d4ebcf4e6bef5be88cecc4a0 SHA1: a9d3ee92b14867c3e2034dafbfd6e64051aabadb SHA256: 8b623d0609d64a0ebd583daf1b5108f3772d1ec2b7a2af98d4f7ceb5a71f11e3 SSDeep: 6:1JEUmPpoyR8hRuq6TCq4Mo89NGzqU4cq3u8ptLu1/TwIH7CnZVmwitkvzn:1J+P65hOoA2zvJ83a1kIgEwz	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\000003.log.jcry	0.49 KB	MD5: d07cac251074764eacc770856e07ba90 SHA1: 2914718eb6af62377b1451e85375729ea0e0612f SHA256: 7f54a883bad8f86aac7921436081f9a5f7cdb75f35036c5a43e5bd3545430092 SSDeep: 12:IQUvwSQj5R8K/QUDUn4QszT3xcuOIkKkKSPEq:oYSQjP9dDuSHh+IkKkKA	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\ETFMMWBM\www.bing[1].xml.jcry	0.01 KB	MD5: f8ad36a749d367a28a3dcfac024eb1ad SHA1: dc0c98b8cf3f79e83702e69e762c2c11d74713cf SHA256: f659c8001a4cb09f5d3b509e78cefb9518f8d5d9b2a9ac17023afb4dfc9e2e47 SSDeep: 3:HH4l:HH4l	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	8.03 KB	MD5: b3c2b8f5c769437aa4756d5a89f4d517 SHA1: 85f36a092c5e446e719fe983d60df21651a5cfff SHA256: 77c1a4e87382b7740f1b2c111b607c351130f770ab6f27dc72c7b53debf045cb SSDeep: 192:7Q3m5jLo5f2rCgFrQqcaWMcb02JWLtOM0E/WN8tyY+Tt:7Q3m5vWPqqMcYuM0EE0z+5	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png.jcry	3.32 KB	MD5: 6ddd55f07e560e0c228aeae4fe107f87 SHA1: 9b27f9ee9f89d659909cf3da48e0a9acc884c745 SHA256: 1003be506a52515f784f9d7d634a2527edb95a6cb445402de2dbcbb7dd3b3e9d SSDeep: 96:Ie9+LdtrqzGp2X66/s4zjWgbjEkUgw2JYU:Ie0LPmKp2X66/1EkNwah	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IEFlipAheadCache\container.dat.jcry	0.01 KB	MD5: c7706bdabb74407cbb4761d1a7a1b34b SHA1: 90e2026378a37f08589a5feca4d26f3b72d63827 SHA256: f9ef8b1b54e86ffa7245cdf9196af6e89099cda3dada64f2cbd145a46f21b2e1 SSDeep: 3:9zCUSn:9zCL	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_common.js.jcry	171.51 KB	MD5: ad61e2708e3a1398a1852a7006823b95 SHA1: 6814e7b2c626159d390a508b215ab05963552da0 SHA256: 2f487a9ed1b31575e4654ad204bba5011fe8067c1d18aa288a375de750d2d1a4 SSDeep: 3072:A4wwUzKLI8OWdsvAcx9TKbEZfS5/KaKwoFkbn+dG5lj0qdq1hHxs:8zei/4cx9AoVLwfjNlj0qdwhy	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js.jcry	587.48 KB	MD5: b70aa14529f788a0a217f7bccdeed845 SHA1: 71490e49ea8aa53bc661cd5d12c97cc763f33656 SHA256: 6fbce73960f4fd534c53395af94eee04452d94bed853231ff9c1f5a856c63fe8 SSDeep: 12288:nJXQRjBUtXg9SQAi1wVRFbyi28GFj8PVdsRYFu5LvZBIog7+WQp1vdG:nZQ/v9SFiCdl28S8PIukIQvvdG	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\container.dat.jcry	0.01 KB	MD5: 022d50e47a8a8927254c15f4a1b68299 SHA1: 59a05556b21a943938b12f52f60b48e9ebcb3b22 SHA256: 339d98053dcec8241523935ae816522c97bfddd3e52a4bb0c99e1e097474784c SSDeep: 3:la:o	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt.jcry	0.36 KB	MD5: 12e2fca4ffc38bd4998cd0215231a911 SHA1: 113eae38ef5c1cee646fae66c168b27ae55821e1 SHA256: b95d241dce79160a5bce7eec8578d0a6395314e5da9065af233d53d335efdefd SSDeep: 6:zR3CwP6k8equj2JxVZ0nvUWRFGXQlN/MEbDDdwKipQd+bHghl+JDMZ8cPcilgctj:nweqjxVIMWRFGtEbDCI+bHVJDtilgwOe	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TK0LXHBL.txt.jcry	0.23 KB	MD5: 032234d9662c891c600bd2446603f664 SHA1: 231cdef41a8c3d729c40fe3176357ec34c81d142 SHA256: 95ca71fbfdc1e71e7544d38d95bac6056b39a28105630c3d032168b12e8033cc SSDeep: 3:r+FEoytzVHYSaIRSrdj2FOsQJT2lATIwK1SARngNlKxMPimV/FqjSpR4CLQMGHeU:rRzVnsryQJ6qkwLf/KxjSXAfMS5n1GMn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.jcry	8.03 KB	MD5: 646e0ffede5c8b7fc49e76bfeeb30932 SHA1: fc7cd1c5ac131d172f5c2c20f33585006f52b3f1 SHA256: 09da94d69f2bce581fb30234cc2d7bd69eb03e70e1bb388f655d2866e9deaecd SSDeep: 192:VN8tIqo5txQzq5vZdRmmHTUuzYWVqsBntY+gZ07a0+pSihIA6W0JFiNnEYY22xgv:AtIb5UzuvnYmHTZMWT1tMZ0ep3hojg20	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\fce27fce[1].js.jcry	0.01 KB	MD5: d5c73bc38a1de2608352335bfc992fb9 SHA1: 68a6eda20259a9eb472907950d29a22063401455 SHA256: cf30e42b4b291a026733ece8762c8cc344ff19a6e590eb9ba35c6687696fd3fd SSDeep: 3:l35bn:l35b	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\2bf8db03609478000e25532b94a93e81.png.jcry	26.61 KB	MD5: 38842ab2072cf132eba3046dfa0e73b1 SHA1: 323816fbb57b12a8d4c341b36c9e2c96c81b693c SHA256: d9f53be216ab490132639b64af2119ea92ebc30ad8ad429722cf3ddb0ddb6073 SSDeep: 768:fGgORoZjaTN7Mc9msOEID77Fh9MuLSb0/+z59:uxy9UNVdyDuF99	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\container.dat.jcry	0.01 KB	MD5: 982ffa90d3e1539275d09ba940d63820 SHA1: 715fb6d4e83c5de703f0c34bd8b4c85673b275a1 SHA256: ff5d27c119c13899170716f105c3fc785589c9e2d55b97280fda8b830f04f3f7 SSDeep: 3:W9js:W9o	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\U9PT9V3Q.txt.jcry	0.58 KB	MD5: d822a707dfffaf35d3dd49024d44abfe SHA1: 5983c5fb722cbbb3448ed2896af326aa74619e73 SHA256: c5af7344c15601ada46d0384b6935850863ed9a7caff73520123921e8e7d148d SSDeep: 12:lKIXPG6raDtakk4MvispAmU3pgtLgQAH/098FLtilXoYG7p/UBBr:4IXO3DI4MvxKh3pgtLRA896RKA/Yd	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\offers.html.jcry	0.08 KB	MD5: 35db6e06bc420acc7626f43c892b17cf SHA1: 9e02cf6d4f5111b3756b91b867d611fdc80ab131 SHA256: bf4e6258eb6b8397f0f2f3b3df93714fb36c2e599e279a871e88f8d954f6c79b SSDeep: 3:7uW+QL6H3QkC9Qd085tnKXk6iNbDqMn:qWMAkC9Qd08zKXkPNL	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat.jcry	8.03 KB	MD5: 7c1d3a8c92c118401eaf89824fda8e28 SHA1: 7d1e061e6c0eb284799f6cb439eb52eaacabc56e SHA256: 7db8bb3b56fe0b703b88fee93f80d4f01e3bdeb79d9437cf91ccf0f848c4f72f SSDeep: 192:DT8PIuNE8toXwjF16fA5QoXMizoNtUAV8ISSnOQiVQwBSFd:Po1CrXwjv6f2Qo8izauAV8zQRd	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.jcry	8.03 KB	MD5: b1a5d6d8271d7fde187ee3a841f67579 SHA1: 57e080ab0ba26502c946f305605cebbb30b09d29 SHA256: 201a5cfd7767282c53d338456ef0d4c19abdf04e3015adcd7cc69657eb343143 SSDeep: 192:eibNGFdaWVjNCbiuLOTDK01JY+8jaki3Hx8qT3lvDS:eibki8NCWuyTDK01e1S8Q3lvW	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	16.03 KB	MD5: 20a1a98660635cdb23c93cc88f4f2560 SHA1: a272f0c5d56f8415e21533c54d08ff09b9dfa6f6 SHA256: fc7b90bd60b4038601c3297d946fa708e235971ca1a5f7245c76b0d4a62674ba SSDeep: 384:V4XctrZwZelHeozLxJgg/TdGNcRH4c/FfeXqlCs:6iWZeUM7L+WYc/FfeXfs	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\28c9257769b2913b70283ca4759e2034.png.jcry	19.30 KB	MD5: d40a2ca01b78f3e7ec734a7c38aeaec7 SHA1: bbf5da289d7468bea9732c2ab4112faf650ef451 SHA256: 4c1da99cca840a4afcae35cc07e10e5027a0a8b3f4349dd697c3f62ae9cb1863 SSDeep: 384:RdArN5aGeYtbqpAR0Pkmc+uxa5VbToKrUK7Lk9EDbOKBbhHr:D4fQYtbqypz+SUVbToMUwLkuRBbhL	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.jcry	0.01 KB	MD5: 96bd63002341ba06614640ff920b332f SHA1: 88f77f3da755f0e2f9721cc17f340cbd58d63832 SHA256: 9d8c9c275962de09da590928b60e749622a2026cc78ceae56e00f6e035fa7956 SSDeep: 3:Gpjs:Es	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\icon_16.png.jcry	0.57 KB	MD5: 67b5b4337f7c353b3fdfc1d01d332a55 SHA1: 41d949a64a76309a4210eec5ea1f69b4ec1df7a1 SHA256: b297f6ee734ad645dbcd00d3d33422f6a8029951e8837c930b6306af0c37dd3b SSDeep: 12:FxNFFELvyD3bF8G464wLOiXYrjEFXjGJQ2p/DBZJV2/nJtrEBm:DUAZJT4wLNX0GXCJRplLk/n3r2m	... File Actions Show Properties Download
C:\Boot\Fonts\segoen_slboot.ttf.jcry	75.31 KB	MD5: c7069c5eca1ec363f255660f549b246f SHA1: 0dc0b5359f2a3b07ea1c754a550f35a4f8b19461 SHA256: 94ce629994b7cb4773e357489388e840a8522c9e5b612f06bdee7a01e8fb4b43 SSDeep: 1536:Ivndu+DEnzwT2OqookUdWqFbrPpg4pQPHZdhH+EGeQGAUbYSRP1wigop7lvQ4u5D:I/HO6/DodJPpNA5Bbj6wy4g	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\883.tmp.jcry	0.01 KB	MD5: d3fb94f229e41e9c57c79b30fad5aba0 SHA1: e72ebbfd357b77a517008a1d4eebb8ba3b5b9f26 SHA256: f31bafbff3fba5c9f0cca57f6e4688130230b4c0327be650e8521b3193c720b3 SSDeep: 3:YnF1n:YnP	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\History\container.dat.jcry	0.01 KB	MD5: d471d35ce7465737177e0e3b24f7e404 SHA1: 307a5a5c6d1f25ad2010a0432c9b4bca709729e4 SHA256: 72ae0ff98522d393e807bf21ee900d9ccad3c972ae9fbb644d7f3d02a2570b23 SSDeep: 3:6rSu/vn:6Gwv	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt.jcry	0.17 KB	MD5: 43bb0202e1a54cbc6df439f46f47dbd3 SHA1: 0942f526b4fb9d6c0f5fe6d6d3045d785ca816cc SHA256: df2da5982b19cfe236dd72b8cd1a6ca9eff03f5b9af0c840e508652f16fe8070 SSDeep: 3:USjeDwqSXzM8xt4Yl2MupPFanK+X9YScvpCVzXwzvobOCeddFn:tjywqkz9xKSPuhFYBXhcvkd0vEPen	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\History\container.dat.jcry	0.01 KB	MD5: b9e568167c4d5102e41964a891d8bb97 SHA1: 0595813247b48fadb1ba2a8c2f7eaab2745c845c SHA256: b939942b25070a7f1cf0940f1b0a4cb1af18291371dedac7c85785ee12c539e7 SSDeep: 3:OV/C2W:OHW	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\128.png.jcry	0.01 KB	MD5: 5645333eee11dc9907c010bc71240463 SHA1: f90172d910925a57c51197da16f32ffa678eb28b SHA256: 396be08bb9b11faf7f6f75387cddae3ab209fa76e7c2f083a1efe893b0874009 SSDeep: 3:KSufn:KZ	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Microsoft.Windows.Cortana_1.4.8.152_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.jcry	256.03 KB	MD5: e140a9040cd3ceda563d6a155dd8d691 SHA1: 82b923e2bc45435c4f4fce48f922d4dff8672608 SHA256: 317b7cc4e72fb7a5154f49f0e26a3f6f7b546e0246f4c3005e3dc603ecadd3e9 SSDeep: 6144:TPN3iAZ5113qn/7k5DUaR5NBMDt1GS/yi000k:TV3tx16/ApNWLHyM	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt.jcry	0.14 KB	MD5: a8311de5c043288b92e3466883a126be SHA1: e08d7b137f237db50db1f6bb00ddba002810efa6 SHA256: 8dcfd170b932cceebaef2436875d11321065d63f8cfe890a82c8175356149273 SSDeep: 3:rYbAjt+iNGMfH2g2AyNsILcVOgoAhEARyQqGZEUHHC/a17b:sbgtObgnLlibQqm/o8b	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\main.html.jcry	0.12 KB	MD5: b76e7f49bfe5a4733773319aa86dc824 SHA1: 978a0a5510a2215c3b4398bdc4e211a4e470e1f9 SHA256: ee8d72e81e41f2f23e28bb436a7d2d9bb731008cad720b2c85a0908768c7e68a SSDeep: 3:3+SoQQTDSWNLEM5FWb+TQ493O+OlVewMlB8wX5wlCrzr:3+SNmu+TQ4o+YTMxVP	... File Actions Show Properties Download
C:\Boot\Fonts\msyh_boot.ttf.jcry	142.83 KB	MD5: 2fa6190f5544c74e0e8e4d1964b9c999 SHA1: 6cfe3bef57753e9af3040672d9f31a327f5d9efa SHA256: 7987f2869bfbdf9f3a0ccbfb9c9021bb3227a449230dedbe626e6c880fc0590e SSDeep: 3072:0NMkwK3vrHRrdKoJ6JBuhMulrgqAHHIkG8dZsTHRlHrz7WlHwZ89x:mMkvvrHRrl6JB6Mu2CkGCIlHrzFZ89x	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\b6dc1948244e7e4562c9356a0052d7af.png.jcry	14.37 KB	MD5: 05679ba1daa907f5a0e3a117d44bc9ee SHA1: 87c30a846d3e9537746836ab1dbf26f62f9bbb29 SHA256: b13e4c437d30b1ddbebbbcaadbedeedaf03b1602c3078b8ae82c07490a92f0b6 SSDeep: 384:v6eTrNbT4P3J/7FItwPlJWc9m50we/PcscwhbEfWfE:v66bTApItwPlAx55ess3GYE	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.jcry	16.03 KB	MD5: 3b8001284f1bc7d9929fa6acd58c65bb SHA1: d261d4762f61084075539e79a828ed4432ecd6aa SHA256: 4f4c445eead0e5099d5fbc409e13d71e337d61d8623a0005096eb64308b389df SSDeep: 384:Fmn62KoT4wh+vnbHGN98qT71zf8i3OC33bmqAwtDMoG:Fm62KoT4XnbHn07hkSOC33bmIt5G	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.jcry	8.03 KB	MD5: 0214b7714fe834bad5eb1b4ed644f837 SHA1: e2084ed581051ef3d623c8b7940f217c7b544c57 SHA256: f620f1bd3cae7294c1f25a50a2a5aa5a17d1f41276227948c39537ef41339a8e SSDeep: 192:8gI15o2HPdFcquzasbTYtdQ5pQrwRgxGSmJqFT3/oO:8gIE2HVinvYdQ2w6xlm6rwO	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\884.tmp.jcry	0.01 KB	MD5: 638e95a68a3bcb7eb248ad9dffd44104 SHA1: 8b6687f526f5df71e76e1aa2ff86a6e19e4ceb89 SHA256: e7fefda5e4ad05ff2a5e1382c258b572273d1de8de316b15cdef7dd250932098 SSDeep: 3:8gZJxn:8cJxn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.jcry	8.03 KB	MD5: 3fcce9eb9c8ceffff0a9fd9c50e4b672 SHA1: 18cfddf06c023a38e2551fbe64980756c0f48c17 SHA256: a546b8fbe1927925bd9fcb599202ba795fb93ef565d5f1b65321e3d63005e3ed SSDeep: 192:ETZL7mahRu3yhP+xYLRYxJn7C9S9mz6t/cIhXZjtzcF4E7JkZsxP:yXmahihxWixJnZ9R/hXJto4bK	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\85DGK2J5.txt.jcry	0.24 KB	MD5: 2fe67adbdb484f0db1014f39c23b38cc SHA1: 32019414a2363d603d9e79b35e2b6fcf25d9bff4 SHA256: dece59d6b66efe7103e89a0a9f38eafde5030d27522936ad9924e9d640140792 SSDeep: 6:kcTm7zMjPfov14Xeqwxf08SHTByAfsx+//HGj72hlPL05Z3:ua+14OVfH0lza+//myPQX	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Microsoft.WindowsAlarms_10.1506.19010.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	32.03 KB	MD5: 20e5db32d9bfec78c9894fa293075c2f SHA1: aa2857742f0794149315037a5f863a33a0a92d42 SHA256: afa81e37a5dfbb9ed7549bde015d114569e7d5632f5bf84961e0c4d39c635418 SSDeep: 768:QEB5S+cQKmBLzvlaVml+zEmCGYw1V18aRXchdQHNdT:JS+cQKm5zl/leEmCGYw1n3c4HjT	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\material_css_min.css.jcry	280.08 KB	MD5: a74624e5a627dba25d0401a3eebb390a SHA1: 7599fcbaafa360189e3aa2b4c66a32c22212df6c SHA256: ae072289d68fa421379b34ce182a9fcbc2e12cb1413a405a290f5ae2c7c432dd SSDeep: 6144:T08mE+S/brCvcPW8AwhuGXadL2P3UEIRmOVyKHsRyF/LeCfh6Y3OhRWkCgY1:DX+oPWxoHP3UEMFVzJCC53	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\craw_background.js.jcry	202.57 KB	MD5: 034282873b4bab938c37fbe0ea332ee5 SHA1: 1527a26f7885863f7b3859d431d5f422a95906dd SHA256: 7a01669b3dde9326d48d09ef664230609a9266cef804582a48eddb7ee0e41a33 SSDeep: 3072:Y53rXc3o6UixyjOlv94UMSKYfwjRFPSceRMeyrT/WzPaT8ZDM94RcGS8:U3ax5bY2SeyPIcmDJTN	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\icon_128.png.jcry	4.29 KB	MD5: d10dffcbfb8c0da917c4b59f339f1ce0 SHA1: 469927c3a28284f8968fa38c92c7486c90944691 SHA256: 1305633e32cb70764a4cdff457fe3571fb0c291581f689306dfeeae8f8d77293 SSDeep: 96:oR8/HDvnj6LNzbuvBvc9jwSKdMBMkpdJ8Xljuzflf7RXwr:T/Tnj6cBE9kgpDijOzRAr	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log.jcry	2.20 KB	MD5: c8e7ad6445a8f920c001f305f2cff81b SHA1: 1767e64797f16a61d9f10bbb7e25bfa43d518c4c SHA256: 342ff19c25516bfa3cd0649ed91a0aa339c07a9e35c87747694ed5e3888223c5 SSDeep: 48:yPzGWksChx3kzXtoxYz9HJhPGi0S88YgWtH+/0RjJhifCXCgSH6cg3:iz/9sCbtoqlPP6IGAiACXLW63	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\main.js.jcry	0.12 KB	MD5: 3d03486edca2f3465f46982a1534da4f SHA1: d79aa377931bafcad9164bae6e0553fdde4bd0d8 SHA256: e5452a79b2d7859f230cbb2d18860b14936478e1b22f0fa3db2f80b5c2f4c34b SSDeep: 3:9LWTiWxflel1BFwuOlKrkQ1BVZSxlkRGaIun:pKM1BGuIV0z2Xy	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USS.log.jcry	3.00 MB	MD5: 2aceac27bb05fc7ebe63d6706948609d SHA1: 1e88bbb2a242dbd1fff7c4a7ba2eea01edac0cb6 SHA256: 48e439bce005eebcb2bce2e68dcc35d65111c3267a603808ad1e20bb0889ed96 SSDeep: 24576:fhIMsDIDJbOGOL2KhykY47mTFEdc1KJkRAhb/XSYsmKYsHU6o:ZIXIDJb3KEr4K+duyhrXofYEU6	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\5d432dc88d56856d87faecfa9b48853b.png.jcry	0.01 KB	MD5: d17c8e3928dcf34aca5063abb3520f4c SHA1: ffe26c5deaf8cac39bcd94bafc39b8f65ed6a7ce SHA256: 23f84cba1b1ea0b1bfce33d96c9b556ca5fc5aa55b22165a19fdbc06851faa30 SSDeep: 3:U6zG:bq	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\container.dat.jcry	0.01 KB	MD5: e6bf0617263bad4648c39e02cf84d8f6 SHA1: 20d8c7473bf88bac3130b2b7a2f9d358c0ae950d SHA256: fbb715486a12f3b145b9cc41258ca942953d6431049c347b6bbfcdf9dca0a0e3 SSDeep: 3:T0Zj:T0Zj	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\0e292d2be40784b709a96299f7f56c4c.png.jcry	16.78 KB	MD5: f42cb1fecf3e0fd221f88f8882c9c79a SHA1: b03c25523d1a364e85da1fe9a1fb75f4b7b23d2f SHA256: ec1104fc633b4e13efcc5256d062789d761de28e269f299a2024d5b581757a4b SSDeep: 384:mgw5Z3gVKtb5afU5PUZ3OSQrAQPImVyPukyjo1:qXxaUpnpyPuBo1	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\JZ1UUUP9.txt.jcry	0.44 KB	MD5: 375866360b10ac7ede0ce80f496d2d5f SHA1: d42a9f3d8d5d210815c8736926fc6a09881f9696 SHA256: 5aebae758d682abd4bc54c47fe6d355ec9e1fa1192b3ffc72ccb01ed30807f1f SSDeep: 12:woyuZjYxDa5X8LSGpvsJu1sILbWhxE8eYFIlZ:aa8agSGpvZfLb6eYFIlZ	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00039.log.jcry	512.03 KB	MD5: b89f3e82a101f1b0d3dc653179125bf2 SHA1: 46a96392342926e3a3e623e8f32b519b84c399bd SHA256: 7092145b156bd9661bbcc7bffdad0b5702967f1eabbbbd3971851681c0f771cd SSDeep: 12288:JfDNFuLeP2d3bmhnV8tG/UDfHAEnzQBLAA7OlR6AhDzjNp:JrKLePvnVbMD/DGEl3hDzD	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\IconCache.db.jcry	16.51 KB	MD5: 8de436a4956c88220798803c1a750825 SHA1: 1b15f0d13ef053a06a05b8abbe533f33013c56dc SHA256: 76eb65e9857854fb5f69ae8692abbbf231c272e41be534e082fbb6af54f683f9 SSDeep: 384:EMYHVGqGwPrMR1qwexkF6q/+hZsbMom6FZrlGjBQauY1I3l9:MHw0DywweS6qGhZ4FZAF0YWV9	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FPNDV7T3.txt.jcry	0.43 KB	MD5: 0228f225439a3854864dbb6c0e9213a6 SHA1: 339f88a9f726c0ab7502ae9ffb0323beae80258e SHA256: e0adf1eac8b4140e83579844ed8dd8d4017c9a69c4555ebf333efb5044b2846e SSDeep: 12:h5EHo85Y7hU9ZSWoeLJ5CMmVgnp453nE5O2F+:MHTkQZSgL7pmwYjm+	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\eventpage_bin_prod.js.jcry	0.01 KB	MD5: 5c77f0529c928b3820af44b5b8e34e41 SHA1: d8e39fe783c3dd4392e690c425645cdafc4c9f32 SHA256: 4f299c3957d9190b22d0e3b95d5d4d6214464f41c7de317896877e7aa5773786 SSDeep: 3:d2m5sD:4myD	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\container.dat.jcry	0.01 KB	MD5: e62bb7b5464fcbf90f7b6365a17d43e1 SHA1: 5d0ee57ac557333dec0437b535968d67c1e83688 SHA256: 3da2bb69b4271c85924b87d288f4c6a25c598c4c4ebfaeae2e1d6a02fe239191 SSDeep: 3:zAho8n:zA+8	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.jcry	8.03 KB	MD5: 956d958d22df3b92e3c456d671f057bd SHA1: 708b1c49d64619bef1c0c360e7871c9a850ed66e SHA256: ca70a86741c805125bddeedcaaf671818461bb8a977b19b79afbfedc8fdb1853 SSDeep: 192:3mkyyRewXS+yxeiWrvERLvx8HMsHFMdtu:3mLycF+ysiWrvERuskFMdtu	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\icon_16.png.jcry	0.18 KB	MD5: 13cbcbcd774e5bfc3c84f1abad7551d6 SHA1: 8b09d8525b2af24dd94333c6ce539cf40fe13dec SHA256: feaf984d8f647c02684d4d8de773705c6a6c184ef3142d3092bbea96c991175a SSDeep: 3:i+UOEgezSq8TgGdwkI3fccBHKsjgjXGoL8hR9vrMECVyDm6JWcI1atnXg:i+Jezz9JIXjYBMVcWc/tnw	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatUaCache\container.dat.jcry	0.01 KB	MD5: 51c55ef03cff43cc210cb9a85b1bc0c0 SHA1: c23056beeed298bea1dabed0fbb8eb781424cb34 SHA256: 10d5acfff50c41738807b29035af5a8c45c1e8b0ad584212d7e9be7e4bcd7cb8 SSDeep: 3:Bzn:Z	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\883.tmp.jcry	0.01 KB	MD5: a7ffd41deefadca58e583788e777e5cc SHA1: a3fddf5dfb251845888d1e70799f213773f26891 SHA256: 61bc18361975b60c3a5bc9afa0d5920407ad4fd33b965ad7e78c960d4a82831f SSDeep: 3:hM9m9:heK	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VC62GJSF.txt.jcry	0.21 KB	MD5: 3c37814b42be09a31a61af52840f30d7 SHA1: db6254fd0149a1efcc99d0770be4183dc6a6daa0 SHA256: c01eb640bf8173c07d29d09028ed1a8ce024e836ba7fccc93ab83563630b67c3 SSDeep: 6:JQVSnSByJ9mrqEug73TBmsXZ9KWpzPnyeWo0XAeF:JGSnS2AvzZ2WlnyhQu	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\000003.log.jcry	0.01 KB	MD5: e885b7432be3fa1506386991f0b9a559 SHA1: 5ec8067b67352d1aed0e39892b8ef75141b70e4e SHA256: 46ed9a990e9f70465d5ada7454af3ad65313cd89cdffb508f3b61199b06525c2 SSDeep: 3:11fFnLrn:Xhr	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\container.dat.jcry	0.01 KB	MD5: 719b8f59944c1efd5aad39019a4ca5d1 SHA1: 96e2825a3ed8f58f875978c56dd6ef87ecc02ea3 SHA256: ac48daabae69cdc5754fa64f01067ba05c83ee70d175b457a7d1afd54163fd42 SSDeep: 3:2KKr:2b	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\Init[1].htm.jcry	28.19 KB	MD5: 303c69de4f0e723eefb6759cfb42ca51 SHA1: 4a1c0521f7eb64dd43dc417051fb56803b7eff3a SHA256: 9cac4cf9b8c2e3eb7301e9e7602064ea9ec3c1d2c7dd81220999119186afc5cb SSDeep: 384:0VvQ46fEZz3cTwsu5MpXmfpUQupTWWhjYAqx9dPpe68NCK6CPW1oIpgn:qB3h3cTwsu5gXmOQu5HFqx9Rk6UTWJgn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\0e292d2be40784b709a96299f7f56c4c.png.jcry	0.01 KB	MD5: 96ae03d63929d2247087c3cd4c04fca8 SHA1: cb3eb51955bc1c8b28bdbe9c3aa00d7c3ae19dab SHA256: 589231408493c2636ed8e69f775103b2b5fd703da68c4f7f9e011e97cf9b09e0 SSDeep: 3:MFd0i:MFui	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt.jcry	0.12 KB	MD5: e129ec53dd5877169e127778be4be6f7 SHA1: 7b6c0deef4f9b83c4920069b33d9fd5e16ebca72 SHA256: 88bc5c9083229d98330336b9d7a67c5a3ac0801e73910efb38c257c1dc03b0c9 SSDeep: 3:hAdMPtr5PfAl5T15vLejUe3bTMJcaRps3X1YtRLE2:hXerzfcaP2lY7E2	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\zinc[1].htm.jcry	117.13 KB	MD5: 115d65c422faec58e41dc9e608b003c8 SHA1: ed89607dff4047ac7c6334f4db7f0ccf8dbd0a8a SHA256: 79b9c765f91191ed13d669e9581789e711b3f75acc897e708a6f812c70b422e5 SSDeep: 3072:WaQtnMwAE5VmbEGBaXf0LWTH2AFRJ4d6JvpSL1g:W1tnMwAE5Vq3cf0LWTWA7J4dmBOg	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\000003.log.jcry	0.01 KB	MD5: bf1423b86009eff77476812c1096fb6b SHA1: a59b4c1d9c38dfc8b9c581a2688a4eea1bc21d60 SHA256: 5916e2e6d35aa778432ab763a07e31cb6e839a4b2a76b63639d13de37a7596ad SSDeep: 3:CzS:CzS	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\css\craw_window.css.jcry	1.73 KB	MD5: 6368c2b21aae08a9039a7bfc6b00532a SHA1: c5f4f135178ba796b1b077abb41de9a9b87a81ce SHA256: 3887973934e490b1f7f9d9cd71b3accd4a3b845581cf6921005b138d7dd2184b SSDeep: 48:AnIM5PFVAL9CdlgsSI0nbpVJXrZLqg5GCVjO5HA:AH5LCCdl3IbpVJXrZLqsx85g	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\setup.html.jcry	0.08 KB	MD5: 5caef1bf15bdb1533649e7d2ddab81ac SHA1: f2adeec768af5d73db6db6749a93a63e7abef770 SHA256: 18bb3c5220eaf12ac4bcfcaa5e0c1e412cee62181b0c85dae6b4b33841a88dbe SSDeep: 3:97P4cvFJNXXwjuN52OtZqhWN:R5bNnrD2OH4K	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat.jcry	8.03 KB	MD5: da30ac2a4c294c817371e15b5fa8e59c SHA1: afdab608a3a898e1d273f60ec9c1ee7d08fe935f SHA256: 7edf828230d71a9e858ecea2863ab4b80ddca6471964a8cadcd55ec5fec1dd2a SSDeep: 192:0YxODdg/EdWLDrfwVVQNSXWfpzopSiJJWAepTp+x5ilZxlp1grIi:5xmaoWULQ7pcHJteqxmZ3pyrIi	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\41795194[1].css.jcry	6.49 KB	MD5: 8d5814fd6bf40073863c082ffd5c78a3 SHA1: 8fb0c0c15efdcf2efc763e180651e2e60b95c39c SHA256: 0aa6236cee6583e42fc1e452f5e9699e32fd3b1e8bbe3611ddaeac298386408c SSDeep: 96:vo3vuTV2EUoSWwsoG1GE9DNAhB8i8UXSFi+BCGqNjtSCyMGlgMkJWS4lP/uZyjsx:LVl7w3GlNAtXnGqNAsWOWS4p/zsldOM	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\1acd62c3[1].js.jcry	124.43 KB	MD5: f12ce2b0849427b83ac8ef203eb52e3a SHA1: 09adffd8dbd87085853dedc2f434fa096a11d65d SHA256: 9a536ad15328116d06d94d410a23b8a8f5649067c37cdf965b01c39400b3fb08 SSDeep: 3072:QqV325Ny+mQjwl/i9VMgV/GgWQIReV2kKky6M/LKl1zIO:sy+vcl/8VpV/GBQIRCKkysuO	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6KWA3R8C.txt.jcry	0.10 KB	MD5: 0438347963e1146932338a4160597465 SHA1: b44d5644a8461bdd4be95fdfb9bb9bc3098b898e SHA256: d1888aa77f629adec43ffc93a7bb13f011a1e708b79e78b7a8775cff679f20d2 SSDeep: 3:nD/EGAMvN7tMNrlB91uR7wi0RrnLen+qn:DHvptMNxBXuR7wi0RrnEVn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png.jcry	0.18 KB	MD5: 87923a4f897b926151b0e53d15124beb SHA1: 7546e392d3aeb5f8ac078a7f14ef440593c76146 SHA256: d51a884796a2d22d20afc5bd6958eed4dadde6a8844fd7d12bd0f8f2a541fdac SSDeep: 3:FeQpRRJbhpBYh2gjaV+E0z2OjAY8n23EMQEdLW5MiHYuEwfJk6Q9b2ifznF3:0URRJFpBi3jaV7u2OjAYb89MMQ52i7nt	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log.jcry	512.03 KB	MD5: 863c58a0226b870cbe7d130de18479d6 SHA1: cf52d4e94d6c2dcd16c5aca0351d6695be8b8481 SHA256: bcc0ff26e25c4efa4520ce2bbda9c4209a9fae65277c7d5c42c773641eee3943 SSDeep: 12288:YszYn7us+9ZTHgSohmPxmoTADn7B/2TjA6MwnpNRey:YsUndA0ufTAD7JWATOpNcy	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\268TPJIA.txt.jcry	0.63 KB	MD5: cd7dca89d011f59eda7634099e82cd46 SHA1: 0fa810c39ca6e2219de0257fa15b7f9ebf3f976a SHA256: e9f96dadd4628c4f0f1137af51f1d3d4fefccc5c338a4c1d9fb3488b1bbe339e SSDeep: 12:dxOBw4AK2lVleklrA81EHvpZagvUHPLVk5hwvVsrsQhM5uwx+vXkOCU3wWrPL:dxxKkDeiJERZVvUHBk/wvlPOCMtL	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\container.dat.jcry	0.01 KB	MD5: 3ad41440a5fea7cc4ae2cc799e6d3f1e SHA1: 800325c595000a1c84f3a72ce1c6da2216998bc1 SHA256: d49d69cffb91bb72678c7a8dd571d49020a58cb80f79fbebd13d736e41374338 SSDeep: 3:tMk0s:ykV	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Microsoft.BingFinance_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	0.01 KB	MD5: 803bed66e5c09606552beb1df4e5559a SHA1: 9251d507ff1dbbce4196cfa46d44df97778f89c2 SHA256: 3005ffd616948c9afb9a9875a4990a118b5149f7598f491de82349d6da2e5647 SSDeep: 3:gEqY:5F	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	256.03 KB	MD5: 9dcd664b811643ccbf043b701dcf89b7 SHA1: 39af4d97a8085453dfea0efffd05165e0d4b3d0c SHA256: d69ec98b2f2f1073401ef858c4cdc18621305bd5847a93a87264cd14b87d7b80 SSDeep: 6144:NTjFXabkNvxYnHDzK5e4YztdXAZTuOdABGR8BFJdCP:vrvmzFnzvXa2NHdW	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\container.dat.jcry	0.01 KB	MD5: d8e83cdc8a8867a1f2b3a4729c84063a SHA1: 96c8bc4fd455488cea7af9202d27ad91be46b96f SHA256: 0b4bb1659c308c3d0a7ce1b14a22452f4ad8fc05c879b83941b71843b98cebed SSDeep: 3:gp0GK+n:gaGRn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\1ab36a6a[1].js.jcry	14.28 KB	MD5: 26b495393b6edd81413b8ba1204410b1 SHA1: 26169cfefed53ba4f8223436dca0f8161d8daed7 SHA256: 786af2a4211a7996ea5b1efb8d439ae41df1002636f3b4f4134a4173dff47db1 SSDeep: 384:m9EjELkedXi59ZPA1fe2BNFFgAP3xSiVxlHG:mEv5o1Eg3R5HG	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Microsoft.BingSports_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	32.03 KB	MD5: 5fb88f61ebdab3f0efbf27475f87e2fb SHA1: d4d31638a3dcaa88401ca1ad30c8b86d2a72fb3e SHA256: 33239c4f17ebe974e8daafcb9760e4d09a15d1eaf1891c264481d3a3ddead728 SSDeep: 768:gtXyB7tsVB0bpKpb2DfwxN7EV5dOg0gW8ybXk8lkZC1Fk:gCiB0tg28Nyn0T8K9iZck	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Microsoft.WindowsPhone_10.1506.20010.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	32.03 KB	MD5: 76dd9164635eb4569a8e02a1a142b4ad SHA1: 6a82c1b0d6a1f13f27f71102533598e827cdd930 SHA256: b809e94e8c2f8ef2ab46f606cd7788ebd9dd6400f8d5d0ca49ffc97e96b0d4a2 SSDeep: 768:NEvN/Enjq1dAMYBWxrWhFA2b4OKHbEb9oKX5WMGLP7:SvN/EnjqMMP6FA2b4zARoe70P7	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html.jcry	0.12 KB	MD5: cedd21558aa7f5daeff9a1fc970d0af7 SHA1: df2d1e77a8f31911202b755bb219d3d23ffd7a4f SHA256: b99e1648bca3dcade5fab31f434dc2da762d3d72a209a71b19a3d1060d762235 SSDeep: 3:FuZY0Ldp17Db6WD0R+QrokH2+wFColHA5Vm:Upp7DRD0rEkH2+3olYm	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\icon_128.png.jcry	3.35 KB	MD5: 68e7f98bef1c1fe17eb3eea47dd39cc2 SHA1: cb9507dfac54d1057af21cc6fa2a6e3c2299457f SHA256: e0ba8d33820348622ad79c37b6ff8dd9585f8708e35a6c75f3353a61ec2e68da SSDeep: 96:x+3od2AHxVLLGEAfsTa+K0oHgV8/dmmYvk9eV:xs2HxVvRA02+gw8E180V	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.jcry	8.03 KB	MD5: 25349911fb169e37881e4858b8e137d2 SHA1: 27abf84afe092d3cbcfd9274c4697261c772f8c0 SHA256: b14f9c746b0e56a01cb359a635fa80bb93f36659056ba31a1785e8ca13166daf SSDeep: 192:Tc3EYszr77k1GXDy+z+XNKjoyets0UFLbRcffajeBixMfSFBxhCuZc:HY8r3k1Gz56kjoyas0U9GfiS+M6nrCuG	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat.jcry	8.03 KB	MD5: edaf3573f0fbfb1ae19a5a9d6fcbb745 SHA1: f97f8644858415c5140ab3e12b20178b4e31170b SHA256: a20f4b54648f30ac766c251ac83d59b2b7ce9c4b72dfb550c0a1198e3e94a45b SSDeep: 192:rHwCsKdPve9TmkTyMrISLr5VWHMSz0L4Xg2rxGNINlbR/B:rQQxcqkT/PdVWHMS44Q2QIHbL	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\feedback_script.js.jcry	0.01 KB	MD5: 77561d2d13cd4298db86cdcec8276520 SHA1: bf4a2781509b2adc1d917a667d6cae4fc541e821 SHA256: efbd928528ad5a29472bb809f0e1facf04262cbdd9901b6a05270d1f2023eb98 SSDeep: 3:O3uG:O3J	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatUaCache\container.dat.jcry	0.01 KB	MD5: e12f8e12993eb8fc91f57e4556876e30 SHA1: 048afb27037bafd7dda565036679ac569060974f SHA256: 891021e6aaf0073a7eae4fa333e4fb1ad1143cc06449ec18020843e7ac2fc4d9 SSDeep: 3:ksuW:kVW	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_pressed.png.jcry	0.18 KB	MD5: b2efd3b3b3c8b16139a6456e69b55b35 SHA1: d7fc2fbec3f40b5bc0048a3fed87e56cf023e661 SHA256: 5410c798b1329e76c078c228f67c3bba7e779383fdf342177f540ed2503485ef SSDeep: 3:crNWgOKSHD3JFWAG1eeEit7QDCVqU8F6OfbtpYKC0HgAHlRXotYL+v:crNWgmDKA+LdQDCVmFlfvzgAHlatYCv	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.jcry	8.03 KB	MD5: 1bbc3efb744027f2f3942f80492f58bc SHA1: 2594db314b3fab78d67c28b10e073d608e3a8eaf SHA256: 452ab7030a3ee7a9167c717341953a99e2786519e3864849a47c0b0e354f9530 SSDeep: 192:aWeKH5citr0icG3RkHhIYCUMGpAS1I+7BxV3BHtnDoAcci:axniV0ikHTCUMQu0lvot	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Windows.ContactSupport_cw5n1h2txyewy\Windows.ContactSupport_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.jcry	16.03 KB	MD5: 44d79d65a33513ba6acd547e207b11db SHA1: d3345aa58d04e2b20a510292049422711f2a8695 SHA256: 7712ceddd182e7354874b77eafad85debbe6d2aad83ae3b5092d767f5d984dfb SSDeep: 384:8xxQ8GKdh3aHcHCezlg8MleOKVKhK6I4yQ1jAcW+bpXDmKJ867t:CtGgda8Bhg8MnDyQjW+b5FJ8c	... File Actions Show Properties Download
C:\Boot\Fonts\cht_boot.ttf.jcry	2.00 MB	MD5: f363a5eccaaca986ea88a9218fee3990 SHA1: e24e0dc1c63b42ea27fcf1c3d2e0746766f899fb SHA256: f312224739b348bf62d03776c025ff43e58859023b73944d6c09dc155fca70a2 SSDeep: 24576:+ibayJ/97xNFBRyQ8iZN22fvmttBv/gJAzatK0YpA3WGG5yIA2OqrGO3FnrIpstJ:+dyJvrzP8wnmtfXgtrWGBydrGOIg	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\128.png.jcry	6.58 KB	MD5: 2c02f7839b77543121da2ec976153541 SHA1: 49b60634a1b16a9d6b36ebc51b2077ee6e728e96 SHA256: d51835bd9514fbd1a8181ba1cca18ba408acff700d693aeda23a162598407cbc SSDeep: 192:yQLWb4gGCB/BsaprjyffZduViGhru7HMBZ/:ffgNB/Z+fZwVi8Sy	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\SW6Z4AI1.txt.jcry	0.23 KB	MD5: a74fdebbc9d4bb2c1ba0fe6fe91af26c SHA1: e7c96871ccded54ee753bb88771938fae9ad1f57 SHA256: 244acf024e716a3e9547557d322683c78b7a79708597b10a1138c258348783fe SSDeep: 6:nOha6+PkjvjA61fnXSoDkJdbU6w6/17heCEXZ/:IP+PUk0fTwdDRIx1	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\6NQ9V8CD.txt.jcry	0.41 KB	MD5: 803f72d7f500d06e8601c3ed6094aa1c SHA1: 8919656a9bbbf1bcd0e0899bf5d601d0b667218d SHA256: 6d958b1b540f9ef8e387cf6b626f04a010f721e30c9193b922b9fe00119e508d SSDeep: 12:XmfzmdqEUrf0IiP3OL6oMgrxLtoHuE/BN:Xmfy0RfHms6aL/E/	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml.jcry	0.48 KB	MD5: 576fa951e0f022628094f64d91240f88 SHA1: 13289aa6b1c12d4a7140dcfd41ddeb9ba294c8a7 SHA256: 2396d3bc54653d309330a2040b244d10e41f735328db490ae82c351c201ed4af SSDeep: 12:4ZrPgpw2k2LLAsLQ4vMBUjcPQ5h9n+NSVkrXlNzvban:4ZE62k2LLAsLQ4vMBUjcI5SASrlhban	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Microsoft.XboxGameCallableUI_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.jcry	16.03 KB	MD5: 3f199d8d6797a00154245301c813c778 SHA1: 4d13bd35e9e89625f76bca9ab9f6ac3aaf9d4a93 SHA256: d8e4edd0a8d140d698eb318f3ceac80ea168c385819aaeb36ffed55bf0a22cec SSDeep: 384:cS1LsO4maMi3nK/UFILLwVXISok7dw7Ps7Lwlj3u4G5CgKkLLX44M6u:cwLi66nwUGQXuk7OEwlj39GakLLXA	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatCache\container.dat.jcry	0.01 KB	MD5: add01e01a02b92e4a4ade80992177267 SHA1: e2c9c12662dfed25a2e41935b6c5154ba15a0362 SHA256: 3d943e2415bbd0b22d07955d1843e45191ce77ab35fe2a4f2978eb91977c0a5d SSDeep: 3:o/H2hn:o/Sn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Data.bin.jcry	1.00 MB	MD5: 6ee92040827aeb649ac289d63662a718 SHA1: 33682ab4a7d0d5cf8dc1cee8db1ea0db8a5e2363 SHA256: 9314d0768e0fa7a7eaa050edd2c3e7139a305b992e02bd4ec85974aa677d884f SSDeep: 24576:ifZ9P/eZzsY0gOruTsiUKK02meMOWBTTeakzf6O911wxfvLj:ijen0gOr5j502j6BTTYBXgfvn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\html\craw_window.html.jcry	0.01 KB	MD5: 9ad3d399fc8be4cb0ae2efdad84fdbdc SHA1: 46c0eae46a7fe9e2c7bfde02420ddf4524831e1f SHA256: 348bec4342216f9841bb47f9db0dabeae35846df9cf204d803cb7f7c775bae35 SSDeep: 3:3kB+:4+	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\d78ba3ab[1].css.jcry	47.87 KB	MD5: 92ca6efd55c94c7702462236bec6093c SHA1: a9e842c72013f40d4aab138a60b4ed742b24e1d8 SHA256: a878d49943e258932f45754b5f69c6e97f6c5af4939cba93854f043f5fa2db39 SSDeep: 768:2GOgnIVyGhIAsmqNV2d90vj4SZk/S4xrVjFW0nt6GqwHvtpizuPyO4BC+wPp1uBq:VOTVyGhKSjVyk6YrnWaq4vK1BMh1uBq	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\common.js.jcry	50.14 KB	MD5: be8a1de52b3ec34a528d36ea7584f41b SHA1: 5ef6fc223c9249bbec8cc26323e413aba512dc02 SHA256: 491c44e4f684c4f53c92c4aaca040fa577ca908d7b47290e65297a485f1c0f23 SSDeep: 1536:4/iBANX0LUpfqz1KndeEoSbGVSVi9d+aA4:4aByvfMuCSiGi9d+aA4	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\5D07.tmp.jcry	0.01 KB	MD5: 7175cf7c0146d6b6bb97a05fc2bab5e8 SHA1: e5b9380da6527f19a418a442754f029e5d5fdcad SHA256: a647ca16110c71d70d349488eb981129cfae8347c46c0c61da3a9b6cd84ab10f SSDeep: 3:8dbQQ:8Zb	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.jcry	8.03 KB	MD5: 3851b3e2cba02f0c36767bca59b4333b SHA1: e6ae0041611f37ccc613f6f2bbcb3ad814e33601 SHA256: 16e3fe42b15e8625a97a1a0d666ed60e5ac9eb749d518bdf987e2234f702fc79 SSDeep: 192:cXg0i33pnjOLdyoRtKEj2Fd/6FOB+Hvpzz2hPqnc2+u1a+iNEPIOf:cti3Zn+dyoR2FdyICBzz17+mBiNaIOf	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Data.bin.jcry	1.00 MB	MD5: 0c767dbd030517ea57f298d555c096e2 SHA1: ada16836986fe3331a8366efd517e2006bc4b5e0 SHA256: bb8fb981f338b0ab663d9e2e232beacd067b116b35dad18caed7e9c527f627d1 SSDeep: 24576:4fWheH63UTU8J2hNnRvYSvAeJp2aBzjINwTzYy192KFKFQ2:7UTkhNRvYSvAeJp2qzjINwTzYy19vFK5	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic_3.6.10841.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	64.03 KB	MD5: b5ca2e6a136708957dffe1b0b67f35db SHA1: 15fffff2d60b0b281f1cd919b7c6482153fdba83 SHA256: 65da08621bd93d935b7088dac8329a2bf690102c94f2753cc7c399d4c086cdd9 SSDeep: 1536:w0XjHXYRKDIuxforNiRuf6386yi7MYjMDH2a0ky4D8j818gEC:wuHXC8foRAuJ6D+Hzyu11V	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\f682f456[1].js.jcry	67.85 KB	MD5: 75a4e3a17eb7bd650d923f6a5c325d06 SHA1: 4a1006017b5eb2016baca6d402215bde1b0317c4 SHA256: 101041bc5afac4219bf15b2b2c78270baed5066c51c253d564c7021a1b5dcfc1 SSDeep: 1536:w/vsUWZfJZWAP8zMhrTEgsncE/0LfEV8ntLvL4In0:wnyZxoAP8ghrTbsnX/SMG90	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Microsoft.LockApp_10.0.10240.16384_neutral__cw5n1h2txyewy\ActivationStore\ActivationStore.dat.jcry	16.03 KB	MD5: f99d7d6e762be1b0db607c6bffc5c395 SHA1: 78453e4dd863501a3880f53345ee7424857e52c2 SHA256: 3000d85382127538b7906cd07f192cae8a2be4d7dff3f60ed87968520d392361 SSDeep: 384:dvczjW19mqLnlWaC6AJG0iJrzdGGQs086R6nuvCf:izj2LnlW96gG08zsGx6RCke	... File Actions Show Properties Download

Host Behavior

File (3325)

Operation	Filename	Additional Information	Count	Logfile
Create	A:\	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	B:\	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	2	Fn
Create	C:\$Recycle.Bin	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\$Recycle.Bin\S-1-5-18	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\chs_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\chs_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\chs_boot.ttf.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\cht_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\cht_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\cht_boot.ttf.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\jpn_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\jpn_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\jpn_boot.ttf.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\kor_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\kor_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\kor_boot.ttf.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\malgun_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\malgun_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\malgun_boot.ttf.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\malgunn_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\malgunn_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\malgunn_boot.ttf.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\meiryo_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\meiryo_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\meiryo_boot.ttf.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\meiryon_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\meiryon_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\meiryon_boot.ttf.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\msjh_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\msjh_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\msjh_boot.ttf.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\msjhn_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\msjhn_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\msjhn_boot.ttf.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\msyh_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\msyh_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\msyh_boot.ttf.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\msyhn_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\msyhn_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\msyhn_boot.ttf.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\segmono_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\segmono_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\segmono_boot.ttf.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\segoe_slboot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\segoe_slboot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\segoe_slboot.ttf.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\segoen_slboot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\segoen_slboot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\segoen_slboot.ttf.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\wgl4_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\wgl4_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\wgl4_boot.ttf.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Resources	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Resources\en-US	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\bg-BG	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\cs-CZ	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\da-DK	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\de-DE	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\el-GR	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\en-GB	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\en-US	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\es-ES	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\es-MX	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\et-EE	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\fi-FI	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\fr-CA	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\fr-FR	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\hr-HR	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\hu-HU	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\it-IT	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\ja-JP	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\ko-KR	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\lt-LT	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\lv-LV	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\nb-NO	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\nl-NL	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\pl-PL	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\pt-BR	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\pt-PT	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\qps-ploc	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\ro-RO	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\ru-RU	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\sk-SK	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\sl-SI	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\sr-Latn-CS	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\sr-Latn-RS	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\sv-SE	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\tr-TR	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\uk-UA	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\zh-CN	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\zh-HK	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\zh-TW	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Config.Msi	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\PerfLogs	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\ToolsSearchCacheRdr	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\UserCache.bin	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\UserCache.bin.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\UserCache.bin.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Color	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\CEF	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\CEF\User Data	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\CEF\User Data\Dictionaries	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\Temp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\Temp\CalendarCache.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\Temp\CalendarCache.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\Temp\CalendarCache.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\Unistore	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USS.log	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USS.log.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USS.log.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USStmp.log	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USStmp.log.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USStmp.log.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\CertificateTransparency	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Crashpad	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Crashpad\reports	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extension Rules	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extension State	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\128.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\128.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\128.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\128.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\icon_128.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\icon_128.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\icon_16.png	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\icon_16.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\icon_16.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\main.html	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\main.html.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\main.html.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\main.js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\main.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\main.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\128.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\128.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\contentscript_bin_prod.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\contentscript_bin_prod.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\eventpage_bin_prod.js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\eventpage_bin_prod.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\eventpage_bin_prod.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\page_embed_script.js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\page_embed_script.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\page_embed_script.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\128.png	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\128.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\128.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\af	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\am	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ar	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\az	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\bg	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\bn	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ca	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\cs	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\da	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\de	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\el	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\en_GB	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\en_US	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\es	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\es_419	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\et	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\eu	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\fa	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\fi	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\fil	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\fr	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\fr_CA	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\gl	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\gu	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\hi	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\hr	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\hu	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\hy	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\id	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\is	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\it	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\iw	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ja	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ka	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\km	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\kn	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ko	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\lo	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\lt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\lv	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ml	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\mn	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\mr	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ms	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ne	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\nl	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\no	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\pl	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\pt_BR	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\pt_PT	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ro	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ru	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\si	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\sk	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\sl	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\sr	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\sv	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\contentscript_bin_prod.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\contentscript_bin_prod.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\eventpage_bin_prod.js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\eventpage_bin_prod.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\eventpage_bin_prod.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\page_embed_script.js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\page_embed_script.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\page_embed_script.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\craw_background.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\craw_background.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\craw_window.js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\craw_window.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\craw_window.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\css	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\css\craw_window.css	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\css\craw_window.css.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\css\craw_window.css.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\html	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\html\craw_window.html	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\html\craw_window.html.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\html\craw_window.html.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\flapper.gif	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\flapper.gif.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\flapper.gif.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\icon_128.png	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\icon_128.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\icon_128.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\icon_16.png	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\icon_16.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\icon_16.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button.png	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_close.png	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_close.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_close.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_hover.png	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_hover.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_hover.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_maximize.png	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_maximize.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_maximize.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_pressed.png	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_pressed.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_pressed.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\128.png	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\128.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\128.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ar	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\bg	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ca	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\cs	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\da	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\de	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\el	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\en	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\es	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fi	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fil	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fr	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hi	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hr	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hu	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\id	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\it	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ja	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ko	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\lt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\lv	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\nl	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\no	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pl	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pt_BR	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pt_PT	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ro	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ru	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\se	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sk	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sl	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sr	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\th	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\tr	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\uk	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\vi	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\zh_CN	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\zh_TW	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_metadata	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\am	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ar	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\angular.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\angular.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\background_script.js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\background_script.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\background_script.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_game_sender.js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_game_sender.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_game_sender.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_route_details.html	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_route_details.html.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_route_details.html.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_route_details.js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_route_details.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_route_details.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_sender.js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_sender.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_sender.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\cast_app.css	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\cast_app.css.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\cast_app.css.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\cast_app.js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\cast_app.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\cast_app.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\cast_app_redirect.js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\cast_app_redirect.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\cast_app_redirect.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\chromecast_logo_grey.png	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\chromecast_logo_grey.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\chromecast_logo_grey.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\devices.html	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\devices.html.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\devices.html.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\index.html	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\index.html.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\index.html.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\offers.html	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\offers.html.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\offers.html.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\setup.html	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\setup.html.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\setup.html.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cloud_route_details	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cloud_route_details\view.html	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cloud_route_details\view.html.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cloud_route_details\view.html.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cloud_route_details\view.js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cloud_route_details\view.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cloud_route_details\view.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\common.js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\common.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\common.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\feedback.css	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\feedback.css.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\feedback.css.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\feedback.html	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\feedback.html.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\feedback.html.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\feedback_script.js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\feedback_script.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\feedback_script.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\material_css_min.css	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\material_css_min.css.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\material_css_min.css.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_cast_streaming.js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_cast_streaming.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_cast_streaming.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_common.js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_common.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_common.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_hangouts.js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_hangouts.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_hangouts.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_webrtc.js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_webrtc.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_webrtc.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\IndexedDB	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\000003.log	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\000003.log.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\000003.log.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\000003.log	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\000003.log.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\000003.log.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\883.tmp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\883.tmp.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\883.tmp.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\884.tmp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\884.tmp.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\884.tmp.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\5D07.tmp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\5D07.tmp.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\5D07.tmp.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\5D08.tmp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\5D08.tmp.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\5D08.tmp.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\5D19.tmp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\5D19.tmp.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\5D19.tmp.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\000003.log	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\000003.log.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\000003.log.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Local Storage	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\8c4d7305-348c-4e49-a93a-83143a3b9025	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\8c4d7305-348c-4e49-a93a-83143a3b9025\index-dir	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\1eb73b7c-1f7e-4d77-acd3-5605781472f5	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\1eb73b7c-1f7e-4d77-acd3-5605781472f5\index-dir	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\bf8f082f-6a47-47c8-a2cc-2761ce03ff32	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\index-dir	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Session Storage	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000004.log	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000004.log.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000004.log.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\000003.log	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\000003.log.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\000003.log.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Web Applications	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000003.log	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000003.log.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000003.log.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\databases	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\previews_opt_out.db	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\previews_opt_out.db.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\previews_opt_out.db.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\EVWhitelist	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\FileTypePolicies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\OriginTrials	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\PepperFlash	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Subresource Filter	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\SwReporter	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\WidevineCdm	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\pnacl	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\CrashReports	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\IconCache.db	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\IconCache.db.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\IconCache.db.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\CLR_v2.0	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\CLR_v2.0\UsageLogs	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\CLR_v4.0	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\CLR_v4.0\UsageLogs	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\CLR_v4.0_32	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Credentials	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Event Viewer	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\FORMS	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Feeds	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Feeds Cache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Feeds Cache\6YGNCJW8	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Feeds Cache\FZW2QEOY	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Feeds Cache\O593F7EE	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Feeds Cache\PJ5H3B54	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\GameDVR	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\InputPersonalization	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Internet Explorer	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Internet Explorer\DOMStore	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Internet Explorer\DOMStore\37JGORX3	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Internet Explorer\DOMStore\52UK17NV	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Internet Explorer\DOMStore\L8OQST1L	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Internet Explorer\DOMStore\Q6TJEFY5	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Internet Explorer\EmieBrowserModeList	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Internet Explorer\EmieSiteList	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Internet Explorer\EmieUserList	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Internet Explorer\IECompatData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Internet Explorer\IEFlipAheadCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Internet Explorer\Recovery	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Internet Explorer\Recovery\Active	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Internet Explorer\TabRoaming	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Internet Explorer\Tiles	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Internet Explorer\Tiles\pin7226654530	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Internet Explorer\Tracking Protection	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Internet Explorer\VersionManager	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Internet Explorer\imagestore	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Internet Explorer\imagestore\dc8m5rh	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Internet Explorer\imagestore\sl72e5n	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Media Player	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Media Player\Sync Playlists	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00009376	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Media Player\Transcoded Files Cache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Office	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Office\16.0	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Office\16.0\BackstageInAppNavCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Office\16.0\BackstageInAppNavCache\MyComputer	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Office\16.0\WebServiceCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\cdn.odc.officeapps.live.com	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\index.log.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\index.log.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\jumpListCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\0e292d2be40784b709a96299f7f56c4c.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\0e292d2be40784b709a96299f7f56c4c.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\28c9257769b2913b70283ca4759e2034.png	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\28c9257769b2913b70283ca4759e2034.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\28c9257769b2913b70283ca4759e2034.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\2bf8db03609478000e25532b94a93e81.png	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\2bf8db03609478000e25532b94a93e81.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\2bf8db03609478000e25532b94a93e81.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\5d432dc88d56856d87faecfa9b48853b.png	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\5d432dc88d56856d87faecfa9b48853b.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\5d432dc88d56856d87faecfa9b48853b.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\77ec32dc2bee35c0b759503a76ed5b66.png	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\77ec32dc2bee35c0b759503a76ed5b66.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\77ec32dc2bee35c0b759503a76ed5b66.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\b6dc1948244e7e4562c9356a0052d7af.png	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\b6dc1948244e7e4562c9356a0052d7af.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\b6dc1948244e7e4562c9356a0052d7af.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\e214427ea25af5774381fe2c2582382e.png	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\e214427ea25af5774381fe2c2582382e.png.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\thumbnails\e214427ea25af5774381fe2c2582382e.png.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\updates	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Microsoft.3DBuilder_10.0.0.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Microsoft.3DBuilder_10.0.0.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\RoamingState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\SystemAppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\RoamingState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\SystemAppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\TempState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\INetCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\INetCookies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\INetHistory	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\Temp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\LocalCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\LocalState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Microsoft.AccountsControl_10.0.10240.16384_neutral__cw5n1h2txyewy	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Microsoft.AccountsControl_10.0.10240.16384_neutral__cw5n1h2txyewy\ActivationStore	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Microsoft.AccountsControl_10.0.10240.16384_neutral__cw5n1h2txyewy\ActivationStore\ActivationStore.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Microsoft.AccountsControl_10.0.10240.16384_neutral__cw5n1h2txyewy\ActivationStore\ActivationStore.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Microsoft.AccountsControl_10.0.10240.16384_neutral__cw5n1h2txyewy\ActivationStore\ActivationStore.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\RoamingState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\SystemAppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\TempState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\AC	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\AC\INetCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\AC\INetCookies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\AC\INetHistory	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\AC\Temp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\AppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\LocalCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\LocalState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\ActivationStore	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\RoamingState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\SystemAppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\TempState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\AC	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\AC\INetCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\AC\INetCookies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\AC\INetHistory	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\AC\Temp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\AppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\LocalCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\LocalState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Microsoft.BingFinance_4.3.193.0_x86__8wekyb3d8bbwe	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Microsoft.BingFinance_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Microsoft.BingFinance_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Microsoft.BingFinance_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Microsoft.BingFinance_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\RoamingState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\SystemAppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\TempState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\AC	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\AC\INetCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\AC\INetCookies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\AC\INetHistory	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\AC\Temp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\AppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\LocalCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\LocalState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Microsoft.BingNews_4.3.193.0_x86__8wekyb3d8bbwe	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Microsoft.BingNews_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Microsoft.BingNews_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Microsoft.BingNews_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Microsoft.BingNews_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\RoamingState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\SystemAppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\TempState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\AC	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\AC\INetCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\AC\INetCookies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\AC\INetHistory	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\AC\Temp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\AppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\LocalCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\LocalState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Microsoft.BingSports_4.3.193.0_x86__8wekyb3d8bbwe	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Microsoft.BingSports_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Microsoft.BingSports_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Microsoft.BingSports_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Microsoft.BingSports_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\RoamingState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\SystemAppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\TempState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Microsoft.BingWeather_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Microsoft.BingWeather_4.3.193.0_x86__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\RoamingState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\SystemAppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Microsoft.BioEnrollment_10.0.10240.16384_neutral__cw5n1h2txyewy\ActivationStore\ActivationStore.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Microsoft.BioEnrollment_10.0.10240.16384_neutral__cw5n1h2txyewy\ActivationStore\ActivationStore.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\RoamingState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\SystemAppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Microsoft.Getstarted_2.1.9.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Microsoft.Getstarted_2.1.9.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\RoamingState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\SystemAppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Microsoft.LockApp_10.0.10240.16384_neutral__cw5n1h2txyewy\ActivationStore\ActivationStore.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Microsoft.LockApp_10.0.10240.16384_neutral__cw5n1h2txyewy\ActivationStore\ActivationStore.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\RoamingState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\SystemAppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1ZJA02JO.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1ZJA02JO.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\268TPJIA.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\268TPJIA.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\268TPJIA.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6KWA3R8C.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6KWA3R8C.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6KWA3R8C.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\85DGK2J5.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\85DGK2J5.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\85DGK2J5.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FPNDV7T3.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FPNDV7T3.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FPNDV7T3.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\J9KFLZDX.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\J9KFLZDX.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\J9KFLZDX.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JN00AKV9.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JN00AKV9.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JN00AKV9.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OR8K8VRM.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OR8K8VRM.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OR8K8VRM.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TK0LXHBL.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TK0LXHBL.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TK0LXHBL.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VC62GJSF.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VC62GJSF.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VC62GJSF.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VSMDVD55.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VSMDVD55.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VSMDVD55.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\History	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\History\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\History\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatCache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatCache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatUaCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatUaCache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatUaCache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IEFlipAheadCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IEFlipAheadCache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IEFlipAheadCache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\AppCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\AppCache\Y2EKXLK8	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\AppCache\Y2EKXLK8\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\AppCache\Y2EKXLK8\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\AppCache\Y2EKXLK8\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\AppCache\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\AppCache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\AppCache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\EmieSiteList	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Temp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\TempState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\INetCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\INetCookies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\INetHistory	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\LocalState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\SystemCertificates	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\SystemCertificates\My	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\SystemCertificates\My\CRLs	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\SystemCertificates\My\CTLs	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\SystemCertificates\My\Certificates	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\51TU1403.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\51TU1403.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\51TU1403.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\5GJKP08H.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\5GJKP08H.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\5GJKP08H.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\6NQ9V8CD.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\6NQ9V8CD.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\6NQ9V8CD.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\JZ1UUUP9.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\JZ1UUUP9.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\JZ1UUUP9.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\KW0ULAFV.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\KW0ULAFV.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\KW0ULAFV.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\SW6Z4AI1.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\SW6Z4AI1.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\SW6Z4AI1.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TU6XBKFE.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TU6XBKFE.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TU6XBKFE.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\U9PT9V3Q.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\U9PT9V3Q.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\U9PT9V3Q.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\History	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\History\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\History\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\History\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatCache\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatCache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatCache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatUaCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatUaCache\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatUaCache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatUaCache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\1ab36a6a[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\1ab36a6a[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\1ab36a6a[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\1acd62c3[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\1acd62c3[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\1acd62c3[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\236a1503[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\236a1503[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\236a1503[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\36a8ead3[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\36a8ead3[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\36a8ead3[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\3727cd16[1].css	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\3727cd16[1].css.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\3727cd16[1].css.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\41795194[1].css	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\41795194[1].css.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\41795194[1].css.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\9101d3f2[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\9101d3f2[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\9101d3f2[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\Init[1].htm	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\Init[1].htm.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\Init[1].htm.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\d11fd6a0[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\d11fd6a0[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\d11fd6a0[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\f544a93b[1].css	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\f544a93b[1].css.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\f544a93b[1].css.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\f682f456[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\f682f456[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\f682f456[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\fce27fce[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\fce27fce[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\fce27fce[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\03HJF3R5	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\ETFMMWBM	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\ETFMMWBM\www.bing[1].xml	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\ETFMMWBM\www.bing[1].xml.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\ETFMMWBM\www.bing[1].xml.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\N6BZW9Z5	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\P1T4DCFU	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\P1T4DCFU\www.msn[1].xml	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\P1T4DCFU\www.msn[1].xml.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\P1T4DCFU\www.msn[1].xml.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Temp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\TempState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\INetCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\INetCookies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Get Info	PersonalKey.txt	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cookies	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Login Data	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal	type = file_attributes	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt	size = 1048576, size_out = 90	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt	size = 90, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt	size = 1048576, size_out = 90	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt	size = 90, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\268TPJIA.txt	size = 1048576, size_out = 620	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\268TPJIA.txt	size = 620, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6KWA3R8C.txt	size = 1048576, size_out = 77	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6KWA3R8C.txt	size = 77, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\85DGK2J5.txt	size = 1048576, size_out = 213	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\85DGK2J5.txt	size = 213, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FPNDV7T3.txt	size = 1048576, size_out = 416	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FPNDV7T3.txt	size = 416, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\J9KFLZDX.txt	size = 1048576, size_out = 385	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\J9KFLZDX.txt	size = 385, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JN00AKV9.txt	size = 1048576, size_out = 88	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JN00AKV9.txt	size = 88, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OR8K8VRM.txt	size = 1048576, size_out = 260	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OR8K8VRM.txt	size = 260, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TK0LXHBL.txt	size = 1048576, size_out = 211	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TK0LXHBL.txt	size = 211, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VC62GJSF.txt	size = 1048576, size_out = 182	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VC62GJSF.txt	size = 182, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VSMDVD55.txt	size = 1048576, size_out = 92	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VSMDVD55.txt	size = 92, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\container.dat	size = 1048576, size_out = 0	2	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OR8K8VRM.txt.jcry	size = 1048576, size_out = 0	2	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VSMDVD55.txt.jcry	size = 1048576, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\51TU1403.txt	size = 1048576, size_out = 127	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\51TU1403.txt	size = 127, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\5GJKP08H.txt	size = 1048576, size_out = 447	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\5GJKP08H.txt	size = 447, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\6NQ9V8CD.txt	size = 1048576, size_out = 395	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\6NQ9V8CD.txt	size = 395, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\JZ1UUUP9.txt	size = 1048576, size_out = 419	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\JZ1UUUP9.txt	size = 419, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\KW0ULAFV.txt	size = 1048576, size_out = 358	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\KW0ULAFV.txt	size = 358, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\SW6Z4AI1.txt	size = 1048576, size_out = 209	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\SW6Z4AI1.txt	size = 209, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TU6XBKFE.txt	size = 1048576, size_out = 200	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TU6XBKFE.txt	size = 200, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\U9PT9V3Q.txt	size = 1048576, size_out = 561	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\U9PT9V3Q.txt	size = 561, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\container.dat	size = 1048576, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt	size = 1048576, size_out = 111	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt	size = 111, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt	size = 1048576, size_out = 149	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt	size = 149, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt	size = 1048576, size_out = 159	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt	size = 159, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt	size = 1048576, size_out = 121	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt	size = 121, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\container.dat	size = 1048576, size_out = 0	1	Fn
Delete	msg.vbs	-	1	Fn
Delete	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1ZJA02JO.txt	-	1	Fn
Delete	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\268TPJIA.txt	-	1	Fn
Delete	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6KWA3R8C.txt	-	1	Fn
Delete	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\85DGK2J5.txt	-	1	Fn
Delete	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FPNDV7T3.txt	-	1	Fn
Delete	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\J9KFLZDX.txt	-	1	Fn
Delete	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JN00AKV9.txt	-	1	Fn
Delete	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OR8K8VRM.txt	-	1	Fn
Delete	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TK0LXHBL.txt	-	1	Fn
Delete	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VC62GJSF.txt	-	1	Fn
Delete	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VSMDVD55.txt	-	1	Fn
Delete	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\51TU1403.txt	-	1	Fn
Delete	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\5GJKP08H.txt	-	1	Fn
Delete	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\6NQ9V8CD.txt	-	1	Fn
Delete	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\JZ1UUUP9.txt	-	1	Fn
Delete	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\KW0ULAFV.txt	-	1	Fn
Delete	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\SW6Z4AI1.txt	-	1	Fn
Delete	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TU6XBKFE.txt	-	1	Fn
Delete	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\U9PT9V3Q.txt	-	1	Fn
Delete	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt	-	1	Fn
Delete	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt	-	1	Fn
Delete	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt	-	1	Fn
Delete	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt	-	1	Fn
For performance reasons, the remaining 2253 entries are omitted. The remaining entries can be found in glog.xml.

Module (71)

Operation	Module	Additional Information	Count	Logfile
Load	KERNEL32.DLL	base_address = 0x74f40000	1	Fn
Load	winmm.dll	base_address = 0x73f90000	1	Fn
Load	ws2_32.dll	base_address = 0x74d30000	2	Fn
Load	kernel32.dll	base_address = 0x74f40000	2	Fn
Load	advapi32.dll	base_address = 0x77550000	2	Fn
Load	ntdll.dll	base_address = 0x776b0000	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteFile, address_out = 0x74f66590	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteConsoleW, address_out = 0x74f66920	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForSingleObject, address_out = 0x74f66110	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualQuery, address_out = 0x74f58c90	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualFree, address_out = 0x74f58c70	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAlloc, address_out = 0x74f58b70	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SwitchToThread, address_out = 0x74f59f30	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetWaitableTimer, address_out = 0x74f660d0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetUnhandledExceptionFilter, address_out = 0x74f5a2c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetProcessPriorityBoost, address_out = 0x74f5f8c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEvent, address_out = 0x74f660c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetErrorMode, address_out = 0x74f58bf0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetConsoleCtrlHandler, address_out = 0x74f668f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryA, address_out = 0x74f5d8d0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryW, address_out = 0x74f5a0b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemInfo, address_out = 0x74f5a1f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStdHandle, address_out = 0x74f5a060	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetQueuedCompletionStatus, address_out = 0x74f58c30	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessAffinityMask, address_out = 0x74f5a220	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcAddress, address_out = 0x74f57940	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentStringsW, address_out = 0x74f5a3b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleMode, address_out = 0x74f66870	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeEnvironmentStringsW, address_out = 0x74f5a0f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitProcess, address_out = 0x74f674f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DuplicateHandle, address_out = 0x74f65f30	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThread, address_out = 0x74f59700	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateIoCompletionPort, address_out = 0x74f65770	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventA, address_out = 0x74f65f70	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseHandle, address_out = 0x74f65f20	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = AddVectoredExceptionHandler, address_out = 0x7770f090	1	Fn
Get Address	c:\windows\syswow64\winmm.dll	function = timeEndPeriod, address_out = 0x73f9cb20	1	Fn
Get Address	c:\windows\syswow64\winmm.dll	function = timeBeginPeriod, address_out = 0x73f94390	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = WSAGetOverlappedResult, address_out = 0x74d3e1b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = AddDllDirectory, address_out = 0x752be9e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = AddVectoredContinueHandler, address_out = 0x77759670	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetQueuedCompletionStatusEx, address_out = 0x74f81320	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryExW, address_out = 0x74f57920	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = SystemFunction036, address_out = 0x747b2530	1	Fn
Get Address	c:\windows\syswow64\ntdll.dll	function = NtWaitForSingleObject, address_out = 0x77718c00	1	Fn
Get Address	c:\windows\syswow64\ntdll.dll	function = wine_get_version, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetHandleInformation, address_out = 0x74f65f50	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = WSAStartup, address_out = 0x74d42420	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CancelIoEx, address_out = 0x74f5ebd0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFileCompletionNotificationModes, address_out = 0x74f64810	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = WSAEnumProtocolsW, address_out = 0x74d45b50	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineW, address_out = 0x74f5a4b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentVariableW, address_out = 0x74f59540	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptAcquireContextW, address_out = 0x77570730	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptGenRandom, address_out = 0x77570df0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileAttributesExW, address_out = 0x74f66330	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileW, address_out = 0x74f66250	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileW, address_out = 0x74f661b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileW, address_out = 0x74f66180	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindNextFileW, address_out = 0x74f66290	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindClose, address_out = 0x74f661d0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadFile, address_out = 0x74f664a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RemoveDirectoryW, address_out = 0x74f664e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileAttributesW, address_out = 0x74f66340	1	Fn

System (1)

Operation	Additional Information	Success	Count	Logfile
Get Info	type = Hardware Information		1	Fn

Environment (2)

Operation	Additional Information	Success	Count	Logfile
Get Environment String	-		1	Fn Data
Get Environment String	name = GODEBUG		1	Fn

Process #4: dec.exe

Information	Value
ID	#4
File Name	c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\windows\start menu\programs\startup\dec.exe
Command Line	"C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dec.exe"
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:02:11, Reason: Autostart
Unmonitor	End Time: 00:02:17, Reason: Self Terminated
Monitor Duration	00:00:06

OS Process Information

Information	Value
PID	0x8fc
Parent PID	0x4f0 (c:\windows\explorer.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 8F8 0x 5A0 0x 53C 0x 2E0 0x 584 0x 644

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	rw	-
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	rw	-
private_0x0000000000020000	0x00020000	0x00023fff	Private Memory	rw	-
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	rw	-
private_0x0000000000030000	0x00030000	0x00030fff	Private Memory	rw	-
pagefile_0x0000000000040000	0x00040000	0x00053fff	Pagefile Backed Memory	r	-
private_0x0000000000060000	0x00060000	0x0009ffff	Private Memory	rw	-
private_0x00000000000a0000	0x000a0000	0x0019ffff	Private Memory	rw	-
pagefile_0x00000000001a0000	0x001a0000	0x001a3fff	Pagefile Backed Memory	r	-
private_0x00000000001b0000	0x001b0000	0x001b1fff	Private Memory	rw	-
private_0x00000000001c0000	0x001c0000	0x001cffff	Private Memory	rw	-
locale.nls	0x001d0000	0x0028dfff	Memory Mapped File	r	-
private_0x0000000000290000	0x00290000	0x00290fff	Private Memory	rw	-
private_0x00000000002a0000	0x002a0000	0x0039ffff	Private Memory	rw	-
private_0x00000000003a0000	0x003a0000	0x003dffff	Private Memory	rw	-
private_0x00000000003e0000	0x003e0000	0x003effff	Private Memory	rw	-
private_0x00000000003f0000	0x003f0000	0x003fffff	Private Memory	rw	-
dec.exe	0x00400000	0x00579fff	Memory Mapped File	rwx	... Region Actions Download Dump
private_0x0000000000580000	0x00580000	0x0067ffff	Private Memory	rw	-
private_0x0000000000680000	0x00680000	0x006bffff	Private Memory	rw	-
private_0x00000000006c0000	0x006c0000	0x006fffff	Private Memory	rw	-
mswsock.dll.mui	0x00700000	0x00702fff	Memory Mapped File	r	-
wshqos.dll	0x00700000	0x00707fff	Memory Mapped File	r	-
wshqos.dll.mui	0x00710000	0x00710fff	Memory Mapped File	r	-
private_0x0000000000730000	0x00730000	0x0073ffff	Private Memory	rw	-
pagefile_0x0000000000740000	0x00740000	0x008c7fff	Pagefile Backed Memory	r	-
pagefile_0x00000000008d0000	0x008d0000	0x00a50fff	Pagefile Backed Memory	r	-
pagefile_0x0000000000a60000	0x00a60000	0x01e5ffff	Pagefile Backed Memory	r	-
private_0x0000000001e60000	0x01e60000	0x1205ffff	Private Memory	rw	-
private_0x0000000012060000	0x12060000	0x3245ffff	Private Memory	rw	-
private_0x0000000012060000	0x12060000	0x1215ffff	Private Memory	rw	-
private_0x0000000012160000	0x12160000	0x1219ffff	Private Memory	rw	-
private_0x00000000121a0000	0x121a0000	0x1229ffff	Private Memory	rw	-
private_0x00000000122a0000	0x122a0000	0x122dffff	Private Memory	rw	-
private_0x00000000122e0000	0x122e0000	0x123dffff	Private Memory	rw	-
private_0x0000000012400000	0x12400000	0x323fffff	Private Memory	rw	-
private_0x0000000032400000	0x32400000	0x3243ffff	Private Memory	rw	-
private_0x0000000032440000	0x32440000	0x3253ffff	Private Memory	rw	-
mswsock.dll	0x32540000	0x3258dfff	Memory Mapped File	r	-
private_0x0000000032540000	0x32540000	0x3257ffff	Private Memory	rw	-
wow64cpu.dll	0x678d0000	0x678d7fff	Memory Mapped File	rwx	-
wow64win.dll	0x678e0000	0x67952fff	Memory Mapped File	rwx	-
wow64.dll	0x67960000	0x679aefff	Memory Mapped File	rwx	-
devobj.dll	0x74020000	0x74040fff	Memory Mapped File	rwx	-
winmmbase.dll	0x74050000	0x74072fff	Memory Mapped File	rwx	-
winmm.dll	0x74080000	0x740a3fff	Memory Mapped File	rwx	-
apphelp.dll	0x74930000	0x749c0fff	Memory Mapped File	rwx	-
bcryptprimitives.dll	0x749d0000	0x74a28fff	Memory Mapped File	rwx	-
cryptbase.dll	0x74a30000	0x74a39fff	Memory Mapped File	rwx	-
sspicli.dll	0x74a40000	0x74a5dfff	Memory Mapped File	rwx	-
advapi32.dll	0x74b20000	0x74b9afff	Memory Mapped File	rwx	-
gdi32.dll	0x74c40000	0x74d8cfff	Memory Mapped File	rwx	-
kernel32.dll	0x74db0000	0x74e9ffff	Memory Mapped File	rwx	-
msvcrt.dll	0x74ea0000	0x74f5dfff	Memory Mapped File	rwx	-
ws2_32.dll	0x74ff0000	0x7504bfff	Memory Mapped File	rwx	-
msctf.dll	0x75050000	0x7516ffff	Memory Mapped File	rwx	-
cfgmgr32.dll	0x75170000	0x751a5fff	Memory Mapped File	rwx	-
rpcrt4.dll	0x75350000	0x753fbfff	Memory Mapped File	rwx	-
kernelbase.dll	0x75400000	0x75575fff	Memory Mapped File	rwx	-
user32.dll	0x75790000	0x758cffff	Memory Mapped File	rwx	-
imm32.dll	0x75a50000	0x75a7afff	Memory Mapped File	rwx	-
nsi.dll	0x75c40000	0x75c46fff	Memory Mapped File	rwx	-
sechost.dll	0x75e30000	0x75e72fff	Memory Mapped File	rwx	-
ntdll.dll	0x77930000	0x77aa8fff	Memory Mapped File	rwx	-
private_0x000000007fea7000	0x7fea7000	0x7fea9fff	Private Memory	rw	-
private_0x000000007feaa000	0x7feaa000	0x7feacfff	Private Memory	rw	-
private_0x000000007fead000	0x7fead000	0x7feaffff	Private Memory	rw	-
pagefile_0x000000007feb0000	0x7feb0000	0x7ffaffff	Pagefile Backed Memory	r	-
pagefile_0x000000007ffb0000	0x7ffb0000	0x7ffd2fff	Pagefile Backed Memory	r	-
private_0x000000007ffd5000	0x7ffd5000	0x7ffd7fff	Private Memory	rw	-
private_0x000000007ffd8000	0x7ffd8000	0x7ffdafff	Private Memory	rw	-
private_0x000000007ffdb000	0x7ffdb000	0x7ffddfff	Private Memory	rw	-
private_0x000000007ffde000	0x7ffde000	0x7ffdefff	Private Memory	rw	-
private_0x000000007ffdf000	0x7ffdf000	0x7ffdffff	Private Memory	rw	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	r	-
private_0x000000007fff0000	0x7fff0000	0x7fffddf9ffff	Private Memory	r	-
ntdll.dll	0x7fffddfa0000	0x7fffde161fff	Memory Mapped File	rwx	-
private_0x00007fffde162000	0x7fffde162000	0x7ffffffeffff	Private Memory	r	-

Host Behavior

File (4)

Operation	Filename	Additional Information	Count	Logfile
Get Info	PersonalKey.txt	type = file_attributes	1	Fn
Open	STD_INPUT_HANDLE	-	1	Fn
Open	STD_OUTPUT_HANDLE	-	1	Fn
Open	STD_ERROR_HANDLE	-	1	Fn

Module (58)

Operation	Module	Additional Information	Count	Logfile
Load	KERNEL32.DLL	base_address = 0x74db0000	1	Fn
Load	winmm.dll	base_address = 0x74080000	1	Fn
Load	ws2_32.dll	base_address = 0x74ff0000	2	Fn
Load	kernel32.dll	base_address = 0x74db0000	2	Fn
Load	advapi32.dll	base_address = 0x74b20000	1	Fn
Load	ntdll.dll	base_address = 0x77930000	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteFile, address_out = 0x74dd6590	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteConsoleW, address_out = 0x74dd6920	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForSingleObject, address_out = 0x74dd6110	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualQuery, address_out = 0x74dc8c90	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualFree, address_out = 0x74dc8c70	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAlloc, address_out = 0x74dc8b70	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SwitchToThread, address_out = 0x74dc9f30	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetWaitableTimer, address_out = 0x74dd60d0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetUnhandledExceptionFilter, address_out = 0x74dca2c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetProcessPriorityBoost, address_out = 0x74dcf8c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEvent, address_out = 0x74dd60c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetErrorMode, address_out = 0x74dc8bf0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetConsoleCtrlHandler, address_out = 0x74dd68f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryA, address_out = 0x74dcd8d0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryW, address_out = 0x74dca0b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemInfo, address_out = 0x74dca1f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStdHandle, address_out = 0x74dca060	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetQueuedCompletionStatus, address_out = 0x74dc8c30	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessAffinityMask, address_out = 0x74dca220	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcAddress, address_out = 0x74dc7940	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentStringsW, address_out = 0x74dca3b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleMode, address_out = 0x74dd6870	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeEnvironmentStringsW, address_out = 0x74dca0f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitProcess, address_out = 0x74dd74f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DuplicateHandle, address_out = 0x74dd5f30	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThread, address_out = 0x74dc9700	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateIoCompletionPort, address_out = 0x74dd5770	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventA, address_out = 0x74dd5f70	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseHandle, address_out = 0x74dd5f20	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = AddVectoredExceptionHandler, address_out = 0x7798f090	1	Fn
Get Address	c:\windows\syswow64\winmm.dll	function = timeEndPeriod, address_out = 0x7408cb20	1	Fn
Get Address	c:\windows\syswow64\winmm.dll	function = timeBeginPeriod, address_out = 0x74084390	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = WSAGetOverlappedResult, address_out = 0x74ffe1b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = AddDllDirectory, address_out = 0x7552e9e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = AddVectoredContinueHandler, address_out = 0x779d9670	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetQueuedCompletionStatusEx, address_out = 0x74df1320	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryExW, address_out = 0x74dc7920	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = SystemFunction036, address_out = 0x74a32530	1	Fn
Get Address	c:\windows\syswow64\ntdll.dll	function = NtWaitForSingleObject, address_out = 0x77998c00	1	Fn
Get Address	c:\windows\syswow64\ntdll.dll	function = wine_get_version, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetHandleInformation, address_out = 0x74dd5f50	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = WSAStartup, address_out = 0x75002420	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CancelIoEx, address_out = 0x74dcebd0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFileCompletionNotificationModes, address_out = 0x74dd4810	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = WSAEnumProtocolsW, address_out = 0x75005b50	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineW, address_out = 0x74dca4b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileAttributesExW, address_out = 0x74dd6330	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileW, address_out = 0x74dd6250	1	Fn

System (1)

Operation	Additional Information	Success	Count	Logfile
Get Info	type = Hardware Information		1	Fn

Environment (1)

Operation	Additional Information	Success	Count	Logfile
Get Environment String	-		1	Fn Data

Process #6: enc.exe

4959

Information	Value
ID	#6
File Name	c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\windows\start menu\programs\startup\enc.exe
Command Line	"C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enc.exe"
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:02:13, Reason: Autostart
Unmonitor	End Time: 00:03:13, Reason: Self Terminated
Monitor Duration	00:01:00

OS Process Information

Information	Value
PID	0x57c
Parent PID	0x4f0 (c:\windows\explorer.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 4A0 0x 540 0x 2D0 0x 688 0x 678 0x 470 0x AC8 0x 584 0x 644

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	rw	-
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	rw	-
private_0x0000000000020000	0x00020000	0x00023fff	Private Memory	rw	-
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	rw	-
private_0x0000000000030000	0x00030000	0x00030fff	Private Memory	rw	-
pagefile_0x0000000000040000	0x00040000	0x00053fff	Pagefile Backed Memory	r	-
private_0x0000000000060000	0x00060000	0x0009ffff	Private Memory	rw	-
private_0x00000000000a0000	0x000a0000	0x0019ffff	Private Memory	rw	-
pagefile_0x00000000001a0000	0x001a0000	0x001a3fff	Pagefile Backed Memory	r	-
private_0x00000000001b0000	0x001b0000	0x001b1fff	Private Memory	rw	-
locale.nls	0x001c0000	0x0027dfff	Memory Mapped File	r	-
private_0x0000000000280000	0x00280000	0x00280fff	Private Memory	rw	-
private_0x0000000000290000	0x00290000	0x0029ffff	Private Memory	rw	-
private_0x00000000002a0000	0x002a0000	0x0039ffff	Private Memory	rw	-
private_0x00000000003a0000	0x003a0000	0x003dffff	Private Memory	rw	-
private_0x00000000003e0000	0x003e0000	0x003effff	Private Memory	rw	-
private_0x00000000003f0000	0x003f0000	0x003fffff	Private Memory	rw	-
enc.exe	0x00400000	0x005fcfff	Memory Mapped File	rwx	... Region Actions Download Dump
private_0x0000000000600000	0x00600000	0x006fffff	Private Memory	rw	-
private_0x0000000000700000	0x00700000	0x0073ffff	Private Memory	rw	-
private_0x0000000000740000	0x00740000	0x0077ffff	Private Memory	rw	-
mswsock.dll.mui	0x00780000	0x00782fff	Memory Mapped File	r	-
wshqos.dll	0x00780000	0x00787fff	Memory Mapped File	r	-
private_0x0000000000780000	0x00780000	0x0078ffff	Private Memory	rw	-
private_0x0000000000790000	0x00790000	0x0079ffff	Private Memory	rw	-
pagefile_0x00000000007a0000	0x007a0000	0x00927fff	Pagefile Backed Memory	r	-
pagefile_0x0000000000930000	0x00930000	0x00ab0fff	Pagefile Backed Memory	r	-
pagefile_0x0000000000ac0000	0x00ac0000	0x01ebffff	Pagefile Backed Memory	r	-
private_0x0000000001ec0000	0x01ec0000	0x120bffff	Private Memory	rw	-
private_0x00000000120c0000	0x120c0000	0x324bffff	Private Memory	rw	-
private_0x00000000120c0000	0x120c0000	0x121bffff	Private Memory	rw	-
private_0x00000000121c0000	0x121c0000	0x121fffff	Private Memory	rw	-
private_0x0000000012200000	0x12200000	0x122fffff	Private Memory	rw	-
private_0x0000000012300000	0x12300000	0x1233ffff	Private Memory	rw	-
private_0x0000000012340000	0x12340000	0x1237ffff	Private Memory	rw	-
mswsock.dll	0x12380000	0x123cdfff	Memory Mapped File	r	-
wshqos.dll.mui	0x12380000	0x12380fff	Memory Mapped File	r	-
private_0x0000000012380000	0x12380000	0x123bffff	Private Memory	rw	-
private_0x00000000123c0000	0x123c0000	0x123fffff	Private Memory	rw	-
private_0x0000000012400000	0x12400000	0x323fffff	Private Memory	rw	-
private_0x0000000032400000	0x32400000	0x324fffff	Private Memory	rw	-
private_0x0000000032500000	0x32500000	0x325fffff	Private Memory	rw	-
sortdefault.nls	0x32600000	0x32936fff	Memory Mapped File	r	-
private_0x0000000032940000	0x32940000	0x329effff	Private Memory	rw	-
private_0x00000000329f0000	0x329f0000	0x32a2ffff	Private Memory	rw	-
private_0x0000000032a30000	0x32a30000	0x32a3ffff	Private Memory	rw	-
private_0x0000000032a40000	0x32a40000	0x32a7ffff	Private Memory	rw	-
private_0x0000000032a80000	0x32a80000	0x32b7ffff	Private Memory	rw	-
private_0x0000000032b80000	0x32b80000	0x32bbffff	Private Memory	rw	-
wow64cpu.dll	0x678d0000	0x678d7fff	Memory Mapped File	rwx	-
wow64win.dll	0x678e0000	0x67952fff	Memory Mapped File	rwx	-
wow64.dll	0x67960000	0x679aefff	Memory Mapped File	rwx	-
devobj.dll	0x74020000	0x74040fff	Memory Mapped File	rwx	-
winmmbase.dll	0x74050000	0x74072fff	Memory Mapped File	rwx	-
winmm.dll	0x74080000	0x740a3fff	Memory Mapped File	rwx	-
samlib.dll	0x74890000	0x748a2fff	Memory Mapped File	rwx	-
rsaenh.dll	0x748b0000	0x748defff	Memory Mapped File	rwx	-
bcrypt.dll	0x748e0000	0x748fafff	Memory Mapped File	rwx	-
cryptsp.dll	0x74900000	0x74912fff	Memory Mapped File	rwx	-
samcli.dll	0x74930000	0x74943fff	Memory Mapped File	rwx	-
netutils.dll	0x74950000	0x74959fff	Memory Mapped File	rwx	-
srvcli.dll	0x74960000	0x7497bfff	Memory Mapped File	rwx	-
wkscli.dll	0x74980000	0x7498ffff	Memory Mapped File	rwx	-
netapi32.dll	0x74990000	0x749a2fff	Memory Mapped File	rwx	-
userenv.dll	0x749b0000	0x749c8fff	Memory Mapped File	rwx	-
bcryptprimitives.dll	0x749d0000	0x74a28fff	Memory Mapped File	rwx	-
cryptbase.dll	0x74a30000	0x74a39fff	Memory Mapped File	rwx	-
sspicli.dll	0x74a40000	0x74a5dfff	Memory Mapped File	rwx	-
advapi32.dll	0x74b20000	0x74b9afff	Memory Mapped File	rwx	-
gdi32.dll	0x74c40000	0x74d8cfff	Memory Mapped File	rwx	-
kernel32.dll	0x74db0000	0x74e9ffff	Memory Mapped File	rwx	-
msvcrt.dll	0x74ea0000	0x74f5dfff	Memory Mapped File	rwx	-
ws2_32.dll	0x74ff0000	0x7504bfff	Memory Mapped File	rwx	-
msctf.dll	0x75050000	0x7516ffff	Memory Mapped File	rwx	-
cfgmgr32.dll	0x75170000	0x751a5fff	Memory Mapped File	rwx	-
rpcrt4.dll	0x75350000	0x753fbfff	Memory Mapped File	rwx	-
kernelbase.dll	0x75400000	0x75575fff	Memory Mapped File	rwx	-
user32.dll	0x75790000	0x758cffff	Memory Mapped File	rwx	-
imm32.dll	0x75a50000	0x75a7afff	Memory Mapped File	rwx	-
nsi.dll	0x75c40000	0x75c46fff	Memory Mapped File	rwx	-
profapi.dll	0x75e20000	0x75e2efff	Memory Mapped File	rwx	-
sechost.dll	0x75e30000	0x75e72fff	Memory Mapped File	rwx	-
ntdll.dll	0x77930000	0x77aa8fff	Memory Mapped File	rwx	-
private_0x000000007fea4000	0x7fea4000	0x7fea6fff	Private Memory	rw	-
private_0x000000007fea7000	0x7fea7000	0x7fea9fff	Private Memory	rw	-
private_0x000000007feaa000	0x7feaa000	0x7feacfff	Private Memory	rw	-
private_0x000000007fead000	0x7fead000	0x7feaffff	Private Memory	rw	-
pagefile_0x000000007feb0000	0x7feb0000	0x7ffaffff	Pagefile Backed Memory	r	-
pagefile_0x000000007ffb0000	0x7ffb0000	0x7ffd2fff	Pagefile Backed Memory	r	-
private_0x000000007ffd5000	0x7ffd5000	0x7ffd7fff	Private Memory	rw	-
private_0x000000007ffd8000	0x7ffd8000	0x7ffdafff	Private Memory	rw	-
private_0x000000007ffdb000	0x7ffdb000	0x7ffddfff	Private Memory	rw	-
private_0x000000007ffde000	0x7ffde000	0x7ffdefff	Private Memory	rw	-
private_0x000000007ffdf000	0x7ffdf000	0x7ffdffff	Private Memory	rw	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	r	-
private_0x000000007fff0000	0x7fff0000	0x7fffddf9ffff	Private Memory	r	-
ntdll.dll	0x7fffddfa0000	0x7fffde161fff	Memory Mapped File	rwx	-
private_0x00007fffde162000	0x7fffde162000	0x7ffffffeffff	Private Memory	r	-

Created Files

Filename	File Size	Hash Values	Actions
C:\Users\CIiHmnxMn6Ps\Desktop\SvRWUh8O28N6-clTZ_c.ppt.jcry	49.44 KB	MD5: 0190059e3fbd40d5010e9c4e1034beb4 SHA1: a59fd283b7b67afc418ac4ad9e9867e85bab0e33 SHA256: d9a1c7d26554be236c6b5943f8af814fddc269624b1aab660b1cda22d3a83b3d SSDeep: 1536:Nk+9tb8klnNT1NGawUWS9zo2s3rdFoB/wlW9:NkId8iNR0awUWnRru/ws9	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\8636b4dd[1].js.jcry	92.62 KB	MD5: cace47a9edd317d0d9b6641623734075 SHA1: c24db06f75730f708c5d56b7bb221b42078552f3 SHA256: d8a2c0964b0a606dcc4e7a332f33b503c8172ca26b46ae9ed52bbd3d6fdd4d95 SSDeep: 1536:d0kLX8afUMOmQpCGPmtNo+jwc9hMFEuw4/spy6cCwuRLcop1nBPVcd06:ikLX8afjmpbmtvj1PdMtpa5/p9BPVK	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Q9i6C.bmp.jcry	58.41 KB	MD5: 0ecd97ebea867aef5bc99e2f6986effa SHA1: 0e991ceceb682fa1540c9b210b882c0fa25f75a7 SHA256: 708a6395e962954f82e5189ba8e9344cf48f3ec004e7f93cef66e117b1c53e5d SSDeep: 1536:ovSnq4E7PQlzBuwOFSUr91z2LLpyAVjqJjPkVZy:gR4WPKbOFBrzAycwjkZy	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\QwiwJaAxyjih27RCFe.m4a.jcry	20.77 KB	MD5: e94640ef2da3b16392e9a2d5215ab938 SHA1: eff2b790d8e968c108dd09b9bece83e0d8052a94 SHA256: b51d31eca5a1c5f2d92e0ce1d08720998cfe68bfaa4ef2d850f543cb4701b3d9 SSDeep: 384:DZjCFJ6BLkvH4M/cvcJZXn+WJlQIhoyN7KR7XfOjXUfePO5MTOaH6+VyJwKJ7Wbk:dOF0pkH4RvcJZTlzUNVfePWa4TCY	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\U0qddNFf IzejfRc4.pps.jcry	76.86 KB	MD5: 59c58f83bce4f18e23c32979cf5ca96b SHA1: ca135d1f3b73644faff4937b6ea4cd5120192d0b SHA256: f3a094040a06db4b16ca0bed83cd90bb44647fc2a4ef2326aeae7c365b6f4a0d SSDeep: 1536:rneFCwDQDiuHGsEhZzDNYzrMlP6a1giWm5VhpMZ:rneFCwDQd4ZXN4Ml6a144VrMZ	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\2743db28[1].css.jcry	59.17 KB	MD5: 58029963217c7a29f35e5f54026860a9 SHA1: 3db9c685f03155c451d3ed907a2218537f7aa5e1 SHA256: bb2638be20bb11fd612f7376b7e688080363825611d578a3132dd16790fb846a SSDeep: 1536:4QMBp52kWUKXUjNrjKWiyAoCeN35b8wJv2/729/syZ1:By523sxrjfHABe3b8b/72f/	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\EIUPKxNK07txbNTvKKn\uMY3H_rxE-IjStQpG.m4a.jcry	48.90 KB	MD5: c3459126d37fd0ce0b1de0e88fa98e14 SHA1: 7e550d677a27fe5b1dac3baaaa0d15797197871d SHA256: 5a20120f83811b88f297c91b2d5a31a58791e4f7293f22d6d69aa11cb590cc51 SSDeep: 1536:B92Si84jhbiApk2KiQj6apaZPhA/OiX2Kf+Hsmh6u:edljXpVZsaZZA/L1Ysyf	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\RQ84.jpg.jcry	87.68 KB	MD5: 03888723d136abf86a9b8f5ddae13809 SHA1: d00baed268d6130ce58bb2da4d887d3d2b06b1d1 SHA256: db81cd70b7ba38501b188d95670f7d834e535ae6ed6e989332c74608718ddaab SSDeep: 1536:Bpe5rBPYb2qX771akZ7o8RUht+Ll7uLU130i3vvnE6pNVulqW3wFW:qroTakZ79RE+4U5F//BXu4WA0	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\e3f307cb[1].js.jcry	18.34 KB	MD5: 97bd1f639ebcc8baa4b247797b169bda SHA1: b81f59237a96ce06ec4dc7d079a98aa5c3da0b0d SHA256: f3377af6285074bd40b20b1863813e51b1b12d3c7d0f61fbd57d8fc2b45e6220 SSDeep: 384:THWTXOXisOx4xOH/pwxHYCfPJG2vZdXDfnvAANfEf:sFsOw+pwlY+G2vZlnvAApI	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\PQu2.bmp.jcry	87.77 KB	MD5: 2fd7f818259566af579c5d295a2b3b32 SHA1: de576b12a59feafe3dcd99af1fa9e8be8c13ee4c SHA256: 8de7bb17a3db61ec9ae93d317661b2b363459917c1f033981d84a462991b9869 SSDeep: 1536:Qkzw1m7vwYTnuGVLVg8JlGDWqnbnnyPSib3IHHiBVRU8W7ie38t+aRGI21haFi73:BM1m7vNTZDaRnyb8HHikpIIX1haFi75F	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\1e4bafa3[1].css.jcry	48.76 KB	MD5: e252dc3aa806696652e025f43b3e1aa7 SHA1: a81ee5cdb7216a0905cbcafbaae3bd61fb3fbc47 SHA256: 03a871f8a00e9b3268fce5e7daa9a3b02320a6c8e65398aec48cf7734bb48574 SSDeep: 1536:wkP3QfWOkWfjtL28DIcisyw5fOg8ft9M7l:wkP0WhCjtLxIXw5Wg+t9sl	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\RONKYzlqTRh.jpg.jcry	50.65 KB	MD5: 9ff7042623bb995a3500394c883c0c7c SHA1: 027f736b8973ec9f984bb32a7209e9e4c6b82f62 SHA256: 4fbf5918a6cb179d6b7f9faf2b41157221ef9c63d3213e9c0e2587fb64f03706 SSDeep: 1536:Pk+kKHjYPSXug46WTI1V5YjQJ4AdXZTBLpKEbzRAKx8:PQ9PWug7V52Q4M3KgzqK6	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\lWzZbxg-gIxqPAUR\L_OrNwiEnXB.flv.jcry	64.18 KB	MD5: fe6396f802194d44a9189b3313639690 SHA1: f88a00a6a0c4b6809ab46dd17b718a39b3ed4a1a SHA256: 0edc0a77f037c0c9fcc7fe06a7ded197a4ed60d4c21bb1b0449e1e78eae09e21 SSDeep: 1536:YE0NYdsWxGaPWMiktGBbmvcGygFmg6z3fhIyJACG1FZJciv:j0Gds8bt2kRq7jWCG1XJcE	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\-hulqV.mp3.jcry	51.73 KB	MD5: efb272d52e2be823d8bca99088f60a5a SHA1: 348f6608ad19fbd2efe881aa62125eed3e5e40bb SHA256: 9bb765dd441fb9cbeb7157076b53eaf173265bd70395d6c52aaebb6d368f5e22 SSDeep: 1536:z7h61mvj+Flg6uBXzsM3JHGAz20YnjZ0ofiiRhLv:Hh61Aj+Flg6u+YQAz23l0of5RBv	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CT0F6TC1\c9.skadtec[1].xml.jcry	0.36 KB	MD5: 3d89fd4819c9b4a305f25f167df6de7d SHA1: e30c5937861665a2e27929e58f85a96103d6f15e SHA256: 9941a5c79a49a475bc5278cb896577913f32bffbab9f31e8b5494f4d3c68f980 SSDeep: 6:Gqp4hPodg9NxGaLm52W6rrSrv8wgtAziIxYriCtm0wiQ1uJbu1FvZ86vBWfLy5DF:npgmg9maLgYfwP7YriCtbwiCHvR86JWQ	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\jTdN1rK0.png.jcry	12.22 KB	MD5: 4d29976fb993286013b7a4d15f986adb SHA1: eb2b8afbf35fe7717ac56163aa6856af711b1e5a SHA256: ab83b83fe72f5ef6be9e457c5205ec5932f350c2ec40d25822bfe6c039b7f2f6 SSDeep: 384:CGD0o6PpLRTxc31TyiEB4N9pluzwgeSpLYa:COKRsFTy63UYSD	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\FQWYA9OY\3417f6c5[1].js.jcry	31.28 KB	MD5: c9595ad9dcf567edcf4e000880fd6ee8 SHA1: 9b5c0d6590e68ba47e8aefe95adbe7ea61e30817 SHA256: 095fa94498fcb744b7fb1ebac8c851a605ac57506fbbad1f22a73445fa21e040 SSDeep: 768:WR+CeWf6JuJPU/2P/q8WgNMCcZnfkmTllFubDN:RgMuCeUTnfkmxlCN	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\a7zfZF byyy.flv.jcry	23.71 KB	MD5: da19e2e2fc4f6f1d7396a557b2e845a3 SHA1: 15f607a681e43c55b15eb795d2249edd45c94a74 SHA256: cdf2c85a1cd32ea42f19884f689b3ed443914b953cba9c40b648520d67e1c07e SSDeep: 384:Ulj+f4SggtSDyQLvWxa8BCYxG0fVIe+H6ZgP92lwciP244mJWB2Rdjl0bf:Aj+f4SPtZ0b8BxbN94klwg44uWoRZl0j	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\TZMiuIiumWp5\ajPugGxa_vn8WLK\5J_IWG.pptx.jcry	90.89 KB	MD5: e7606f65b01d1a2f21335109edbd14be SHA1: b68c17dc3c92ef8eb9cb1514fb2e64b99b4cc04d SHA256: e5a39bde82580b1ed0b2dc06a9e3b2fe534b9753a0e7d4eb15208ef7319872c4 SSDeep: 1536:rwxTIPOU/ToeIgMVUHcJmtp1mgvdrFf3J711es2cMiUqg3dxYTIRmoBYZoCU1K8g:rwIPb/8eIggJmtp1JvdrFfZjLloqg3Hw	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\EIUPKxNK07txbNTvKKn\QogBHER-c.swf.jcry	53.17 KB	MD5: 07a3695185c5de14714f41721dd04fce SHA1: 2bfa8799a01a17719dd68b3566b707bdda14f3e1 SHA256: 0514e15c5df5f510d7f04d566b797925902a29ca1ea083bfdd28d0c2ac9da7d1 SSDeep: 1536:Lagp4b0bu1jP5JBkGHhcubfIIATzoVoDUT9uf2GNzn8cTU:Lqb0cjbW94fFmsVuSI2GZn8cTU	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\secmod.db.jcry	0.01 KB	MD5: 31838676b7f19e28e39bd65d1194ad9f SHA1: f65c7c19be61b51d4c3d8570320f3cb5c488fbde SHA256: 54acf7ef981138e47f016bc1b4f5269d83c2a4833b6a6671b5700901fdc920f6 SSDeep: 3:b81sHq:Q1sK	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\cca0c2d7[1].js.jcry	15.57 KB	MD5: eab1bae256a6d914d86f864c4c23dcdd SHA1: 5aa1ce574f35321f28f20e43c14bff4210e368a8 SHA256: 6477c1d1533787c5185b3906a614e6974cfbac488db69804d831bf3f528b8ccf SSDeep: 192:x0BcfuNEYGBJeNHl69xiZuzGX1GmjT6sPzwNuhDXljSN6mPzzYYd5ZXP0cByllHG:x0ufuxooX7zjZVkLzzYYLHETzAmk	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\DsqwPBK32_xL3bHc.flv.jcry	59.74 KB	MD5: 0a47e6cce8e0a7d2a6cdf20642c77144 SHA1: 344f82a26e23506fc34d7511321f51c27e09e10b SHA256: 7739002cb4c5b9c8d80daf09721c9b8e32c279b4e4b38caa5610398466232f6f SSDeep: 1536:VffJVVtF/5I9AvdLtpc9KUSRu+B3xJX/ZA:hfh/S9AVL/cs3xJXRA	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	512.03 KB	MD5: 943e6469aebc3a4712f1524ce9edf0a5 SHA1: b0d23d893a76b6f07c75c019d41acee91a1eb895 SHA256: 8541079e5a0baf7151096059ff33c103d5121b69b7af3af46d4ae8997382b6bc SSDeep: 12288:CygtzbuSx0BTjWqye74IkEhg+gtV1QCOeYt3VH9Xt:xgtzKAkTfyFddtsCO1DH99	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\41yn_YeDPEAP7S.csv.jcry	55.87 KB	MD5: 28fda2ef52de840d489da58035e9ac40 SHA1: 12e967eb75a65ae2477c532b1023b4a2204667a8 SHA256: 5605031e66cfa6557a781a80e85b524a4351ea81c2d5b8837bf04ec0cc66db13 SSDeep: 1536:j2oaYCcDplyz5d6xr7TgtZz/ezTMisDqKkPMF0pBO:j7fCcDplyzITaZzeCzt0C	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aDE3yyEX-1vofapw7.mp3.jcry	12.93 KB	MD5: 3e94ae9b805adcd5c9077b6b44b8f154 SHA1: 91dc1999f82805e2d1757ce476cbbbed08467dbc SHA256: 5c178fbfae3858627e17ca4ddfda0661609a3df6a4d287e2e65e850480b5d10a SSDeep: 192:OaMAoLgjy1WrXAmkrmMri1EAACHs9nK+tdGl1N8Fgj/YYilAIR0msaLT3JPdkUXr:OAUTwD6u1A5BKYGR8dwmB3v1oZC	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.jcry	8.03 KB	MD5: 0e33c171870c99f262f0759474b8ba6f SHA1: d4f054c9e14b7cb78e5a6b7a57ba961d89632f39 SHA256: 086be77eb8cdc4a9ac3772399e0be3c9c21c79799e75f5070f164b2913da4451 SSDeep: 192:kLTm6OQl1hwWUNFoJ99fA4cBtq0Ww/JYDQgJvarYCM:6TmYdyTo5fA5tq98gJvr	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\dw3Y7B34wm.doc.jcry	88.06 KB	MD5: abe3554f6934845653da077b2c75f1af SHA1: df16624f2f3ee185eb1fabdcc2be3921c86d956e SHA256: 4f41a42df4d248fd51d80ddd22f57eb7fe487cc3505409b6c9896266228f6a85 SSDeep: 1536:dmoaUuuu+rlsXXBlPlvs03+kbZLgh4ybMsCD8LQ1VWXHlqhLdgl9z+YI21EA:laUOelUlvpnbZLds28LXlyLde9z+YI2/	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist.xml.jcry	251.93 KB	MD5: 51fdcc67848796c0c90b1db2c155d6a7 SHA1: 83241b0e7133dca22d00beb2e2008351eae13a41 SHA256: 29d46cf45b0a0dfbf8dc3e56fb52dff7dc34137a8ec209242e1e2b2cce0a8d77 SSDeep: 6144:O86KttMqcugmgiY4HkGh01w6jIRD6JG6s62iRF7hmP:oKkxmgiYOFhIwNRoG692iR3mP	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\8EURADBC\c.betrad[1].xml.jcry	50.85 KB	MD5: e686c80d965412a7ff6ef64a2f4a3779 SHA1: 88023b8f20382cca7455b0c4095e7bf1fb68f361 SHA256: 4161c70130c698b33c25b164dcd3003d90b0e708048079bf67b18f1290f9b3ab SSDeep: 1536:QIMNRoLZ77XXJuC7A/dyvsCkgsJLC30hkKUux2AQ5T9s:QIMm7HJuZyvs/C30zxyS	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Windows\AppCache\container.dat.jcry	0.01 KB	MD5: f3a8837a63969e06dd80bb13fee3973a SHA1: 9d2ce4148a0ac28b31beb3b68a66dee32d6d5e39 SHA256: 7018c57bc61dd833f45c1a343a796c8b1357491db2f0350adaa74374471b945f SSDeep: 3:/VR:9R	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\eqBy_tSN_tQB.gif.jcry	71.32 KB	MD5: 5a65ee11fba9916b655635e726cfb64e SHA1: 09537cb9f85aebd1bd5db8bcbb6bae6119a15921 SHA256: c0fb5a8511429e1aef89b5e911970944516866258b31d4206086dbc79344c1b8 SSDeep: 1536:M8qfwZyD2ZUgRB+AhAyQtc46Bjkl/Ux1l/xp5gds+oOtlqxPd:VqcyKigZUchkOrh5gr3+d	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\_EO7OlEx.m4a.jcry	99.31 KB	MD5: d2a666be568c4fd85227415e86d836c5 SHA1: f6c56374b383741380d4b31c7149ee29335c9fcb SHA256: b6243abdc1fbc6848f15689d1e02c4872fe72c5fefe1ddc4beb152772c32e6c6 SSDeep: 1536:bACH2gF3Ubw/rtFPt1GPu01wpqgK3zZcu+CFDHV0KdsPCHRJDgV6rIytc2:99UMTtFl1GS38OwmErrDgMrDc2	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat.jcry	8.03 KB	MD5: 5fe6700a77d5c5bfa901a07fe4b68329 SHA1: 2fb9847a0de279e3fbaa20cf158de388d8f34280 SHA256: 056edcb24891bafdf72a82c1f76a27c698199d38892b676d198b8c57af7705c7 SSDeep: 192:ZDyNse09Lk1wlMnARq0raBvZVgAxd8DEZJ/AOc1O5won2s:cb09Lk+lMnAvWxxd8c5A7O5h2s	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore.js.jcry	0.99 KB	MD5: 7979a2cbf0bad61448c84e1ee05125f8 SHA1: 5c679f94131e8dfd7e38fdf711b09d751fb18599 SHA256: 9270f434519d2df200ec34c675c967953ef87d3a6ac6d5e535e894e4e210d477 SSDeep: 24:TIiuVmmGsmReIEbF5NOe2sKdpoyoxqz0cL4wE0TNGMQRZW8whODUABLHWPn:ctVmmEeZR6e2sOocz0ccw83RZDwhUtVq	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\5bf5eed4[1].js.jcry	48.88 KB	MD5: aed225f9112e152ad9334cafcb095ab6 SHA1: 4fd999ac88054a37d2dff35d82f4ef2714d92207 SHA256: 2405368751c09ed941f7e7ae1df60b370bf6f138423d42a6a482dbc581ec1da8 SSDeep: 768:I8qJ2rY3n0Sg5/fWoHBdH6p0VpmeLK4CvFgh802+a81FoDef9a6lIlHB2Con81nJ:hqErYXGeyH6xp4/hFXoDvNZdAM	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\hjIDP.jpg.jcry	85.94 KB	MD5: b0daed00e0a01a728279d22c97c3ed1e SHA1: 5de22ed19ba6932a2cd50253edc9e33513808807 SHA256: 5e22f7a1e5484362e5a1abc4c24d1845fac43b8178dd3e077f8c4a97a31c7295 SSDeep: 1536:kEUXbMWzBfkSrSOxPrG2Tk9qqRv/E7p5QgKbWoj0MlXga+ui/EWEC6A:kvbfzBfkSrdPrG2Tk9qqx/4p2vbflXO7	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\045d3532[1].js.jcry	6.46 KB	MD5: 3cf27bd08fe9f3befc90df1f402cfbbe SHA1: 97027b426dc504d838e586d807a1127d0dc8d93d SHA256: 6f6c5b2115320fc5cff3061205efa4449814b84c029b8d35f8de3f00b97917a3 SSDeep: 192:ASQvD1PgdWlC/jQPJHvWbsUunxsPaMA5Zo9:8vD1oACclcsUumTAro9	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P4DH426Z\ab584def[1].js.jcry	168.17 KB	MD5: 02a4fd23a108833a7492206bb5892eb2 SHA1: f4381f239d3d73405b89d608c99efed2f0a52fd9 SHA256: 431a797930079908e1dfa62cf9fba6213cdd2ff578acc7b8f25c837dabb4da95 SSDeep: 3072:IT/LF07yu6sHFhMarHGgL2yZLB31UChfOwNrFEya1zXDULhJ5BVlFXDDuYBkkdyT:yLmf6sHFSCG+ZF3S+Eyk+RnXJBkkdO	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\Init[1].htm.jcry	48.75 KB	MD5: 23be81795d651f7cc2c77e8a26c026e0 SHA1: fd5bc9b1e261db91f2f857025334d46e64fcdc2b SHA256: dd426e2db3b3a63b8f34b98b7a37b998473cbc3de9dd30da61e7c24e8f28c95d SSDeep: 768:hUhsJ5bOEnxg5Ih7HojR2E7zq6M1m2KM2fKg6lP/8e8X2qMNeMdY:h2sjbvn6kBSxmmhfXWF4inY	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\QyqWHpCrPwp_nO7PN9.jpg.jcry	94.01 KB	MD5: fb3f6c79f7623c1f56b311ae90741309 SHA1: d059fce71dbe5bab8466f1fded36dd4c47c6a10d SHA256: cbc5335744f289d371d0803e0464729a753f0f8bd0d81f5b9982f1c2b4b27260 SSDeep: 1536:V4XG4+NJhQWK2y1ih9xXQIyv/WGaRL7D7kGjgMKCJ7hhLXhB/1l2bnwsXYc7J2x:V4XGLNTy1i1Q1vuGatJjZFZf/1Qwsoc2	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\cd8c9d67[1].js.jcry	33.01 KB	MD5: 69601b169ffc1e73cadfa3fbf834bcf3 SHA1: e0c632966a9df6eb3b85fdb928e01211ee0c7fdd SHA256: 6a2e565808838c784a1cc5e265a034ac260f4979edf747b0a8f3effa59582c0d SSDeep: 768:EdkL8YAz4+zb1UZsWaPBk6X7jQ7WeCLZPCa0PtURbq1Qdf:Edo89z4FZFoRY7msP4qyl	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\pZxdwOOqGqM.flv.jcry	42.27 KB	MD5: 8663b2f6d6c7e5387f723d3c08ad138a SHA1: a96315e9da84cbbad25ed0854b74196b07bfe19f SHA256: b1659fdfaaa6218c06745cf3fe2a156d36bff32f3c1c25277e9c6b9771f2e8d7 SSDeep: 768:tt3QiiniammA9TV219zhLSZQ7ITz1Rv8pl6HkP08C9tdlOVSUN5KSvlUGfyUZP:fHiniamF9B2191lQz1Rv8plNctI5KSvh	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\4cd29aa1[1].js.jcry	42.47 KB	MD5: 421c84ae403af6acaddede706c6c412f SHA1: cdcc711fc87c055bf514d1596a3886691f383729 SHA256: f8dddde44185e23fdb6506fce5e93dbf8585ec995420e859912b5b0c35690454 SSDeep: 768:De43O9e5k7afBx9jXwUrSywyOg+PHz+9cYrzFTGp/VaBs+ndRcI5eh3COaDPXb:D13CCk7qrptuumzvsVGptObgIcy3b	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\3fe43eeb[1].css.jcry	6.61 KB	MD5: 2d72d9b1f4452c6f70c25f4220439ac8 SHA1: 26334d1ebf57faa517e5ddfeea8599ff0dc7899d SHA256: 9db2ffd15f23a67ea1ad264b0ef0100023444c8146c5807f88163ab33739b07c SSDeep: 192:wiwlceRCuDHNHqziIp+DLpOmKJ1U/s29waIGtZ9dNv:wxHHp/rKusWZHbp	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\AlternateServices.txt.jcry	0.01 KB	MD5: 54ea9ec89965d7fdb70995b2c4d952c4 SHA1: 0a0cffd1625b771455eedd6edf2c8a5eea319261 SHA256: 561881e2722d67a07792d9525750e3f424c101c95d069f68fbd66d634963a2b7 SSDeep: 3:Wk3R:dR	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\TZMiuIiumWp5\ajPugGxa_vn8WLK\Xz5AfJvYTMvx4.flv.jcry	7.98 KB	MD5: 15520dca6fac482b7ae358facfef1d47 SHA1: f45d2b4ecb5ea2299637a1baa926c0152af40211 SHA256: b57ec73c8420616fc435a6436d3f5a9344e59fbee3881d252bdf8ed0db0b73bc SSDeep: 192:VvvHPR56ZvQcyPpovZzONc5IxRdJil1wChSaqEi:VvfPRIVfyBoBAc47JqXSsi	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\qcawObqU-DuCJ.mp4.jcry	42.00 KB	MD5: 2ddd218ffa090ccf30c4a20569a7e707 SHA1: e0dafc508b919db54c18572f4c913708277b2b5a SHA256: 02c541f1d00a273c9788833676981a616242beb49651c262593330600f4fe0e2 SSDeep: 768:CiLzOgEUBMy6N3F6zc4rQFDI/6nhMqs436e9d0czaoTnIQdM2FCpjFH:LLzYgwMHQFDmeho435aoTZFkjF	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\R4HORrIqXAiPHZYm_7.mp3.jcry	22.08 KB	MD5: 8abc2a3764f38ca54c6fbbfa016f9015 SHA1: 126ed259fa3db8e65daee55954d297668f71a051 SHA256: 4aecec651b85082e3ab3ce442b51d576282ce6c169de73383686f4d9d8a2479a SSDeep: 384:Z/5VGe8HNNxvBBb2KIe+KzUJ7zXtfU1jv6Pw5vSRvFlVzUc0HVWw5b6dAPhb33GQ:Z/zGeelBBb2TfT7zXlSL8MEv/VY/VWUv	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\2BlZOfCPd J0fEzB.mp3.jcry	16.32 KB	MD5: e57d5712ae4169deea77a9474a530626 SHA1: e38da1316c309edb5d12c7062fd5feffe0ecc646 SHA256: 4a509d60c1078a424db50dadfe765e9df30f6ba8b9ec6e90f5124b5a8fc91658 SSDeep: 384:xtZnML/0Gdn3j5WGwNTJTPBySHsqI0RBYs:BML1VeJ0SMxFs	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\qRLHilF.xlsx.jcry	13.28 KB	MD5: ce7637f08ae0335018cfef15ba9a805c SHA1: cda3c9e8508f52a2d5c717b2b89b5050f2c0d761 SHA256: 1990229c5f50a2c85bbebd762ecdaa86395314f18fd37aef0fb5eefc462147d8 SSDeep: 384:kQgiJTpimsziHlWoDFLMYfdhG7vB5rXVXWZmOy:jtim5EoBZ3G7JlVX7v	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\lWzZbxg-gIxqPAUR\sjQrTlxXmDJ9.wav.jcry	9.45 KB	MD5: 018f8c6c9eec0bd88193ab8fb4530136 SHA1: 6550cc6722e2c5e5728234ef70c22f658b7ebb76 SHA256: 8dd9f97d116a7959d50ec2bd008969e284f6e0b850b053143a1c09545f75ddf3 SSDeep: 192:YcPC0IDngJQS2dTSuShZVWLpdFA4zO6F4JbVZc54KlXiJxmE2j/W0N:H9cngJ525SxKtfAIOa48rhEW/W4	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\89c17add[1].js.jcry	112.62 KB	MD5: 73464f49971ff6192573ea448c4f3cce SHA1: 576b6ce30d94c934542ef822e6a379a55dfb902f SHA256: 6fd9adc1057ece6d64b5d8b82e78dcffc529981e159a21e80e79ec97a16c6a81 SSDeep: 3072:pdD1hpmxpRPstbrzOTqohZ3MrSuqigZ0xC7U9Zp:fD1TmXRUrytMGjigMCM	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\NwbTAa0.wav.jcry	92.45 KB	MD5: 84da23ff9c9827617c0040cddebc581a SHA1: 2b0173cd1a1bd70ed037742d6ea14526e201708b SHA256: 96dfb90b8dc58ac61337d603244a6e69e4af40a641c650675b5d116eeb6170ac SSDeep: 1536:/u6OeyaFRYRgHbZSStxpOK0tHKvtDK+AYfH30rI4qY3oj/VaqmVSMCarZh:/P/ya7xYSOKW+Au+IHYobar	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\XR62R052.txt.jcry	0.51 KB	MD5: 7431b39ff946b6f739ed7c9ede3b4668 SHA1: 9e3ee42c923d44979cf5e936e19b3a438f4abc76 SHA256: cb38e34a299cc72456648ad43a67c7b30bd50cbd2eccdeca04a1f5f57f5871c6 SSDeep: 12:e8+8hyz9+tsK5o5XRAQi2ug+gAK13HUEQOGB4+r9UoFzFE:e8+n6QRgDg+gV1uOW4E9UoxFE	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\5Orb.png.jcry	3.28 KB	MD5: 487e13d379656523d2e0f189c08bd0d9 SHA1: b8f10ee20646cce1742302f18b1c04a1b4d8c56f SHA256: df2cdfa6cab19060c611efc86e1ee65d906f245391a909acda26c8f1769a121b SSDeep: 96:62uiIKZC1lxkDjgJR1JMj6izDE2Cfzyk5K9NErT0th9IQmeKO/:6Ji9ZmADjgOVzDfMOkGN6T0KQYM	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\n8Zk.wav.jcry	85.18 KB	MD5: 8ec861002e2f784dbd315455de8732f7 SHA1: af1f4e2e119703f14e4cc7250fd451c12ae7f85d SHA256: 93b2ce8f3e26fc5fcbdbaadf981c54bca1abb89ee3d8e294bf538acacfab9c37 SSDeep: 1536:LzHAD2eSu2ela2HoyayGzXDxqNNiCD3sqRji6pzQ2wkTqDYpLKQCOuCxyj33w1pk:LzgyeSuQ2KXVyNiasqRjxlRrpTFi0Q3	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\dbef2181[1].js.jcry	197.53 KB	MD5: 1655c007e12e49971b34e6ba87f27044 SHA1: bc7c30fc299ef4ff2be749b1eda4cf1c4964cd27 SHA256: 8142faa47f50a9e49e4cc7eaaf3174cbfb91edb88077a3d95b729f784df13d4c SSDeep: 6144:82UNBV1CbCH5+XFk8PD6j5O9KZqdP5PoK8cnxtX:82UbgDq5WKZIDX	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\3Y24VK53\961fe1d8[1].js.jcry	39.81 KB	MD5: 185528051008a946d8a328a9bbb2b68f SHA1: 8c9e8433a3719aa905db02a98fa16d25ec18c411 SHA256: ca2e30a43ae13ec2f111919becfa5e852a4a6ade90276532fc5ca520ae478164 SSDeep: 768:+J7iO/GACtoiNvVV+7iKRJ4PO7IOziYJJ3Dk1D30/b3rUNap2ym+wPcwvjk:+J7iO/7C5NvO+K74PO7IObrTk1DkYNah	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\8h2ynJ.bmp.jcry	24.45 KB	MD5: 34c933ce9226cfb57f9c9fef77668675 SHA1: e220e442c97014fea590a5ecf3a9a2ecf35e8cfd SHA256: 4b4faad047d8143b288282059bbe1d089b5d9b8f9dec7b9e2cf70314949b4a70 SSDeep: 768:cOu35fezPzDtoiivUODzanhNQRmGNrdUTU7mUEr:cTJQPzqDDzangTUTuEr	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\EIUPKxNK07txbNTvKKn\6FLlL.flv.jcry	20.86 KB	MD5: 67dfaf57254915948a0dd98adccd78a3 SHA1: 3497f4caff243043f5af96763b7dfad03099392e SHA256: 71754d271ea59fc930d3581b7a55049137a5a5b55440a3f87222f6309cf9240b SSDeep: 384:jhvo4BJqz+pAw4YxZHtZdOcePr4Mz8XqeiksKJ6mmtQ7sm3N3PeA:9vo4v4eAwpxZHTdnurJQ6exLBd3Pb	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\kKMnA1fXC9TJHVq4M3.wav.jcry	8.39 KB	MD5: b427e126ad388305895f724b45dbf17c SHA1: c07c5cc58a445cf4576c5297af2d6e3c89cdd937 SHA256: 4a7529929beab2d6bf68c7773560798b1190bfde2817edc1cc6302294714e554 SSDeep: 192:2IMPCsZeDE2CMXWP0BDbr765Kp9Rqdp29ZinfPs6Qe1KWmz1yLgNfgH:RsAbCMGP0xX765Svqdpe6qWmByNH	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\AU4UQGEP\imagesrv.adition[1].xml.jcry	0.12 KB	MD5: cd4f1b304aa615f6b6498f6b3dbe1161 SHA1: ac7b490582830359c1ec5a4ec545a435592ed978 SHA256: d97f5334d3b8342db66cfc85ff3496825ff9e97660370fa79edd5fec9560d374 SSDeep: 3:j/++bMo0m7g4ft17clrZA2xo4gr9yG2t4jRy4/xApPp:DLMoHfUlr3Bgr9yCRrIR	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\3Y24VK53\11ee0799[1].css.jcry	6.57 KB	MD5: 32052a3961480c3b5bf8d85f1a1f742a SHA1: 804cd428287a3847ed0993f6d33d4797f4385504 SHA256: eb4fc39348d36c0e0bb272807b17d338d8c6155e121e1181a71a15b668b65d5b SSDeep: 192:LBRf21YO05x5+ZrtJ1hiXTXKi8VizG+sFLhE2ayihnfqYgg:L+05W+Xp8ViRsFLhE2ayenCs	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\1WTyrtiBarUbqjk-.wav.jcry	46.95 KB	MD5: c59e8910d1807a96a25fe47cc0db7309 SHA1: d5c04daa37ee148da9a4cccd3dfac6cdcf58e9b6 SHA256: 380c7a4125e1b14f88af6d8bb1efab4d27d91595b2350657d149130b948cdb49 SSDeep: 768:glxzQAYsOPi2Zbu2YTcAnW96GT/HbRj6J6q4Yy1QNJml12UJcQRqSzBT8E:gHzYi2Za2Y4AW93O6q4YWQyPFzpd	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\4PDMHYK8.txt.jcry	0.13 KB	MD5: 1d253cf7df647f6480f4b10d07e8c336 SHA1: 4d1c4e9b1e6f3bedf88f52d0327f6f6612734046 SHA256: d0e9489e593c3cb14999cfb2ea112a41bb247a70674d44867c34092dbb3d8c7d SSDeep: 3:eHyhwMcP9KkUFplTLHLRHP+gY3Ua1LdNZEQDIy7d4mq6czRoK:eS49JYJLVY3ZLPZ/Io6mq6ARoK	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cert8.db.jcry	96.03 KB	MD5: c272383cd7c5821febe792668b0c4105 SHA1: 72adb75b39459505af81e18018dc641565836647 SHA256: 9d0d32ff0aac3003619d3871ccc4904df05425e515b2e30422464d2d07acf2dd SSDeep: 3072:WkcGYGv3BcwjvcNr8ZvbWz88Rww4XDsn5/4tZ3:HzZ3BrvcmZvO7RwXDsn5/kV	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\EPeDoq6_HHlgffGZ5PTZ.bmp.jcry	32.04 KB	MD5: f496670f306aff8ddfc1e1007c341bb1 SHA1: 3f7ca5cf3853a3a7399d80887db95b90370967c3 SHA256: 3c0229da656f71b9845e46b32922bf414326e9d70c7b1be574e983e8eeeae08d SSDeep: 768:xBXbL6NHo1UqKzoW6YMkUNoJD61NUmBF8VxgbP2sDxOMNIEzzt5IjhgRP4:x5L0qYoW6YM5ic88ROSfzt5NC	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\fd45bf1d[1].css.jcry	19.95 KB	MD5: 177d0b27fe8f0bcbf77b46c1a689b63a SHA1: 2f3e20c11aecfc61e54fc91374748ffde94eb7ac SHA256: c4043584c81b9572a8d128c188c328b567a1800d210ebb67735b468064f23223 SSDeep: 384:/Arm+a2dLgGy/07BEF5wEvhqoKrOLWFmp220q2G15xCi9v/okdkcv:/smR2dLgGy/E6obrOiFu22r2e5lpxv	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\0c3a2f0b[1].js.jcry	17.06 KB	MD5: 67195f3ee9ec8520f8cf4f6ebfa5da5c SHA1: e5827e539f8679f4adf24623e5c5a9ebc2dc11a1 SHA256: 22ff8170d9e91b5edf745565161193021ae6c2a607f9c55994b5979af32b5477 SSDeep: 384:9SjlLUjnqEB4rnEARf4xZ7WzkoEmcaIFdfKJ3R6fffyfVb/L0KzeYP3k:9oLe44ARf87atqRFsJ3/L0w3k	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5f1GmWkG5zEhyEA.wav.jcry	33.06 KB	MD5: bddc77a563e3c168154e09d4b5a254b4 SHA1: b74e5bdd0b7a450b8e68909cfc6a734df80582a9 SHA256: 78adae67527bcf8c08f983e9668f7dbec114b1ce28c533af5a1d2d258a8fab6c SSDeep: 768:3aJyiIYNXCAUgRzkkupFuGxwNBt0BaSgbwM4Vp:3OIYnUgRz7up3wWSWp	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\JUKMMX7P\secure-ds.serving-sys[1].xml.jcry	0.04 KB	MD5: d8d832a96ebce653ac71f5819c3d9276 SHA1: 4fe656633f34d2834cb1c6b6da9c433063da6f2d SHA256: c0570fec3c4dcb3ce5d504756d0c957e57d2134168acd4dbf46683c349ad956f SSDeep: 3:eLELjTJkoJr:eLifrF	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\fqsNmtO rfNWyAKc8Wv.jpg.jcry	18.96 KB	MD5: b8c8562e39a2b6b8f6d9efdaf7484392 SHA1: f975ed399e1c0e21f787fb0b66a5a1cc51209fb1 SHA256: 823c89e171b2d667e11404130f5ee9c37a106ff7ef34119e36d45f17977897ab SSDeep: 384:9iKYBfyznrxd52FWJEyY2Obk3GhEqFh9XNmDGhi+ijmeWhAAMvHjN82l:s1Cz8RM53GGqFh9XNmG10m36Hjvl	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\A1C77MqD7FQQ.png.jcry	16.58 KB	MD5: 8d14c34e56528817329e8f6026b6be1c SHA1: 12988eb0a37e5aa7cfa7541012547434b81002f8 SHA256: 765edfb1d2d1ba8eb2af6da2a6a3b3b5cae4bd6b25823ac2b1b08a1dc10159d1 SSDeep: 384:Eb6VwkHG+uhWif8gi3coLY/HKKzCOLn+qVhrkhQRaerpogdsa3bsLZ:EbOwkm+RgKc8QHKQvLn99cuKbaLW	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\R_O qfdw.odt.jcry	83.37 KB	MD5: a0bce8f1126129a5f1b4ad427bf2f254 SHA1: 3d5e5bbb98566ab99bcdf0b0f9a22424f48ceb3c SHA256: cc80cf0804e6f90b9d43850e088e37c11cc607f9b7a388df9e7fb0c46268de6a SSDeep: 1536:uTFWaMna3M/t4fwdPPj8/RhFbtzZksSu8aBIAMcFo8ToGXCQ:uIaMa3gSfwebtzZks6aBnMcy8TcQ	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\S_ o0i.pdf.jcry	98.68 KB	MD5: 5ec7aa77f4c3ea2acce31eed66b5ff85 SHA1: a46fe53ed658875773eec072ddc3e7bc127d4c22 SHA256: d9198da95412cb3a64398db369daa3ce3c222a999a7435a18fc83efe2e668571 SSDeep: 1536:6be1ySWvxyUoGAj8DW2VdzuQw7mayKoB+yFKPg+Q2g28kKlJZQNl/C/seE5O:Ke1ySWJR6riaytIPNPKlJZQjCf	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\L92wdnuSsnvupdqrUk.wav.jcry	89.71 KB	MD5: fc30a086cc9ab1819afc5d777ea5d834 SHA1: 48dff9987837e34bc737a6d023671fb642ca7cd9 SHA256: 4dfdacdb77a2456e1193dc1f0ece09c1365a362140a5cee893109d195a6196b0 SSDeep: 1536:iOz68Y57waiK6sGF4mIG3K5IGGHC3p2o/KNu7nAUzwbaWBWKh+hDFd3NfCPiyCQl:ii68Y5waiKUR3GmC522hBWNaRdMPixQl	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\8744b8f8[1].js.jcry	40.90 KB	MD5: 41c37af9db5df05c982b506e05c54e50 SHA1: 97988e68e254072dd7596ee0c3f2f41d32956193 SHA256: ea2c4e3f5ed4a9b8e0cfb08cfb96bdbc320ef9235e9ad17dd36efec0f8aa939d SSDeep: 768:bKf0+448CF/erD1bNSNiUHMDKKaQh9L1EseWp1duCk6LUJF7/G:Wfxz8CF/CyNAR591BkSU/7O	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\EIUPKxNK07txbNTvKKn\n_M KhNqiIxw\BL3ov7JZKgwU.jpg.jcry	100.02 KB	MD5: 5f5a8f7c1dd9ea4495e34e318455c692 SHA1: 998c2e9dde11df3d7c0c04f891207e06c483a7f7 SHA256: 0e1081e76c18e9ce4ba57de82b8d87f8d0bc3aa0b746cbabca454776021a8296 SSDeep: 3072:lvqvi+tO/J0vZCV/UG/8DYi/420O8par/rUp8RIF:oiLUq8siEWUuA	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Kl6eQoem54O.mp4.jcry	67.03 KB	MD5: 7c2d175b47988aa401bc32849e1f9623 SHA1: b294970c35f4b99228098e9a8aca5d1f1215942a SHA256: 5933d1e3030c69399257c27ad4e3c7b615eac1fcae9bb4e7ae7855678115c572 SSDeep: 1536:WLxOnlA4KXr72mEe1k/tPqAGWNBhqyKw/SJHkZ+sQ8GiyJ:WLxOliGJeiVSdWvhqyKjhknQvJ	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\P6GnBLDDfSOvP24-Vca.bmp.jcry	32.35 KB	MD5: 66e58bb20bead0c545be970fe151b03d SHA1: 34ecd827180c889065f44268ec16444cdf85181a SHA256: 5009bebe521782c86f2bd44df2755f49beb19c3c6d1bc53bdf4ee066093823dd SSDeep: 768:5IWcHS4zE1ICOMsFKdfVf+XUws29xI8zyIL+L22u4Y:+yWmICiIdfAhpDyN223Y	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\EIUPKxNK07txbNTvKKn\n_M KhNqiIxw\s3rGsXDAGLtq.m4a.jcry	66.97 KB	MD5: f5b62edd423c6ae67c5c374bbbc94fbd SHA1: f9023140981736f951d1d974543b0af58dbb571a SHA256: 0c2cdb3a79be75e8e058f262bc2a8d0cf64d4361d38ce083a75f100eef119a46 SSDeep: 1536:HBLsxSjmFp75a/NELWINQfWQg2FQEqAWWei7pa4DWyfBFZWsVr:H5HCFd5ONRISZgLEvWI3DWWHZWWr	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Tc1rfw.avi.jcry	48.97 KB	MD5: 90475310d85815e3b214a37cb3aa220c SHA1: 00d609444f86b3b833c28bac79b96f20a13b51e5 SHA256: ec35d30729e76a1992d1fafb15791ff7602419a16d680f0138e0e87faf573e56 SSDeep: 1536:f9FZxJ5QUokObcC/IeL1VlRuT/YvHwGhX:bsUokOw98lIT/YvHwwX	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg.jcry	0.24 KB	MD5: 22cc698aaca0dd39e28dd9579aeec413 SHA1: 9185cc8021da5c7b990434b7047870b3c2c4a976 SHA256: 759f5bf394780292b033f59c7112a6c4f65bc28569504c7cf78107f6554b353f SSDeep: 6:9dyi8furSQLXeoSFCUuQM/sTGU5AHs+4WcRzaffE9WgqLY2auwSE:9dxc4QM/shimRzeUW3UvunE	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vnpBYVuacZqI.flv.jcry	25.17 KB	MD5: 7fa89c687e89be7934d6c30f103bd2cb SHA1: 74583b2eddeab66a2b1cb9b43501ea99ef76be33 SHA256: 14738b45bcedc210b9379148a76ed428eee4a22c2ff0e2e9ddb9a23084b0c614 SSDeep: 384:xMqcHJ4whee109uz0PVs+QGHsZh1zAvtaC4yPj1m3wZmHr+Kyutc2loIS9q73I6I:nQvMC0PVs+s9A34bwZUr+Kyum28w3IC8	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\dbef2181[1].js.jcry	197.53 KB	MD5: 98c27ba9161a12a36dc270ffedcb2b88 SHA1: 855741b994cb97cd02738b12ce73d80c5ae71f37 SHA256: f1c167b9468a7799fc9f6350677b859415093948f4c9e421a94391384df7d72b SSDeep: 6144:PMldIcWl/PSTcus5jgVwJgXsQkLL9IOlRz1B5x/hI3z:PMldIJl/6YuqcVwOXsjLV/z1Bn/hID	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\0c3a2f0b[1].js.jcry	17.06 KB	MD5: 235333d7e95743e6007f0995ff9f9f58 SHA1: 284649c80f0937f42f770652a47849b9e1fdd390 SHA256: f89b09bb5a7fa9347e92859da0e64118d1c1df3fbb82e4199b4a9acdc01f60c3 SSDeep: 384:X5jm0JNGjD4wNGGcL4vdmMuNkvX44IGmH3D1NU:X4Ljttv/o4y3DTU	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\secmod.db.jcry	16.03 KB	MD5: 3d6b4c9f63a12bdf708c76414135f4ba SHA1: 5cc33bed92beddae74855ee4c2b43c004ad3503e SHA256: 18879811b9d36f34c28fb4e5bc2662f0d8820253722695dff8f0009d556df589 SSDeep: 384:IDUxIPw7TLEuJNeACdV5wQHZVy9tJ31hMUPRx6Ta0AsvHK6k+g79:IDk+EXEh7RFjWtXhb0a7sSVj9	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js.jcry	11.22 KB	MD5: e6488b56ee11dfd545ca1aaf6e61d46a SHA1: a1d6135a4eb962adea3ed4b2daa598a9bee3440b SHA256: 3f73375c296a1f2f22fc9661b83798fcd768d4cc85753955a3483bcc50268365 SSDeep: 192:4PyWHdZLtPECmm7ezWVkE0iBqeBLw9Lm2GA394LWAs2hWX5ysMB+72ENPq9r8:4K25omIQbBLB89C8vAlAXH/a8	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\43d68361[1].js.jcry	36.77 KB	MD5: 999e9f36aa4e90856b50060c15adff65 SHA1: ed7ca4c89c756dad4c3658eb03788c1e7f4c3c0e SHA256: 3dd43aa1fc1cfab57d688aa2f25a3972f038c5a0668ff9c3726e9a915b6fd8bb SSDeep: 768:WEwJoPL9aZSz1VuHAkrVKsHcLfXsolU/+3gYXT+KI/vs2lyLZixQu:bLSSzg5xKEcLUou/URT+p38FixQu	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\2743db28[1].css.jcry	59.17 KB	MD5: 2bcb7f23cd4b6b60d965d5d277b5012f SHA1: a77665343c7268a772138d128e246a72039bab57 SHA256: 15cf2417c8aea9afdb53347c7e55bec7c6b91daaecb505ded047ac8f2435c49a SSDeep: 1536:ruhOeMAmWGLOmkGMgweqJ2tPKNiBQAEEJvdBlm+T:6hOFDymkT2tFWUVdvnT	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db.jcry	16.03 KB	MD5: 059ad48481541953432fde56e535a023 SHA1: 77ec24a06fa8b38a517f50da086e45a38c442fd2 SHA256: 6d8a687e6cce235f227b558a545b9cb57d1ddfe8d7eb903c8504149f061063a4 SSDeep: 384:JcXKcx8s7hDqGuOpszMReGC3yHVoC5lixH5PX:mXKcx8spbaz2epUVTjCH5PX	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cert8.db.jcry	0.01 KB	MD5: 7df9cfdf39f49e0df91c123fd5f87365 SHA1: 72d29308beb30edd05dac930df648e41f4d6d669 SHA256: 7b15b2a6bacacacfb5a2fa47893cc2b89e28f179c5cefce78a563b6f237b44fe SSDeep: 3:+UGOBfn:rG6n	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\container.dat.jcry	0.01 KB	MD5: fea1047949f51f2b64bd0f3e3b59a24c SHA1: 0dc55dfd6fe6de1b6ae7e9fec079d5e7200caabd SHA256: 2c4e0d74a484621d600b549953303394ee1cd1a4d0ec72aaadd680058f36d835 SSDeep: 3:Zqn:0	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\TileDataLayer\Database\EDB00006.log.jcry	2.00 MB	MD5: 5f2248838f36ae6b525bbf0dde168dcf SHA1: d6e3d8eaadd4dc3855ab33054e17e98c89e82e8d SHA256: bbf920a6db261f72031255affea20ada9bef2f54a08c86115bf752b3b1489434 SSDeep: 49152:16YF+OeVfNna7mPcwVkMN9o5UZu8BNuEGdBzhx1HgRh505/RUbSR8qf:0YF1eNRMiVM	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\LICENSE.txt.jcry	0.50 KB	MD5: 7569889a580f914ae0941157380941e0 SHA1: 55b7de62baa9039a73fd779701b71475edbcf089 SHA256: b503c277e6f8b802f9fe20cb921f28a82800a0541a543b803ce85d7de29bc242 SSDeep: 12:Isj1pZ34whtZU9rhXGMhE9CJhXLKyoi7uIr:/DZ36FXw+t+yzuIr	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\previous.js.jcry	167.34 KB	MD5: 2a4c591cb1673b898c92dcd736e51254 SHA1: 0f491c890c1c27ebdbf4cd026b4ef460740de71d SHA256: e736c46584aa43aa55e87213a011a272aed09ee65727fcc51a5554eab4477588 SSDeep: 3072:Lh3PlxzUluhQWC1ICeKHBrqQz/nL7aSYe4vVfywvzke/nGyTlXDj413pp:l3wlXWC1kwrJSFe4vhyTe/nXTFcpp	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CT0F6TC1\www.msn[1].xml.jcry	1.49 KB	MD5: 2a1d8a7468e7c726348379d54a2e2ec9 SHA1: 4e82f6f5d16154e99ea6a24b4bc4b50792ea643b SHA256: ed86018666fa399b36d57a788a9ae0e8e9d277fca77fbc4dc3229628523100ee SSDeep: 24:HlUtMOIS6+F7NZwC+rDBLHcK1eJGtDeUHtzBGHhErQDGUHWy5/tbodalwgUsVPzZ:HDO6+PCbrDBLD1wwTtzutGUX5VAIwo5Z	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\FQWYA9OY\48a99eae[1].js.jcry	15.55 KB	MD5: f68c2015a096a9d5f2ea06097957e392 SHA1: e8c8b3aafefbb91587882dd27f5ba676848e0ac1 SHA256: 4b5bec9aeca88117b61277b67a039bef439e7c50195532b8dbce88cd390e3620 SSDeep: 384:oYEzmVj2zMUK97iy1w4+QyWp1CwYakOMC69ADuMg/By+zOo:oYpj2zMF9+rNJuCwjFu8oFzOo	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat.jcry	0.01 KB	MD5: 176e8fba0be455376683dbabb063ea11 SHA1: 4048b093dc28b687b46e2d2d6fe0a3dc30287d2c SHA256: 5632138257f64ee6090d3ab40298d711f6e0693a1aed704d05e964cdb7afdb8e SSDeep: 3:zSM:2M	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\424a9e57[1].css.jcry	1.31 KB	MD5: 99b56fed153737b3f13fa72d8a6948d0 SHA1: 5a8979da525a3d1b5900631b5608a0089da091ee SHA256: 09b7514421c68e7ccf45ec5587d588e314d7edf2e7e7110fce13014cac09d0e9 SSDeep: 24:RGyAAIvvW4xbd3Lz6tuXwTcRceYbjoXR+NxXUxW/XkD68f/ISYyQox/:RGzPb5uyzR+3o8xExWi/	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\_EWPtyB9l-.flv.jcry	51.74 KB	MD5: 43e6b94b01ce53f49740f9fe664a0338 SHA1: 8f39798511282921dde1a368c998c27e5355e3dc SHA256: e2e19c18667b8ba2f3cb1b65fa9c6daf6ccad43ac671435e03f08ab827587d73 SSDeep: 1536:g5Tc0K+RRTnMoxlvHIAmIp3t6hSopxaemuKoqAnnv9TB:QTc0KEyovTtQAbOvVB	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5N51JXj.jpg.jcry	82.07 KB	MD5: 31d97e27367c2e7d3e9213d41e73450d SHA1: 3b0a011dd59508118cf0b5fd434a6de6c34f0cf0 SHA256: 382722fb649a4885227ab60f9202aa0216d16031b3deb3b5769cea188f78053f SSDeep: 1536:wvH0pXW1R3cOoCkbhy3ibSi461mo/62IhUhDDA2Gzb39cTn6KUP:wvHGEcO9WBbSi4HFGDQ3NcTTc	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\pluginreg.dat.jcry	0.58 KB	MD5: 07a68b9588f0b127586e356ece156fc0 SHA1: 595cec46135473126214cc2490fa5f23704dd2de SHA256: 10085656907caf5d0a48235c956f06947e35e11a061626838e6fc626aa6f988f SSDeep: 12:DoPj0PqoMo90w7YGFEZYjR2fTkA7bZeHthn+yVzg60UJdtn0:Mj0ia90ts2f/eNhn+izg60UJdtn0	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\b5qncpkingHn74vPc.wav.jcry	19.43 KB	MD5: ee2c12ceb6a9d6cbd76dcf3db7c506cc SHA1: aea1b47a4436e7c370bab452f21bee832eb31bf7 SHA256: 18517b77d3715e55b768485fef894dab7ab2b835fd932f83d06c0e62af6293d8 SSDeep: 384:QLpaeNGZIXmSE7ZLeZ72pJLoOBKTVyvBv3a9LMIVAOiKL0aogLKBI+uwoZI:2pVNx7iLo72joOBUsRa5MIVAOsaogL4T	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\EIUPKxNK07txbNTvKKn\n_M KhNqiIxw\Z1wNTsoZ04Z6.wav.jcry	52.77 KB	MD5: 691321bff54e3bfb200d3cc31c4f35fb SHA1: 7994b4c93b104b67d80ac34888d776e41bb9288c SHA256: 80e6717ef0943e1b5c69cd332cbf122c42bdf9bcae1b8449401f3ebfa0cad9d9 SSDeep: 1536:ZDjpmVWWf7gSkIyn7p/NySHSPW/LvSF58JVbrB:ZRmHf7vfi7p8SHSPW/LvrJ19	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\lWzZbxg-gIxqPAUR\eRf2QpDdWV.mp3.jcry	16.90 KB	MD5: 205d2117aeb1bd4041bbcd1d3afcb2d9 SHA1: 684d54cd944b892893eb7d74964036e89b274906 SHA256: a8fffa17a515cebc39baaf1c2f60970c09495be68ffedcb0f605dfaf033ae7a2 SSDeep: 384:CCul0Bumt/ZgNV2wnmiIw6rDnIQj3f2YVFXmgmxA:DsCVEVLnmiOrDIGvN3L	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Vr0n4B.gif.jcry	49.21 KB	MD5: ed5bb8c07e301ac3bdd299109e1a0db5 SHA1: 43003233fc0f3aa839158c920340ed60ae1d86fe SHA256: ff5e69bc881391f90bb519eb7784fb57009420c87df3867dd76bd3ca1957692b SSDeep: 1536:6mczz+gRVonakNVdj/RzamTAznugBKZb3M0AiwqdxYfR4vzv:6J7ondh1SjugBKZb31AizEfR4vzv	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\SiteSecurityServiceState.txt.jcry	1.91 KB	MD5: 114c767922c7aad55ce3f00359fa19ac SHA1: 59df10e37bbbdfd057bfece3229590b378619cfe SHA256: a976b5e17d90bab741ab76fedbd79330ab9f9da70140cc245293ad14fe4e542f SSDeep: 48:OUlxwc4YFV4R29OLtJWjpGN5QVIPWg/zFw0+pK:llxBVT0tJWjpm5QKPWg2a	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\f294931d[1].js.jcry	116.19 KB	MD5: 970a91c508e9c86de4018ed1a62c3802 SHA1: 7f7aaf78c9f07fbdb038fe3e8f7ea4b90bd621cd SHA256: f48f0f843602010b8c693b5e3f0a9910eacfc7a29ce5fe9819c2ac37bd6c53f3 SSDeep: 3072:6WEbPU+bloRqUk7uvB+7vlZTG6ZfO0y6sMnP7o4lNJDkeaX9Cnv:6JTUKSqUUrLjtBO0SSPU4fKepnv	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\revocations.txt.jcry	20.94 KB	MD5: ce8decd0047f3ee829832cba3bacb023 SHA1: 95aa474c1b6900d433d83583436170dd27ade2eb SHA256: e27193d063a81299956dbf016161dae38d6ffadcc16944ac3a9cd1c2e0f73dd7 SSDeep: 384:vfcpc4pnHCSRXiPbmJSgTAKxeYrVF1NpiFTcIvNKjDFUQdG9tP:nSc4nigEboS2AvYZn+ocNiRUQdS	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Windows\AppCache\W91W3IB2\container.dat.jcry	0.01 KB	MD5: eef0b947d5565c0be510ef41faa15fd1 SHA1: a4eaf54bb97356f2cdbd2d74dba232b056b46ba7 SHA256: 1d0cbd21e0c82b6f64d72f5ffe1a7e55aa87e5f06653ff925da7a62f1cf1548a SSDeep: 3:q4QM6n:qBn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\FQWYA9OY\359d2aee[1].js.jcry	44.47 KB	MD5: 4708ac23caaa947b75c33a0295ce0ad1 SHA1: 79e9f8733f4593b8c4b0e5568cc8bb1d09c490de SHA256: 30d910b8bceb467eec598dccecc5a6514da0f3d9e2c368e7ca6403be33550158 SSDeep: 768:h9F4s2ttB5QrdxWJYXgq8bChewMy4UURv0PMrxNZFp455hwEdQyKyLWwIH8LmL3n:9H4H57OQJvy4Zv0kdNZFm5zfdhKyqwI9	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat.jcry	0.01 KB	MD5: 4d042ebbe5f95150bec3ab2375a10eda SHA1: e92fed7456fbb7cc0ef86da5299bc2879ab04b85 SHA256: bdf008aaeb031edfa9a634391c4194601ec86a30e12a0606ae99a416d1680654 SSDeep: 3:Mvf:cf	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\359d2aee[1].js.jcry	44.47 KB	MD5: c126e4454f1a4ef9893688a898b762b2 SHA1: 18fcc64ad483e5e0c928f26aa98a73e7a19e3a78 SHA256: cb2fd99787e33cf7d770f37a8fded911304145b6ba77d81036dee90b32f85fec SSDeep: 768:YFRTRgsQ3a3AxuhV9LWGqn3/8qEnDsJ4s0YpbJGRm/NFT30to1MUD4rI03kHV:Y7AawxukGA3/8qSstJG0X3io1MUD4/k1	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\48Ydd_YL6zkiHpnVH.m4a.jcry	95.49 KB	MD5: 6dc6b041c4b8931ca5ba0e1935703944 SHA1: 10d6667601f5c140e92039579ab672b4c9a4f4c9 SHA256: 4312cc74ac238b3cefc3d795cf8cc4231dfb396270d4d2028e58df9e833a1699 SSDeep: 1536:zgdXn8TxsqHq8B2dooPAz5YJApG6ZhMZS8y1YmIiGrAaEdlgIUHxeuwe9QFKnQaa:UdX8vHq8YzPA9gApGPZ3y1YxA7dR8jL8	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml.jcry	18.35 KB	MD5: f5ec9bde9a8bd8a686d70dd7dd677d15 SHA1: c91789a77cc3b2b16773c813b7e7d14604c1cc79 SHA256: aeaa165b224f5901cf21056df9b5c654d88aa12c958c53f0547624cfbf12cf63 SSDeep: 384:cIODu8ztTw9RkvrJ7ykgG3vLNfU1/Rg9UmGX:cIC3Nw9Svty4/LNOJDmW	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\9GedJNh.jpg.jcry	45.69 KB	MD5: 900236dc8c63d890d487a110db6d38cf SHA1: 06904d880def4a308c86b5b43f6c2f659b2f54ed SHA256: 2e731d41fe3a291af0e86104c5f229baef112e47e65fb61a3afb64583198ba26 SSDeep: 768:nip2sI6mrkBz2J/dSMFK99lIqdGboQirjU1RAMvjGj4Zsbjhe1Mnsj7althSs9b1:nisl6Vz2JdSMFG9ldG0k7AJ42b2liltF	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\VW8AjyKiR.m4a.jcry	72.79 KB	MD5: c415248b1cbe1bdeef77279e80bd76e7 SHA1: 7dc681fb63bccd1f49894299ecbf4df76b8b22c7 SHA256: 147b08e2cb00bdffc3a5ea39711c9472e440005245037e42606a991741eb6cc2 SSDeep: 1536:WY6M9uv2VmvfCcFKnZ5/WnNR1f4lv6sev/IdLA9/rvqF2sv:n6KC2ovKcbx4V6DGLA9G4sv	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\sgGXGW85LjDgV.mp3.jcry	55.37 KB	MD5: d8159e43bd21382906bdfb55bf64a834 SHA1: e71151b5d0f01768e701b6e464167d407099ed70 SHA256: 9675bd61da921a61978b15f6661abbdd7dc1a4115cc1ed1cf2c13e1be83a2f24 SSDeep: 1536:8JXvPbObqJgaExtVy2T6mXiweDm6COMZsboCiV7:YXHbOeSR9/yweDmtBX7	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\ZJQQUaHmqOLWF4.pdf.jcry	50.95 KB	MD5: e93b1061d93aeac9988a0fb2a8eb0782 SHA1: 26494fca3180d345f01e3dec8b9887062fc20837 SHA256: b2330ca131bb7df67996656af11c73b42d81d12c3952964dd5053661bcada1ce SSDeep: 1536:SKXa5Zlh/dz540vgtZg8o6cIKWZ9Qd66z5WoeBwh:/Cbh/dz54Mwgdx9WZ6c6zQoeyh	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\kJxmbBwJF.jpg.jcry	13.95 KB	MD5: c43a3f33ed0098562d879c2b657bf1cc SHA1: f7adbd11f1896046f0ad7597097dd7b4a388c9a3 SHA256: 55e5c6abcc35ec269c7f1ce2b5b12f6fcc989c50e61a277e7be05a2da783d52f SSDeep: 384:b/ZSVO7nfBAnyqJAdOc1LalrkqNdSzq5uMOJ:bxSVA5ADOdpOFkqNE6OJ	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\gADKb.jpg.jcry	91.09 KB	MD5: e591a9a3fd9b05ad7d8ae59a39be340b SHA1: 5586a50c07f48a06eecfa79c3661599e5845685d SHA256: 88d5156a9c05a939b5b6e2b1ae3b41137cf40cc24c417d2cdd41a289d65c3890 SSDeep: 1536:mKzqjPPglUcm9PFDHhNeQaCobJBtUcbW0FUGxLcdjPN9KGui2:mLUUcm3nMUoLxL0PNPuv	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\GFScNDJnf41.avi.jcry	39.10 KB	MD5: 34861e6d5761afa8cc637a7d373c9baf SHA1: 8d29d7a31196d7eae921d3b6976b90ce68452b80 SHA256: 1ba479d235ec0cd8f49bf5ea50a0120e4ddf56394870ded7f6c877422febf97f SSDeep: 768:zu/42Lslgmosc8+JDvxQsnqGMZUyqsuuwBzffcAJf/o/ngpID:zu/AosFWruWU0seBzf0AJ4nmID	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\8cafcc5f[1].js.jcry	122.43 KB	MD5: 8ed661445cce9c3727ed721c13ccb00a SHA1: 15f37e9cfe5ed6c7278900b077fc4bfcc0d278c2 SHA256: 3e043f47839cc56e79a5b24fe73a0bea41e3fffdc6722bf3e6698d2642e429de SSDeep: 3072:Lcr74VLWG8HVedUk+HFE/CyYpMzbUyyv64UjemInf8v:Lcn4VF4eG7lyYpMV664UjMnkv	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\container.dat.jcry	0.01 KB	MD5: 0a89cd313b3eb298196bbce76156c792 SHA1: 990f365057e58112d206ef511ccaabd79eefbeed SHA256: 81a27e13b08fa8035c936ef600efd23ac70d0ec37338295af2e50b3e22b89419 SSDeep: 3:aU:aU	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\TZMiuIiumWp5\QOjP.png.jcry	90.89 KB	MD5: 86863320982d78f534be558a970dfacb SHA1: 08bad2bd8c925c4740979ddb56a3216f220375cb SHA256: f3461a7dda6e068ac1b29d265539d40c7543eabf1c5ad8840ec9a5d5b53e5db9 SSDeep: 1536:rImlXRXOjd2C/E6riG+rbYkyLMY9w4CM8UTNf2o9n2IkDXqlEmHCZn/3:rVXgMbnrc5P/HTAraE6u3	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\igYUVjWJrILvw4.m4a.jcry	82.40 KB	MD5: 400de7dd97c058f9a574791f2ef2c07e SHA1: 48389451665e76206001512321f7a46ec03b20e7 SHA256: afc66f972ee16960f23f61681c50adc46b2a58ddec9f74fe8594859b3cdd2739 SSDeep: 1536:LYP1dYJr4gkjkbj0HYblo6onEOYvXEGi7DbPmdo8xRJM81Z9fKm62Q4AsVbN5xTV:LY9uJEgD0HYblo6o7Y/Ef7Dbu7P1/fKC	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\fcd21029[1].js.jcry	34.38 KB	MD5: 89253b12b12134ea1f5e3b9b77438ef3 SHA1: fbad96fc8046ada6eadf90dfa86037b39e568c4c SHA256: ae30b0e9462ca924060938a81924a8ae3b0afce7c1c6562365b1478b477ede46 SSDeep: 768:/6uMjSICrTxf4iSn5eh/Nwwod/U7FEsBSEwno/yGimmbLE:/6dSIC/Anoh/CdRUZEUcvGRmbLE	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P4DH426Z\045d3532[1].js.jcry	6.46 KB	MD5: e7c03dd1f30fb96a1a9286805577a361 SHA1: 080b0067d8a70f2cc2dbdd57c96145452d8c0cb1 SHA256: 8880e3618a7fed3838bba421e7e7096fb40a701e7233d341e3072b0abf796f2d SSDeep: 96:pGLBs5s99q6nP7XAUpEIzB5hPv2qNgcDWonRY/gmzLfots+HNIsbel5SJYy54fqQ:qB6SRP7wUpEIvcvSWIY/x5+H4S5do/	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\Desktop\EIUPKxNK07txbNTvKKn\n_M KhNqiIxw\LlauzD.gif.jcry	65.35 KB	MD5: e9bacaef78fb5145f3cf08191f2cfe74 SHA1: 9d0a34b4b357e984783b276a01e69eb268f04075 SHA256: 204b98d44a4a245e8312e3e63b24605f8e4e14a97a05eb6c30a4c34732f78671 SSDeep: 1536:ku7CTzbc6HyS6kHAyH3/gQLgvCOGoVXqUDIs:ku7CTzbc6H0mAyPgegvCOfVaUP	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P4DH426Z\2462f13c[1].js.jcry	40.10 KB	MD5: 094fb9eb6fae688d44ce9fdf6df869a0 SHA1: 1a14f933fe65a63e1b0d22ab0e41b6adfc5d6524 SHA256: eb09be0f75acc98e66bec5bbf916d6d0d6a28ab13b642e3bbf24d24d59ae6709 SSDeep: 768:73F5JZq08C0vHBYS282csn7pONQrGPd9cyHvswnC6dxNu6rMPi:73hJOHBYS22upCi6d9/vtCinDR	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\EmieSiteList\container.dat.jcry	0.01 KB	MD5: be2441a13e11876e42d4324c138a52b1 SHA1: acb4629a6e6e5cfbe3d0bc9d9a685dce4e4ba1f2 SHA256: 0b8eb122ab8ab25af9062a76fe57115d257dc122dc7918ca1c57f2145df9b88a SSDeep: 3:nH+E:H+E	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\EmieUserList\container.dat.jcry	0.01 KB	MD5: fd526e810eba67318cec3cc97de0a9f7 SHA1: ecc497cd95d6c8fba2c7ef7d23bd7efbd4ce6278 SHA256: ccd2d513a1fb4b062f10f50ccedaddaaf71488b93e69144421ee14ae7779a37a SSDeep: 3:z0A:z7	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\a23b7bb1[1].js.jcry	588.58 KB	MD5: 385d3646ca81f263209bdfb912d031c4 SHA1: 353bb03d065a200824087e56923e6d708d7eed81 SHA256: 60880161bcd7d0780cf4024438db49a4e9380191378ccd29e433b9d335ea7f07 SSDeep: 12288:3ewYDexrbDHFrJ4GMJpZq5t3oUt1N10b+JMQfJxldi3QnXo5xIcGRB:3e7Kx3bZqM5DXN+SSgJfcX5/6B	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\J9-r96l0FB.bmp.jcry	70.65 KB	MD5: b14e1ecc9f495366e7297310d1ead70f SHA1: 2e508d14f8668a8981c0f4225f6e76046fec876f SHA256: ce482e014358903bc2bc2e739a0e63136dd8a4f4f26428e1e85391fb30c33942 SSDeep: 1536:tkAh83R0qdkRkhq9sWKrPdu+K2pSr9+T+kOl8FSXgCsgFKpzq3q:TW32kkkq9sWehtuUT1OyF5Csg4pzq3q	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\bAfyRk9JrcPqktDMdla.swf.jcry	75.54 KB	MD5: 0e191474604afbf2412017e7767af74e SHA1: a14339b083cd02fe8ddc30264c6cdd8f7c921579 SHA256: 52dd40496c1e9248ea85e44637213579bea7a5e617f9939a24f96e4353eb552b SSDeep: 1536:kvC4C53sDtZCnkhRic+AZyGIgv2D7ouJbE9d4qkQr4bta:7KankhRqAegHWEd4q1Ec	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\SecurityPreloadState.txt.jcry	0.01 KB	MD5: 099a48e831a9b02588902f7c8192c61e SHA1: 506edbf39d89aa71179aea6b375d5a8ca012ccfe SHA256: e2360333cfe5d2bc943618cfd32a8fbfd8ce83bdf7e3a26adc67cc3683e2d236 SSDeep: 3:jnKq:bKq	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P4DH426Z\e3f307cb[1].js.jcry	18.34 KB	MD5: 8c6afe78663ae9d93183071a547ff26d SHA1: bda161904d06f11c52a71bc4c0a17d5c0ac8f49e SHA256: bb1f44a1c95689b3fa63f7d23ae39d263aac0b5c4c749abf6a7ceffc7e338dd0 SSDeep: 384:MRjjht5XzNfxSlxHVVi8iJkyeVDKhEecLBvBTT9t+doclM:Ej5XzlxS3ijxechEecLdvt+doc6	... File Actions Show Properties Download

Modified Files

Filename	File Size	Hash Values	Actions
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\container.dat.jcry	0.01 KB	MD5: c0ab69ea5c44af09fdbbdbad069f1d52 SHA1: 74ffff5e84e7b80ce062fd2cd845be4a4fd968a7 SHA256: 4a694a7fae36f7f74dfa9382968065592e4b315810b43be1920d790a7bbedf66 SSDeep: 3:zO:zO	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\214513\imprbeacons.dat.jcry	0.01 KB	MD5: 7b6e0a30aab08e02ee92860a45c88712 SHA1: 6a28fa5bd29e68c6e797b58945cb7ea86215b619 SHA256: cf81e61423166b74413df923803a8cd510a9c01cafffe7192af3e300a1f3064a SSDeep: 3:M/X7:+X7	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCookies\container.dat.jcry	0.01 KB	MD5: eab60c39823fc22f610356ee0173fb29 SHA1: 41d599bfc108a70a2ad49167bf0dfaeb2215ae87 SHA256: 3928fb50645ea23d002a5c6f14d3c946afc50c44ea7d5bef6c34f6fca6a1224a SSDeep: 3:Gn31cn:GS	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApi\container.dat.jcry	0.01 KB	MD5: 7a3e9f29ef95511a68604c338d56f3d3 SHA1: e10ec2536b7ba8aba49ef1e47042c158a4befa1d SHA256: 99dd02e8619b36383f140025e49495850967b805bc461a5afb6a3b6885f87295 SSDeep: 3:XvJvMZ:XK	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\210509\eventbeacons.dat.jcry	0.01 KB	MD5: 04580bcd03bde92ccb60ee686128b567 SHA1: 72d9daa4dcf574b7c62fd596252173f743cea878 SHA256: 06eb6f811f24976766210ad518320b112ca70997fd6e55216933b42e55fb8fa4 SSDeep: 3:VVu:C	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209776\imprbeacons.dat.jcry	0.01 KB	MD5: daa74843539393e0b7cb1722e7ec41b6 SHA1: 13758c29781d41d8756d734f592f2a4ab4de42f2 SHA256: aecf05f5f8b9a07c224a9aec41f9c1d606853d24e4b8c7a5498f91c0ddf1bc4e SSDeep: 3:Aw2Mh9n:ADg9n	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCache\container.dat.jcry	0.01 KB	MD5: ea148b2134880dbc832a8d40b803df84 SHA1: bb086ae38b30ce37b9ddf35a73179d1fe45d833c SHA256: 75e46fd132a305c9711f9f2a3ca6bacc7064247712139c4e0175e31130ece2e7 SSDeep: 3:2yX:2yX	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DNTException\container.dat.jcry	0.01 KB	MD5: c270a90cdea7b71ac551480374928186 SHA1: bd01a27cb9d10702644408d058537c823a0df796 SHA256: 40422ca80d056c29704c136e11183682a740c33a6b4a38876c077d98f9f7a32b SSDeep: 3:QAkTRn:AVn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCookies\container.dat.jcry	0.01 KB	MD5: 7f9b9994cf2f66b42ae0ed6a5286082a SHA1: f27bca7d6a95e1d98d7b677f6ff8a95db8e00256 SHA256: a47b3577362d6417cf1d65300ac5c7ef956d0cc61852a95a1097dab12e2f9319 SSDeep: 3:mq3v:mq3v	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\210469\eventbeacons.dat.jcry	0.01 KB	MD5: 1f81570aa94849a8ce4e65104c1c8cd3 SHA1: 98ad82c35501b93aff8d87032032ded6fe458deb SHA256: e0a3d746aa17f2e498bd55a9f4ed1ade14428a3d5cf09778da33526ed3f4813a SSDeep: 3:Ligkj:Ghj	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209857\eventbeacons.dat.jcry	0.01 KB	MD5: 2844418fd98d2ff90aaf6ca7d83fe4d7 SHA1: bc7267fadd66f9b009f032918967b06b7b6ead6d SHA256: 89e32baf44de8e2372cf4be25004852340596a6998d23c7208dbc90b4c3b9d02 SSDeep: 3:EwzQ:Zk	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209776\eventbeacons.dat.jcry	0.01 KB	MD5: 545772331502a191d59067b2eac2dc14 SHA1: 9bf27998fd174957bb480fb833b3116fb777939e SHA256: 5d70ef9143576f55cf92323f4a72698c88226ed4ebdf921598589c474077d412 SSDeep: 3:TPN:DN	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\210509\imprbeacons.dat.jcry	0.01 KB	MD5: 6c3b05043236cb40ef818adbb423002c SHA1: 6403bb5bfd7a2c4ab1e75c217283df465bf5af54 SHA256: d6f3be3167afc3b806b3d2ec6568a2177efff93cd288f7cc0bdb5d73595484d0 SSDeep: 3:jKT:S	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209809\eventbeacons.dat.jcry	0.01 KB	MD5: ed402c0ae214979aa809d4f765094a1c SHA1: 66ff6fd4384c4a55cce05bc131918d2171dccf0c SHA256: 116c0d6cd1682734658fb49c12870870421c023241dc9d716dee90aefbe28ce4 SSDeep: 3:J828:+Z	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209562\imprbeacons.dat.jcry	0.01 KB	MD5: 992b5125f1ef922fd36313790f8b8262 SHA1: 36992912c3910e56c8aaa74f7b4a861ea3b82c51 SHA256: c6b290a10f5ad957568124db4af7bfa953b6a6bb185d9d390ffc0947428aa710 SSDeep: 3:Pb8u:j	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\210469\imprbeacons.dat.jcry	0.01 KB	MD5: f10da129c20722027a2600095105967a SHA1: ca49eb7eaa8a873ca29e5d31e53fd6190c5a9f08 SHA256: 827231c50f7d1f88acae1a673a442096b82cecc735eb4c252b301fc745f6a90b SSDeep: 3:pSXvn:pSXv	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm.jcry	47.47 KB	MD5: 986dd8586f9c8651247eddb8a6f48560 SHA1: 439591526b30774f1b475fdbad8954db2fb17abe SHA256: 11d0c42680e85cc0641ecaca0670479c294c9e6225febc999de107da628f385e SSDeep: 768:X3GvBrPXciypunIQavx4NQp0jxCORMbxI/klrvzpTMnlASU8/RsBhgtiN+4vg:nGpbclAAx4N80jxCOqoklrvClAB8ehze	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\container.dat.jcry	0.01 KB	MD5: 04f4c17f9bb51ca8a314d36959df0f10 SHA1: 6720a592599bad7a8b1a2330be9b50425ef6c0a8 SHA256: 6ad5a85eb2f977501477afddae979dc23aecf628fce8a3ecc8951d2ae86a8088 SSDeep: 3:AD5n:AD5n	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209562\eventbeacons.dat.jcry	0.01 KB	MD5: cd554f53d6bf54cb0a183959fc70c5aa SHA1: 4f715ba1c6bd17cd9c0d227a1a258820857a8fa1 SHA256: 77526a8c5dbf5e64263a168d6029a6acbfb1cd8a12d4f480808b154a5f90588f SSDeep: 3:O+4rS:O+	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\container.dat.jcry	0.01 KB	MD5: aae0f289b716adcf0bcd6d30ed656f86 SHA1: f68796e2144a86417685a4953a4ef2afb604e815 SHA256: 3fb2541d09ca344c42dc78165895899c66cc08dba3f4782167c0154ab1eca6a5 SSDeep: 3:dUs:dUs	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209809\imprbeacons.dat.jcry	0.01 KB	MD5: 13f4d9697397f2b2436ad1f85bad9ce0 SHA1: 900384e1b368ea68595dfad1625838c5f7a6da59 SHA256: aa1cec31874655bb30e7f78a58b78e16399db754ec0da1441f18161ca444b0e0 SSDeep: 3:kKZWae3W:kVVm	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\214513\eventbeacons.dat.jcry	0.01 KB	MD5: a26d3ba35bd8e78f346475c957504da4 SHA1: 476f21d041b550ea6b0828bcacdd416f5f193fd5 SHA256: a8e92f8dab12237b714ee134ee3e741fda61070e12cc49647fccfa692eea7997 SSDeep: 3:A2W4Mn:AZn	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209857\imprbeacons.dat.jcry	0.01 KB	MD5: 18d5f6ab73bd1ece0e4d7c09eb715b04 SHA1: 5e544f95c75a1788d98d7f1ed3f1553661b2bd51 SHA256: a76af19cf546910c5dcc70c73f15e5001cae686c589a9081e04402d66fe8bfcd SSDeep: 3:H1SMon:9on	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\7CSZDG21\container.dat.jcry	0.01 KB	MD5: 3a2532a239e0698f73e5769f2ae381a4 SHA1: 1929430c1dd4dc225ba1fd9a1a9719e7f8b84489 SHA256: 6fc400c8e03011bee0747de74483b8fd00f663d248f021c513ddf4a6105d5e0a SSDeep: 3:5G6n:Y6n	... File Actions Show Properties Download
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DownloadHistory\container.dat.jcry	0.01 KB	MD5: 94626ac37632b0ddd6fefefbd5ae6bc8 SHA1: c68c1b20838510b8b58cc66bf8649da8c903b832 SHA256: 2f2f601fcf2005e15b0fd141a6869997dc014279e97dbf2ae93c2f572c3a7988 SSDeep: 3:Uaqun:Uvu	... File Actions Show Properties Download

Host Behavior

File (3476)

Operation	Filename	Additional Information	Count	Logfile
Create	A:\	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	B:\	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	2	Fn
Create	C:\$Recycle.Bin	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\$Recycle.Bin\S-1-5-18	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\chs_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\chs_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\cht_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\cht_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\jpn_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\jpn_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\kor_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\kor_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\malgun_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\malgun_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\malgunn_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\malgunn_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\meiryo_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\meiryo_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\meiryon_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\meiryon_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\msjh_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\msjh_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\msjhn_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\msjhn_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\msyh_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\msyh_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\msyhn_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\msyhn_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\segmono_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\segmono_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\segoe_slboot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\segoe_slboot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\segoen_slboot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\segoen_slboot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\wgl4_boot.ttf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Fonts\wgl4_boot.ttf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Resources	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\Resources\en-US	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\bg-BG	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\cs-CZ	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\da-DK	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\de-DE	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\el-GR	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\en-GB	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\en-US	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\es-ES	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\es-MX	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\et-EE	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\fi-FI	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\fr-CA	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\fr-FR	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\hr-HR	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\hu-HU	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\it-IT	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\ja-JP	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\ko-KR	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\lt-LT	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\lv-LV	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\nb-NO	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\nl-NL	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\pl-PL	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\pt-BR	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\pt-PT	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\qps-ploc	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\ro-RO	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\ru-RU	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\sk-SK	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\sl-SI	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\sr-Latn-CS	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\sr-Latn-RS	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\sv-SE	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\tr-TR	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\uk-UA	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\zh-CN	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\zh-HK	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\zh-TW	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Config.Msi	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\PerfLogs	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\ToolsSearchCacheRdr	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\el	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\883.tmp.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\883.tmp.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\884.tmp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\884.tmp.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\884.tmp.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\5D07.tmp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\5D07.tmp.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\5D07.tmp.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\5D08.tmp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\5D08.tmp.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\5D08.tmp.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\5D19.tmp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\5D19.tmp.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\5D19.tmp.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\000003.log	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\000003.log.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\000003.log.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Local Storage	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\8c4d7305-348c-4e49-a93a-83143a3b9025	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\8c4d7305-348c-4e49-a93a-83143a3b9025\index-dir	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\1eb73b7c-1f7e-4d77-acd3-5605781472f5	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\1eb73b7c-1f7e-4d77-acd3-5605781472f5\index-dir	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\bf8f082f-6a47-47c8-a2cc-2761ce03ff32	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\index-dir	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Session Storage	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\000003.log	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\000003.log.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\000003.log.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Web Applications	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000003.log	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000003.log.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000003.log.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\databases	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\EVWhitelist	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\FileTypePolicies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\OriginTrials	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\PepperFlash	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Subresource Filter	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\SwReporter	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\WidevineCdm	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\pnacl	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\CrashReports	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\IconCache.db	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\IconCache.db.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\IconCache.db.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\CLR_v2.0	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\CLR_v2.0\UsageLogs	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\CLR_v4.0	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\CLR_v4.0\UsageLogs	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\CLR_v4.0_32	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Credentials	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Event Viewer	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\FORMS	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Feeds	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Feeds Cache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Feeds Cache\6YGNCJW8	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Feeds Cache\FZW2QEOY	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Feeds Cache\O593F7EE	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Internet Explorer\Recovery\Active	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Media Player\Transcoded Files Cache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\History	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\History\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\History\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatCache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatCache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatUaCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatUaCache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatUaCache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IEFlipAheadCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IEFlipAheadCache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IEFlipAheadCache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\AppCache\Y2EKXLK8\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\AppCache\Y2EKXLK8\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\AppCache\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\AppCache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\AppCache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\EmieSiteList	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Temp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\TempState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\INetCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\INetCookies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\INetHistory	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\LocalState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\SystemCertificates	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\SystemCertificates\My	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\SystemCertificates\My\CRLs	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\SystemCertificates\My\CTLs	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\SystemCertificates\My\Certificates	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\History	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\History\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\History\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\History\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatCache\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatCache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatCache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatUaCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatUaCache\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatUaCache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatUaCache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\1\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\03HJF3R5	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\ETFMMWBM	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\N6BZW9Z5	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\P1T4DCFU	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Temp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\TempState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\INetCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\INetCookies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\INetHistory	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\SystemCertificates	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\SystemCertificates\My	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\SystemCertificates\My\CRLs	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\SystemCertificates\My\CTLs	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\SystemCertificates\My\Certificates	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\Windows	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\Windows\1605653898	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\BingPageDataCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\BingPageDataCache\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\BingPageDataCache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\BingPageDataCache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\CortanaAssist	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\History	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\History\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\History\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\History\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatCache\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatCache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatCache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatUaCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatUaCache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatUaCache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IEFlipAheadCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IEFlipAheadCache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IEFlipAheadCache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\PlayReady	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DNTException\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DNTException\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DownloadHistory\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DownloadHistory\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Favorites	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\7CSZDG21\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\7CSZDG21\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCookies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCookies\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCookies\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetHistory	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCookies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCookies\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCookies\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetHistory	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApi\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApi\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApiGroup	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209562\eventbeacons.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209562\eventbeacons.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209562\imprbeacons.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209562\imprbeacons.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209562\imprbeacons.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209776	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209776\eventbeacons.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209776\eventbeacons.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209776\imprbeacons.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209776\imprbeacons.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209776\imprbeacons.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209809	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209809\eventbeacons.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209809\eventbeacons.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209809\imprbeacons.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209809\imprbeacons.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209809\imprbeacons.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209857	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209857\eventbeacons.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209857\eventbeacons.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209857\eventbeacons.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209857\imprbeacons.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209857\imprbeacons.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\209857\imprbeacons.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\210469	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\210469\eventbeacons.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\210469\eventbeacons.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\210469\eventbeacons.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\210469\imprbeacons.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\210469\imprbeacons.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\210469\imprbeacons.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\210509	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\210509\eventbeacons.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\210509\eventbeacons.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\210509\eventbeacons.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\210509\imprbeacons.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\210509\imprbeacons.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\210509\imprbeacons.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\214513	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\214513\eventbeacons.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\214513\eventbeacons.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\214513\eventbeacons.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\214513\imprbeacons.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\214513\imprbeacons.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\214513\imprbeacons.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\StagedAssets	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Tips	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Microsoft.Windows.ContentDeliveryManager_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Microsoft.Windows.ContentDeliveryManager_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy\ActivationStore	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\RoamingState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\SystemAppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\TempState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\045d3532[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\045d3532[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\045d3532[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\0c3a2f0b[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\0c3a2f0b[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\0c3a2f0b[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\1e4bafa3[1].css	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\1e4bafa3[1].css.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\1e4bafa3[1].css.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\2743db28[1].css	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\2743db28[1].css.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\2743db28[1].css.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\359d2aee[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\359d2aee[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\359d2aee[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\3fe43eeb[1].css	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\3fe43eeb[1].css.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\3fe43eeb[1].css.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\424a9e57[1].css	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\424a9e57[1].css.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\424a9e57[1].css.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\43d68361[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\43d68361[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\43d68361[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\4cd29aa1[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\4cd29aa1[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\4cd29aa1[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\8744b8f8[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\8744b8f8[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\8744b8f8[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\8cafcc5f[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\8cafcc5f[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\8cafcc5f[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\Init[1].htm	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\Init[1].htm.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\Init[1].htm.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\a23b7bb1[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\a23b7bb1[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\a23b7bb1[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\cca0c2d7[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\cca0c2d7[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\cca0c2d7[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\cd8c9d67[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\cd8c9d67[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\cd8c9d67[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\dbef2181[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\dbef2181[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\dbef2181[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\e3f307cb[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\e3f307cb[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\e3f307cb[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\f294931d[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\f294931d[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\f294931d[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\fd45bf1d[1].css	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\fd45bf1d[1].css.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\24\fd45bf1d[1].css.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\BackgroundTransferApi	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\0c3a2f0b[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\0c3a2f0b[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\0c3a2f0b[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\2743db28[1].css	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\2743db28[1].css.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\2743db28[1].css.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\5bf5eed4[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\5bf5eed4[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\5bf5eed4[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\8636b4dd[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\8636b4dd[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\8636b4dd[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\89c17add[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\89c17add[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\89c17add[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\dbef2181[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\dbef2181[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\dbef2181[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\fcd21029[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\fcd21029[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\fcd21029[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\3Y24VK53	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\3Y24VK53\11ee0799[1].css	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\3Y24VK53\11ee0799[1].css.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\3Y24VK53\11ee0799[1].css.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\3Y24VK53\961fe1d8[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\3Y24VK53\961fe1d8[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\3Y24VK53\961fe1d8[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\FQWYA9OY	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\FQWYA9OY\3417f6c5[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\FQWYA9OY\3417f6c5[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\FQWYA9OY\3417f6c5[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\FQWYA9OY\359d2aee[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\FQWYA9OY\359d2aee[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\FQWYA9OY\359d2aee[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\FQWYA9OY\48a99eae[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\FQWYA9OY\48a99eae[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\FQWYA9OY\48a99eae[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P4DH426Z	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P4DH426Z\045d3532[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P4DH426Z\045d3532[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P4DH426Z\045d3532[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P4DH426Z\2462f13c[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P4DH426Z\2462f13c[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P4DH426Z\2462f13c[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P4DH426Z\ab584def[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P4DH426Z\ab584def[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P4DH426Z\ab584def[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P4DH426Z\e3f307cb[1].js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P4DH426Z\e3f307cb[1].js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P4DH426Z\e3f307cb[1].js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\4PDMHYK8.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\4PDMHYK8.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\4PDMHYK8.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\XR62R052.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\XR62R052.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\XR62R052.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetHistory	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApi	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApi\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApi\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApi\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApiGroup	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApiGroup\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApiGroup\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApiGroup\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\11JCBKEC	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\3YF3CW26	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\5K7R7KLZ	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\YZLQLSKF	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\YZLQLSKF\www.bing[1].xml	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\YZLQLSKF\www.bing[1].xml.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\YZLQLSKF\www.bing[1].xml.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Windows	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Windows\3530508098	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Temp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Microsoft.Windows.Cortana_1.4.8.152_neutral_neutral_cw5n1h2txyewy	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Microsoft.Windows.Cortana_1.4.8.152_neutral_neutral_cw5n1h2txyewy\ActivationStore	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Microsoft.Windows.Cortana_1.4.8.152_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Microsoft.Windows.Cortana_1.4.8.152_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Microsoft.Windows.Cortana_1.4.8.152_neutral_neutral_cw5n1h2txyewy\ActivationStore\ActivationStore.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\RoamingState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\SystemAppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\AC	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\AC\INetCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\AC\INetCookies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\AC\INetHistory	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\AC\Temp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\AppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\LocalCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\LocalState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Microsoft.Windows.ParentalControls_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Microsoft.Windows.ParentalControls_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy\ActivationStore	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\RoamingState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\SystemAppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\TempState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\INetCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\INetCookies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\INetHistory	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\Temp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\ActivationStore	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\RoamingState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\SystemAppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\TempState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\INetCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Data.bin.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Data.bin.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Header.bin	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Header.bin.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Header.bin.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\INetCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\INetCookies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\INetHistory	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\Temp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Microsoft.WindowsAlarms_10.1506.19010.0_x64__8wekyb3d8bbwe	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Microsoft.WindowsAlarms_10.1506.19010.0_x64__8wekyb3d8bbwe\ActivationStore	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\RoamingState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\SystemAppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\TempState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\INetCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\INetCookies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\INetHistory	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\Temp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\ActivationStore	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\RoamingState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\SystemAppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\TempState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\INetCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\INetCookies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\INetHistory	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\Temp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\ActivationStore	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\RoamingState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\SystemAppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\TempState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\AC	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\AC\INetCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\AC\INetCookies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\AC\INetHistory	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\AC\Microsoft	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\AC\Microsoft\Windows	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\AC\Microsoft\Windows\3375042201	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\AC\Temp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\AppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Microsoft.WindowsFeedback_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Microsoft.WindowsFeedback_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy\ActivationStore	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\RoamingState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\SystemAppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\TempState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\INetCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\INetCookies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\INetHistory	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\Temp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Microsoft.WindowsMaps_4.1505.50619.0_x64__8wekyb3d8bbwe	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Microsoft.WindowsMaps_4.1505.50619.0_x64__8wekyb3d8bbwe\ActivationStore	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\RoamingState	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCookies	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCookies\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCookies\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetHistory	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\SystemAppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.devicesflow_cw5n1h2txyewy	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.devicesflow_cw5n1h2txyewy\SystemAppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\SystemAppData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\TileDataLayer\Database\EDB00006.log.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\TileDataLayer\Database\EDB00006.log.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\TileDataLayer\Database\EDBtmp.log	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\VirtualStore	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Adobe	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Adobe\Acrobat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Adobe\Acrobat\DC	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Adobe\Acrobat\DC\Search	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Adobe\Acrobat\DC\assets	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Adobe\Linguistics	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Adobe\Linguistics\UserDictionaries	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Adobe\Linguistics\UserDictionaries\Adobe Custom Dictionary	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Adobe\Linguistics\UserDictionaries\Adobe Custom Dictionary\all	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Adobe\Linguistics\UserDictionaries\Adobe Custom Dictionary\de_CH	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Adobe\Linguistics\UserDictionaries\Adobe Custom Dictionary\de_DE	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Adobe\Linguistics\UserDictionaries\Adobe Custom Dictionary\en_CA	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Adobe\Linguistics\UserDictionaries\Adobe Custom Dictionary\en_GB	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Adobe\Linguistics\UserDictionaries\Adobe Custom Dictionary\en_US	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Adobe\Linguistics\UserDictionaries\Adobe Custom Dictionary\nl_NL	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\CryptnetUrlCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\8EURADBC	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\8EURADBC\c.betrad[1].xml	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\8EURADBC\c.betrad[1].xml.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\8EURADBC\c.betrad[1].xml.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\AU4UQGEP	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\AU4UQGEP\imagesrv.adition[1].xml	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\AU4UQGEP\imagesrv.adition[1].xml.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\AU4UQGEP\imagesrv.adition[1].xml.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CT0F6TC1	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CT0F6TC1\c9.skadtec[1].xml	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CT0F6TC1\c9.skadtec[1].xml.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CT0F6TC1\c9.skadtec[1].xml.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CT0F6TC1\www.msn[1].xml	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CT0F6TC1\www.msn[1].xml.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CT0F6TC1\www.msn[1].xml.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\JUKMMX7P	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\JUKMMX7P\secure-ds.serving-sys[1].xml	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\JUKMMX7P\secure-ds.serving-sys[1].xml.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\JUKMMX7P\secure-ds.serving-sys[1].xml.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\EmieBrowserModeList	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\EmieSiteList	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\EmieSiteList\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\EmieSiteList\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\EmieSiteList\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\EmieUserList	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\EmieUserList\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\EmieUserList\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\EmieUserList\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Internet Explorer\Services	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Windows	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Windows\AppCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Windows\AppCache\W91W3IB2	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Windows\AppCache\W91W3IB2\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Windows\AppCache\W91W3IB2\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Windows\AppCache\W91W3IB2\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Windows\AppCache\container.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Windows\AppCache\container.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Microsoft\Windows\AppCache\container.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Mozilla	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Sun	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Sun\Java	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Sun\Java\Deployment	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Sun\Java\Deployment\log	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Sun\Java\Deployment\security	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Sun\Java\Deployment\tmp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Sun\Java\Deployment\tmp\si	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\-hulqV.mp3	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\-hulqV.mp3.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\-hulqV.mp3.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5N51JXj.jpg	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5N51JXj.jpg.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5N51JXj.jpg.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5f1GmWkG5zEhyEA.wav	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5f1GmWkG5zEhyEA.wav.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5f1GmWkG5zEhyEA.wav.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\8h2ynJ.bmp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\8h2ynJ.bmp.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\8h2ynJ.bmp.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\9GedJNh.jpg	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\9GedJNh.jpg.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\9GedJNh.jpg.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Collab	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Forms	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\AssetCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\AssetCache\NAHQNPMN	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\NativeCache	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Headlights	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Linguistics	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\Logs	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\EPeDoq6_HHlgffGZ5PTZ.bmp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\EPeDoq6_HHlgffGZ5PTZ.bmp.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\EPeDoq6_HHlgffGZ5PTZ.bmp.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\GFScNDJnf41.avi	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\GFScNDJnf41.avi.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\GFScNDJnf41.avi.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Identities	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Identities\{CA8CA1BB-F2A6-4E9C-B7CC-FB56671763E8}	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\J9-r96l0FB.bmp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\J9-r96l0FB.bmp.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\J9-r96l0FB.bmp.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Kl6eQoem54O.mp4	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Kl6eQoem54O.mp4.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Kl6eQoem54O.mp4.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\#SharedObjects	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DQQHJZ8C	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\AddIns	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Credentials	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\16	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Excel	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Excel\XLSTART	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\UserData	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MMC	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16\en-US	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network\Connections	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network\Connections\Pbk	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote\16.0	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\PowerPoint	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Proof	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher Building Blocks	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Speech	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\AlternateServices.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\AlternateServices.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\SecurityPreloadState.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\SecurityPreloadState.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\SecurityPreloadState.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\SiteSecurityServiceState.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\SiteSecurityServiceState.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\SiteSecurityServiceState.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist.xml	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist.xml.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist.xml.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\bookmarkbackups	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cert8.db	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cert8.db.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cert8.db.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\events	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp\WINNT_x86-msvc	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\LICENSE.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\LICENSE.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\LICENSE.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\minidumps	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\pluginreg.dat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\pluginreg.dat.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\pluginreg.dat.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\revocations.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\revocations.txt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\revocations.txt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\saved-telemetry-pings	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\secmod.db	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\secmod.db.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\secmod.db.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\previous.js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\previous.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\previous.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore.js	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore.js.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore.js.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\idb	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\idb\2918063365piupsah.files	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.files	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.files\journals	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\PQu2.bmp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\PQu2.bmp.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\PQu2.bmp.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Q9i6C.bmp	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Q9i6C.bmp.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Q9i6C.bmp.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\R_O qfdw.odt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\R_O qfdw.odt.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\R_O qfdw.odt.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\S_ o0i.pdf	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\S_ o0i.pdf.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\S_ o0i.pdf.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Skype	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Skype\RootTools	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Sun	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Sun\Java	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Sun\Java\Deployment	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Tc1rfw.avi	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Tc1rfw.avi.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Tc1rfw.avi.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\U0qddNFf IzejfRc4.pps	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\U0qddNFf IzejfRc4.pps.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\U0qddNFf IzejfRc4.pps.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\VW8AjyKiR.m4a	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\VW8AjyKiR.m4a.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\VW8AjyKiR.m4a.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Vr0n4B.gif	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Vr0n4B.gif.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Vr0n4B.gif.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aDE3yyEX-1vofapw7.mp3	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aDE3yyEX-1vofapw7.mp3.jcry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aDE3yyEX-1vofapw7.mp3.jcry	desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Login Data	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\container.dat.jcry	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\INetCookies	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\51TU1403.txt.jcry	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\5GJKP08H.txt.jcry	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\6NQ9V8CD.txt.jcry	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\JZ1UUUP9.txt.jcry	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\KW0ULAFV.txt.jcry	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\SW6Z4AI1.txt.jcry	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TU6XBKFE.txt.jcry	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\U9PT9V3Q.txt.jcry	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\container.dat	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\container.dat.jcry	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\INetCookies	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt.jcry	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt.jcry	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt.jcry	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt.jcry	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\container.dat	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\container.dat.jcry	type = file_attributes	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\container.dat	size = 1048576, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\container.dat	size = 1048576, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db	size = 1048576, size_out = 16384	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db	size = 16384, size_out = 0	1	Fn
For performance reasons, the remaining 2446 entries are omitted. The remaining entries can be found in glog.xml.

Process (3)

Operation	Process	Additional Information	Count	Logfile
Create	vssadmin.exe	os_pid = 0x7a4, creation_flags = CREATE_UNICODE_ENVIRONMENT, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE	1	Fn
Create	cmd.exe	os_pid = 0x758, creation_flags = CREATE_UNICODE_ENVIRONMENT, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE	1	Fn
Create	cmd.exe	os_pid = 0xa34, creation_flags = CREATE_UNICODE_ENVIRONMENT, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE	1	Fn

Module (91)

Operation	Module	Additional Information	Count	Logfile
Load	KERNEL32.DLL	base_address = 0x74db0000	1	Fn
Load	winmm.dll	base_address = 0x74080000	1	Fn
Load	ws2_32.dll	base_address = 0x74ff0000	2	Fn
Load	kernel32.dll	base_address = 0x74db0000	2	Fn
Load	advapi32.dll	base_address = 0x74b20000	2	Fn
Load	ntdll.dll	base_address = 0x77930000	1	Fn
Load	userenv.dll	base_address = 0x749b0000	1	Fn
Load	netapi32.dll	base_address = 0x74990000	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteFile, address_out = 0x74dd6590	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteConsoleW, address_out = 0x74dd6920	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForSingleObject, address_out = 0x74dd6110	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualQuery, address_out = 0x74dc8c90	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualFree, address_out = 0x74dc8c70	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAlloc, address_out = 0x74dc8b70	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SwitchToThread, address_out = 0x74dc9f30	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetWaitableTimer, address_out = 0x74dd60d0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetUnhandledExceptionFilter, address_out = 0x74dca2c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetProcessPriorityBoost, address_out = 0x74dcf8c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEvent, address_out = 0x74dd60c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetErrorMode, address_out = 0x74dc8bf0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetConsoleCtrlHandler, address_out = 0x74dd68f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryA, address_out = 0x74dcd8d0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryW, address_out = 0x74dca0b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemInfo, address_out = 0x74dca1f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStdHandle, address_out = 0x74dca060	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetQueuedCompletionStatus, address_out = 0x74dc8c30	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessAffinityMask, address_out = 0x74dca220	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcAddress, address_out = 0x74dc7940	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentStringsW, address_out = 0x74dca3b0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleMode, address_out = 0x74dd6870	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeEnvironmentStringsW, address_out = 0x74dca0f0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitProcess, address_out = 0x74dd74f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DuplicateHandle, address_out = 0x74dd5f30	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThread, address_out = 0x74dc9700	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateIoCompletionPort, address_out = 0x74dd5770	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventA, address_out = 0x74dd5f70	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseHandle, address_out = 0x74dd5f20	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = AddVectoredExceptionHandler, address_out = 0x7798f090	1	Fn
Get Address	c:\windows\syswow64\winmm.dll	function = timeEndPeriod, address_out = 0x7408cb20	1	Fn
Get Address	c:\windows\syswow64\winmm.dll	function = timeBeginPeriod, address_out = 0x74084390	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = WSAGetOverlappedResult, address_out = 0x74ffe1b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = AddDllDirectory, address_out = 0x7552e9e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = AddVectoredContinueHandler, address_out = 0x779d9670	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetQueuedCompletionStatusEx, address_out = 0x74df1320	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryExW, address_out = 0x74dc7920	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = SystemFunction036, address_out = 0x74a32530	1	Fn
Get Address	c:\windows\syswow64\ntdll.dll	function = NtWaitForSingleObject, address_out = 0x77998c00	1	Fn
Get Address	c:\windows\syswow64\ntdll.dll	function = wine_get_version, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetHandleInformation, address_out = 0x74dd5f50	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = WSAStartup, address_out = 0x75002420	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CancelIoEx, address_out = 0x74dcebd0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFileCompletionNotificationModes, address_out = 0x74dd4810	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = WSAEnumProtocolsW, address_out = 0x75005b50	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineW, address_out = 0x74dca4b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentVariableW, address_out = 0x74dc9540	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptAcquireContextW, address_out = 0x74b40730	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptGenRandom, address_out = 0x74b40df0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileAttributesExW, address_out = 0x74dd6330	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileW, address_out = 0x74dd6250	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileW, address_out = 0x74dd61b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RemoveDirectoryW, address_out = 0x74dd64e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileW, address_out = 0x74dd6180	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindNextFileW, address_out = 0x74dd6290	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindClose, address_out = 0x74dd61d0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadFile, address_out = 0x74dd64a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileAttributesW, address_out = 0x74dd6340	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcess, address_out = 0x74dc2da0	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenProcessToken, address_out = 0x74b3ee90	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = GetTokenInformation, address_out = 0x74b3ed40	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = ConvertSidToStringSidW, address_out = 0x74b3ea70	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalFree, address_out = 0x74dc87c0	1	Fn
Get Address	c:\windows\syswow64\userenv.dll	function = GetUserProfileDirectoryW, address_out = 0x749b2860	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = LookupAccountSidW, address_out = 0x74b3f7b0	1	Fn
Get Address	c:\windows\syswow64\netapi32.dll	function = NetGetJoinInformation, address_out = 0x74982ba0	1	Fn
Get Address	c:\windows\syswow64\netapi32.dll	function = NetApiBufferFree, address_out = 0x749526a0	1	Fn
Get Address	c:\windows\syswow64\netapi32.dll	function = NetUserGetInfo, address_out = 0x74932130	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFullPathNameW, address_out = 0x74dd63d0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessW, address_out = 0x74dca510	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetExitCodeProcess, address_out = 0x74dcf6f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessTimes, address_out = 0x74dd3700	1	Fn

System (1)

Operation	Additional Information	Success	Count	Logfile
Get Info	type = Hardware Information		1	Fn

Environment (11)

Operation	Additional Information	Count	Logfile
Get Environment String	-	4	Fn Data
Get Environment String	name = GODEBUG	1	Fn
Get Environment String	name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC	6	Fn

Process #7: vssadmin.exe

Information	Value
ID	#7
File Name	c:\windows\syswow64\vssadmin.exe
Command Line	vssadmin delete shadows /all
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:02:28, Reason: Child Process
Unmonitor	End Time: 00:02:29, Reason: Self Terminated
Monitor Duration	00:00:01
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0x7a4
Parent PID	0x57c (c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\windows\start menu\programs\startup\enc.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 880 0x 88C 0x 85C 0x 480 0x 254

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x00000000003b0000	0x003b0000	0x003cffff	Private Memory	rw	-
pagefile_0x00000000003b0000	0x003b0000	0x003bffff	Pagefile Backed Memory	rw	-
private_0x00000000003c0000	0x003c0000	0x003c3fff	Private Memory	rw	-
private_0x00000000003d0000	0x003d0000	0x003d1fff	Private Memory	rw	-
vssadmin.exe.mui	0x003d0000	0x003dcfff	Memory Mapped File	r	-
pagefile_0x00000000003e0000	0x003e0000	0x003f3fff	Pagefile Backed Memory	r	-
private_0x0000000000400000	0x00400000	0x0043ffff	Private Memory	rw	-
private_0x0000000000440000	0x00440000	0x0047ffff	Private Memory	rw	-
pagefile_0x0000000000480000	0x00480000	0x00483fff	Pagefile Backed Memory	r	-
pagefile_0x0000000000490000	0x00490000	0x00490fff	Pagefile Backed Memory	r	-
private_0x00000000004a0000	0x004a0000	0x004a1fff	Private Memory	rw	-
private_0x00000000004b0000	0x004b0000	0x004effff	Private Memory	rw	-
private_0x00000000004f0000	0x004f0000	0x004f0fff	Private Memory	rw	-
private_0x0000000000500000	0x00500000	0x005fffff	Private Memory	rw	-
private_0x0000000000600000	0x00600000	0x00600fff	Private Memory	rw	-
private_0x0000000000610000	0x00610000	0x00613fff	Private Memory	rw	-
private_0x0000000000620000	0x00620000	0x0062ffff	Private Memory	rw	-
locale.nls	0x00630000	0x006edfff	Memory Mapped File	r	-
private_0x00000000006f0000	0x006f0000	0x0072ffff	Private Memory	rw	-
pagefile_0x0000000000730000	0x00730000	0x00730fff	Pagefile Backed Memory	r	-
private_0x0000000000760000	0x00760000	0x0076ffff	Private Memory	rw	-
vssadmin.exe	0x00870000	0x0088dfff	Memory Mapped File	rwx	-
pagefile_0x0000000000890000	0x00890000	0x0488ffff	Pagefile Backed Memory	-	-
pagefile_0x0000000004890000	0x04890000	0x04a17fff	Pagefile Backed Memory	r	-
pagefile_0x0000000004a20000	0x04a20000	0x04ba0fff	Pagefile Backed Memory	r	-
pagefile_0x0000000004bb0000	0x04bb0000	0x05faffff	Pagefile Backed Memory	r	-
wow64cpu.dll	0x678d0000	0x678d7fff	Memory Mapped File	rwx	-
wow64win.dll	0x678e0000	0x67952fff	Memory Mapped File	rwx	-
wow64.dll	0x67960000	0x679aefff	Memory Mapped File	rwx	-
vssapi.dll	0x74730000	0x7484afff	Memory Mapped File	rwx	-
vsstrace.dll	0x74850000	0x74860fff	Memory Mapped File	rwx	-
atl.dll	0x74870000	0x74887fff	Memory Mapped File	rwx	-
bcryptprimitives.dll	0x749d0000	0x74a28fff	Memory Mapped File	rwx	-
cryptbase.dll	0x74a30000	0x74a39fff	Memory Mapped File	rwx	-
sspicli.dll	0x74a40000	0x74a5dfff	Memory Mapped File	rwx	-
advapi32.dll	0x74b20000	0x74b9afff	Memory Mapped File	rwx	-
gdi32.dll	0x74c40000	0x74d8cfff	Memory Mapped File	rwx	-
kernel32.dll	0x74db0000	0x74e9ffff	Memory Mapped File	rwx	-
msvcrt.dll	0x74ea0000	0x74f5dfff	Memory Mapped File	rwx	-
ws2_32.dll	0x74ff0000	0x7504bfff	Memory Mapped File	rwx	-
msctf.dll	0x75050000	0x7516ffff	Memory Mapped File	rwx	-
oleaut32.dll	0x751c0000	0x75251fff	Memory Mapped File	rwx	-
rpcrt4.dll	0x75350000	0x753fbfff	Memory Mapped File	rwx	-
kernelbase.dll	0x75400000	0x75575fff	Memory Mapped File	rwx	-
user32.dll	0x75790000	0x758cffff	Memory Mapped File	rwx	-
imm32.dll	0x75a50000	0x75a7afff	Memory Mapped File	rwx	-
combase.dll	0x75a80000	0x75c39fff	Memory Mapped File	rwx	-
nsi.dll	0x75c40000	0x75c46fff	Memory Mapped File	rwx	-
sechost.dll	0x75e30000	0x75e72fff	Memory Mapped File	rwx	-
kernel.appcore.dll	0x77290000	0x7729bfff	Memory Mapped File	rwx	-
clbcatq.dll	0x77300000	0x77381fff	Memory Mapped File	rwx	-
shlwapi.dll	0x778e0000	0x77923fff	Memory Mapped File	rwx	-
ntdll.dll	0x77930000	0x77aa8fff	Memory Mapped File	rwx	-
pagefile_0x000000007ed60000	0x7ed60000	0x7ee5ffff	Pagefile Backed Memory	r	-
pagefile_0x000000007ee60000	0x7ee60000	0x7ee82fff	Pagefile Backed Memory	r	-
private_0x000000007ee87000	0x7ee87000	0x7ee89fff	Private Memory	rw	-
private_0x000000007ee8a000	0x7ee8a000	0x7ee8afff	Private Memory	rw	-
private_0x000000007ee8c000	0x7ee8c000	0x7ee8cfff	Private Memory	rw	-
private_0x000000007ee8d000	0x7ee8d000	0x7ee8ffff	Private Memory	rw	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	r	-
private_0x000000007fff0000	0x7fff0000	0x7dffddf9ffff	Private Memory	r	-
pagefile_0x00007dffddfa0000	0x7dffddfa0000	0x7fffddf9ffff	Pagefile Backed Memory	-	-
ntdll.dll	0x7fffddfa0000	0x7fffde161fff	Memory Mapped File	rwx	-
private_0x00007fffde162000	0x7fffde162000	0x7ffffffeffff	Private Memory	r	-

Process #9: cmd.exe

Information	Value
ID	#9
File Name	c:\windows\syswow64\cmd.exe
Command Line	cmd.exe /c powershell -WindowStyle Hidden Start-Process Dec.exe -WindowStyle maximized
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:02:29, Reason: Child Process
Unmonitor	End Time: 00:03:12, Reason: Self Terminated
Monitor Duration	00:00:43

OS Process Information

Information	Value
PID	0x758
Parent PID	0x57c (c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\windows\start menu\programs\startup\enc.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x AD0 0x AE0

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000a80000	0x00a80000	0x00a9ffff	Private Memory	rw	-
pagefile_0x0000000000a80000	0x00a80000	0x00a8ffff	Pagefile Backed Memory	rw	-
private_0x0000000000a90000	0x00a90000	0x00a93fff	Private Memory	rw	-
private_0x0000000000aa0000	0x00aa0000	0x00aa1fff	Private Memory	rw	-
private_0x0000000000aa0000	0x00aa0000	0x00aa3fff	Private Memory	rw	-
pagefile_0x0000000000ab0000	0x00ab0000	0x00ac3fff	Pagefile Backed Memory	r	-
private_0x0000000000ad0000	0x00ad0000	0x00b0ffff	Private Memory	rw	-
pagefile_0x0000000000b10000	0x00b10000	0x00b13fff	Pagefile Backed Memory	r	-
pagefile_0x0000000000b20000	0x00b20000	0x00b20fff	Pagefile Backed Memory	r	-
private_0x0000000000b30000	0x00b30000	0x00b31fff	Private Memory	rw	-
cmd.exe	0x00b50000	0x00b9ffff	Memory Mapped File	rwx	-
pagefile_0x0000000000ba0000	0x00ba0000	0x04b9ffff	Pagefile Backed Memory	-	-
private_0x0000000004ba0000	0x04ba0000	0x04c9ffff	Private Memory	rw	-
locale.nls	0x04ca0000	0x04d5dfff	Memory Mapped File	r	-
private_0x0000000004d60000	0x04d60000	0x04d9ffff	Private Memory	rw	-
private_0x0000000004e30000	0x04e30000	0x04e3ffff	Private Memory	rw	-
private_0x0000000004e40000	0x04e40000	0x04f3ffff	Private Memory	rw	-
private_0x0000000004f80000	0x04f80000	0x0507ffff	Private Memory	rw	-
private_0x0000000005190000	0x05190000	0x0519ffff	Private Memory	rw	-
sortdefault.nls	0x051a0000	0x054d6fff	Memory Mapped File	r	-
wow64cpu.dll	0x678d0000	0x678d7fff	Memory Mapped File	rwx	-
wow64win.dll	0x678e0000	0x67952fff	Memory Mapped File	rwx	-
wow64.dll	0x67960000	0x679aefff	Memory Mapped File	rwx	-
kernel32.dll	0x74db0000	0x74e9ffff	Memory Mapped File	rwx	-
msvcrt.dll	0x74ea0000	0x74f5dfff	Memory Mapped File	rwx	-
kernelbase.dll	0x75400000	0x75575fff	Memory Mapped File	rwx	-
ntdll.dll	0x77930000	0x77aa8fff	Memory Mapped File	rwx	-
pagefile_0x000000007f8a0000	0x7f8a0000	0x7f99ffff	Pagefile Backed Memory	r	-
pagefile_0x000000007f9a0000	0x7f9a0000	0x7f9c2fff	Pagefile Backed Memory	r	-
private_0x000000007f9c6000	0x7f9c6000	0x7f9c8fff	Private Memory	rw	-
private_0x000000007f9c9000	0x7f9c9000	0x7f9c9fff	Private Memory	rw	-
private_0x000000007f9cb000	0x7f9cb000	0x7f9cdfff	Private Memory	rw	-
private_0x000000007f9ce000	0x7f9ce000	0x7f9cefff	Private Memory	rw	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	r	-
private_0x000000007fff0000	0x7fff0000	0x7dffddf9ffff	Private Memory	r	-
pagefile_0x00007dffddfa0000	0x7dffddfa0000	0x7fffddf9ffff	Pagefile Backed Memory	-	-
ntdll.dll	0x7fffddfa0000	0x7fffde161fff	Memory Mapped File	rwx	-
private_0x00007fffde162000	0x7fffde162000	0x7ffffffeffff	Private Memory	r	-

Host Behavior

File (8)

Operation	Filename	Additional Information	Count	Logfile
Get Info	C:\Windows\system32	type = file_attributes	1	Fn
Get Info	C:\Windows\System32	type = file_attributes	1	Fn
Open	STD_OUTPUT_HANDLE	-	4	Fn
Open	STD_INPUT_HANDLE	-	2	Fn

Registry (17)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	-	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 248, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = AutoRun, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = AutoRun, data = 9, type = REG_NONE	1	Fn

Process (1)

Operation	Process	Additional Information	Success	Count	Logfile
Create	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	os_pid = 0xadc, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL		1	Fn

Module (8)

Operation	Module	Additional Information	Count	Logfile
Get Handle	c:\windows\syswow64\cmd.exe	base_address = 0xb50000	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x74db0000	2	Fn
Get Filename	-	process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadUILanguage, address_out = 0x74df2780	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileExW, address_out = 0x74dcfa80	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x74dca790	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetConsoleInputExeNameW, address_out = 0x755135c0	1	Fn

Environment (19)

Operation	Additional Information	Count	Logfile
Get Environment String	-	7	Fn Data
Get Environment String	name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\	2	Fn
Get Environment String	name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC	2	Fn
Get Environment String	name = PROMPT	1	Fn
Get Environment String	name = COMSPEC, result_out = C:\Windows\system32\cmd.exe	1	Fn
Get Environment String	name = KEYS	1	Fn
Set Environment String	name = PROMPT, value = $P$G	1	Fn
Set Environment String	name = =C:, value = C:\Windows\System32	1	Fn
Set Environment String	name = COPYCMD	1	Fn
Set Environment String	name = =ExitCode, value = 00000001	1	Fn
Set Environment String	name = =ExitCodeAscii	1	Fn

Process #11: powershell.exe

12389

Information	Value
ID	#11
File Name	c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
Command Line	powershell -WindowStyle Hidden Start-Process Dec.exe -WindowStyle maximized
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:02:30, Reason: Child Process
Unmonitor	End Time: 00:03:12, Reason: Self Terminated
Monitor Duration	00:00:42

OS Process Information

Information	Value
PID	0xadc
Parent PID	0x758 (c:\windows\syswow64\cmd.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x AF0 0x B7C 0x 8B4 0x 960 0x 87C 0x BD4 0x 81C 0x 51C 0x 7D0 0x 7C0 0x 834 0x 50C 0x 7BC 0x 830 0x 838 0x 2F0 0x 2D4 0x 53C 0x 2E0 0x 8F8 0x 5A0 0x 8FC 0x 5B4 0x AA4 0x 42C

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x00000000003d0000	0x003d0000	0x003effff	Private Memory	rw	-
pagefile_0x00000000003d0000	0x003d0000	0x003dffff	Pagefile Backed Memory	rw	-
private_0x00000000003e0000	0x003e0000	0x003e3fff	Private Memory	rw	-
private_0x00000000003f0000	0x003f0000	0x003f1fff	Private Memory	rw	-
powershell.exe.mui	0x003f0000	0x003f2fff	Memory Mapped File	r	-
pagefile_0x0000000000400000	0x00400000	0x00413fff	Pagefile Backed Memory	r	-
private_0x0000000000420000	0x00420000	0x0045ffff	Private Memory	rw	-
private_0x0000000000460000	0x00460000	0x0049ffff	Private Memory	rw	-
pagefile_0x00000000004a0000	0x004a0000	0x004a3fff	Pagefile Backed Memory	r	-
pagefile_0x00000000004b0000	0x004b0000	0x004b0fff	Pagefile Backed Memory	r	-
private_0x00000000004c0000	0x004c0000	0x004c1fff	Private Memory	rw	-
locale.nls	0x004d0000	0x0058dfff	Memory Mapped File	r	-
private_0x0000000000590000	0x00590000	0x005cffff	Private Memory	rw	-
private_0x00000000005d0000	0x005d0000	0x0060ffff	Private Memory	rw	-
private_0x0000000000610000	0x00610000	0x00610fff	Private Memory	rw	-
private_0x0000000000620000	0x00620000	0x00620fff	Private Memory	rw	-
pagefile_0x0000000000630000	0x00630000	0x00630fff	Pagefile Backed Memory	r	-
pagefile_0x0000000000640000	0x00640000	0x00640fff	Pagefile Backed Memory	r	-
pagefile_0x0000000000650000	0x00650000	0x00650fff	Pagefile Backed Memory	rw	-
cversions.1.db	0x00660000	0x00663fff	Memory Mapped File	r	-
cversions.2.db	0x00660000	0x00663fff	Memory Mapped File	r	-
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001d.db	0x00670000	0x00687fff	Memory Mapped File	r	-
private_0x0000000000690000	0x00690000	0x0069ffff	Private Memory	rw	-
pagefile_0x00000000006a0000	0x006a0000	0x006a0fff	Pagefile Backed Memory	rw	-
cversions.2.db	0x006b0000	0x006b3fff	Memory Mapped File	r	-
private_0x00000000006c0000	0x006c0000	0x006cffff	Private Memory	rw	-
private_0x00000000006d0000	0x006d0000	0x0070ffff	Private Memory	rw	-
private_0x0000000000710000	0x00710000	0x0074ffff	Private Memory	rw	-
{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000003e.db	0x00750000	0x0076bfff	Memory Mapped File	r	-
private_0x0000000000750000	0x00750000	0x0078ffff	Private Memory	rw	-
private_0x0000000000790000	0x00790000	0x00793fff	Private Memory	rw	-
pagefile_0x00000000007a0000	0x007a0000	0x007affff	Pagefile Backed Memory	rw	-
private_0x00000000007b0000	0x007b0000	0x007bffff	Private Memory	rw	-
private_0x00000000007c0000	0x007c0000	0x007fffff	Private Memory	rw	-
private_0x0000000000800000	0x00800000	0x0083ffff	Private Memory	rw	-
private_0x0000000000840000	0x00840000	0x0084ffff	Private Memory	-	-
private_0x0000000000850000	0x00850000	0x0085ffff	Private Memory	-	-
private_0x0000000000860000	0x00860000	0x0095ffff	Private Memory	rw	-
private_0x0000000000960000	0x00960000	0x0099ffff	Private Memory	rw	-
{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000013.db	0x009a0000	0x009e2fff	Memory Mapped File	r	-
private_0x00000000009f0000	0x009f0000	0x009fffff	Private Memory	-	-
private_0x0000000000a00000	0x00a00000	0x00a0ffff	Private Memory	-	-
private_0x0000000000a10000	0x00a10000	0x00a1ffff	Private Memory	-	-
private_0x0000000000a20000	0x00a20000	0x00a20fff	Private Memory	rw	-
private_0x0000000000a30000	0x00a30000	0x00a30fff	Private Memory	rw	-
private_0x0000000000a40000	0x00a40000	0x00a4ffff	Private Memory	rw	-
private_0x0000000000a50000	0x00a50000	0x00a5ffff	Private Memory	rw	-
private_0x0000000000a60000	0x00a60000	0x00a9ffff	Private Memory	rw	-
winnlsres.dll	0x00aa0000	0x00aa4fff	Memory Mapped File	r	-
powershell.exe	0x00ab0000	0x00b24fff	Memory Mapped File	rwx	-
pagefile_0x0000000000b30000	0x00b30000	0x04b2ffff	Pagefile Backed Memory	-	-
pagefile_0x0000000004b30000	0x04b30000	0x04cb7fff	Pagefile Backed Memory	r	-
pagefile_0x0000000004cc0000	0x04cc0000	0x04e40fff	Pagefile Backed Memory	r	-
pagefile_0x0000000004e50000	0x04e50000	0x0624ffff	Pagefile Backed Memory	r	-
sortdefault.nls	0x06250000	0x06586fff	Memory Mapped File	r	-
{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db	0x06590000	0x0661afff	Memory Mapped File	r	-
private_0x0000000006620000	0x06620000	0x0665ffff	Private Memory	rw	-
private_0x0000000006660000	0x06660000	0x0667ffff	Private Memory	rw	-
private_0x0000000006680000	0x06680000	0x066bffff	Private Memory	rw	-
private_0x00000000066c0000	0x066c0000	0x066fffff	Private Memory	rw	-
mscorrc.dll	0x06700000	0x06761fff	Memory Mapped File	r	-
winnlsres.dll.mui	0x06770000	0x0677ffff	Memory Mapped File	r	-
private_0x0000000006780000	0x06780000	0x0678ffff	Private Memory	-	-
private_0x0000000006790000	0x06790000	0x0679ffff	Private Memory	-	-
private_0x00000000067a0000	0x067a0000	0x067affff	Private Memory	rw	-
private_0x00000000067b0000	0x067b0000	0x067bffff	Private Memory	-	-
private_0x00000000067c0000	0x067c0000	0x067cffff	Private Memory	rw	-
private_0x00000000067d0000	0x067d0000	0x068cffff	Private Memory	rw	-
system.numerics.dll	0x068d0000	0x068f1fff	Memory Mapped File	rwx	-
private_0x0000000006900000	0x06900000	0x0690ffff	Private Memory	-	-
private_0x0000000006910000	0x06910000	0x0691ffff	Private Memory	-	-
private_0x0000000006920000	0x06920000	0x0692ffff	Private Memory	-	-
private_0x0000000006930000	0x06930000	0x0693ffff	Private Memory	-	-
private_0x0000000006940000	0x06940000	0x0694ffff	Private Memory	-	-
private_0x0000000006950000	0x06950000	0x0695ffff	Private Memory	-	-
private_0x0000000006960000	0x06960000	0x0696ffff	Private Memory	-	-
private_0x0000000006970000	0x06970000	0x0697ffff	Private Memory	-	-
private_0x0000000006980000	0x06980000	0x0698ffff	Private Memory	rwx	-
private_0x0000000006990000	0x06990000	0x0898ffff	Private Memory	rw	-
private_0x0000000008b60000	0x08b60000	0x08b6ffff	Private Memory	rwx	-
wow64cpu.dll	0x678d0000	0x678d7fff	Memory Mapped File	rwx	-
wow64win.dll	0x678e0000	0x67952fff	Memory Mapped File	rwx	-
wow64.dll	0x67960000	0x679aefff	Memory Mapped File	rwx	-
system.management.automation.ni.dll	0x6fe80000	0x7166efff	Memory Mapped File	rwx	-
system.core.ni.dll	0x71670000	0x71d82fff	Memory Mapped File	rwx	-
system.ni.dll	0x71d90000	0x7273cfff	Memory Mapped File	rwx	-
mscorlib.ni.dll	0x72740000	0x7396afff	Memory Mapped File	rwx	-
clr.dll	0x73970000	0x74017fff	Memory Mapped File	rwx	-
clrjit.dll	0x74230000	0x742acfff	Memory Mapped File	rwx	-
microsoft.powershell.consolehost.ni.dll	0x742b0000	0x7433afff	Memory Mapped File	rwx	-
msvcr120_clr0400.dll	0x74340000	0x74434fff	Memory Mapped File	rwx	-
version.dll	0x74440000	0x74447fff	Memory Mapped File	rwx	-
mscoreei.dll	0x74450000	0x744c7fff	Memory Mapped File	rwx	-
ntmarta.dll	0x744d0000	0x744f7fff	Memory Mapped File	rwx	-
cscapi.dll	0x74500000	0x7450efff	Memory Mapped File	rwx	-
ntshrui.dll	0x74510000	0x745d6fff	Memory Mapped File	rwx	-
bcp47langs.dll	0x745e0000	0x74630fff	Memory Mapped File	rwx	-
propsys.dll	0x74640000	0x74781fff	Memory Mapped File	rwx	-
uxtheme.dll	0x74790000	0x74804fff	Memory Mapped File	rwx	-
mscoree.dll	0x74810000	0x74868fff	Memory Mapped File	rwx	-
atl.dll	0x74870000	0x74887fff	Memory Mapped File	rwx	-
rsaenh.dll	0x748b0000	0x748defff	Memory Mapped File	rwx	-
bcrypt.dll	0x748e0000	0x748fafff	Memory Mapped File	rwx	-
cryptsp.dll	0x74900000	0x74912fff	Memory Mapped File	rwx	-
linkinfo.dll	0x74920000	0x7492afff	Memory Mapped File	rwx	-
srvcli.dll	0x74960000	0x7497bfff	Memory Mapped File	rwx	-
userenv.dll	0x749b0000	0x749c8fff	Memory Mapped File	rwx	-
bcryptprimitives.dll	0x749d0000	0x74a28fff	Memory Mapped File	rwx	-
cryptbase.dll	0x74a30000	0x74a39fff	Memory Mapped File	rwx	-
sspicli.dll	0x74a40000	0x74a5dfff	Memory Mapped File	rwx	-
advapi32.dll	0x74b20000	0x74b9afff	Memory Mapped File	rwx	-
gdi32.dll	0x74c40000	0x74d8cfff	Memory Mapped File	rwx	-
kernel32.dll	0x74db0000	0x74e9ffff	Memory Mapped File	rwx	-
msvcrt.dll	0x74ea0000	0x74f5dfff	Memory Mapped File	rwx	-
shcore.dll	0x74f60000	0x74fecfff	Memory Mapped File	rwx	-
msctf.dll	0x75050000	0x7516ffff	Memory Mapped File	rwx	-
cfgmgr32.dll	0x75170000	0x751a5fff	Memory Mapped File	rwx	-
oleaut32.dll	0x751c0000	0x75251fff	Memory Mapped File	rwx	-
ole32.dll	0x75260000	0x75349fff	Memory Mapped File	rwx	-
rpcrt4.dll	0x75350000	0x753fbfff	Memory Mapped File	rwx	-
kernelbase.dll	0x75400000	0x75575fff	Memory Mapped File	rwx	-
user32.dll	0x75790000	0x758cffff	Memory Mapped File	rwx	-
psapi.dll	0x758d0000	0x758d5fff	Memory Mapped File	rwx	-
imm32.dll	0x75a50000	0x75a7afff	Memory Mapped File	rwx	-
combase.dll	0x75a80000	0x75c39fff	Memory Mapped File	rwx	-
powrprof.dll	0x75dd0000	0x75e13fff	Memory Mapped File	rwx	-
profapi.dll	0x75e20000	0x75e2efff	Memory Mapped File	rwx	-
sechost.dll	0x75e30000	0x75e72fff	Memory Mapped File	rwx	-
shell32.dll	0x75e80000	0x7723efff	Memory Mapped File	rwx	-
kernel.appcore.dll	0x77290000	0x7729bfff	Memory Mapped File	rwx	-
clbcatq.dll	0x77300000	0x77381fff	Memory Mapped File	rwx	-
windows.storage.dll	0x77400000	0x778dcfff	Memory Mapped File	rwx	-
shlwapi.dll	0x778e0000	0x77923fff	Memory Mapped File	rwx	-
ntdll.dll	0x77930000	0x77aa8fff	Memory Mapped File	rwx	-
private_0x000000007ee14000	0x7ee14000	0x7ee16fff	Private Memory	rw	-
private_0x000000007ee17000	0x7ee17000	0x7ee19fff	Private Memory	rw	-
private_0x000000007ee1a000	0x7ee1a000	0x7ee1cfff	Private Memory	rw	-
private_0x000000007ee1d000	0x7ee1d000	0x7ee1ffff	Private Memory	rw	-
pagefile_0x000000007ee20000	0x7ee20000	0x7ef1ffff	Pagefile Backed Memory	r	-
pagefile_0x000000007ef20000	0x7ef20000	0x7ef42fff	Pagefile Backed Memory	r	-
private_0x000000007ef43000	0x7ef43000	0x7ef45fff	Private Memory	rw	-
private_0x000000007ef46000	0x7ef46000	0x7ef46fff	Private Memory	rw	-
private_0x000000007ef47000	0x7ef47000	0x7ef49fff	Private Memory	rw	-
private_0x000000007ef4a000	0x7ef4a000	0x7ef4cfff	Private Memory	rw	-
private_0x000000007ef4d000	0x7ef4d000	0x7ef4dfff	Private Memory	rw	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	r	-
private_0x000000007fff0000	0x7fff0000	0x7dffddf9ffff	Private Memory	r	-
pagefile_0x00007dffddfa0000	0x7dffddfa0000	0x7fffddf9ffff	Pagefile Backed Memory	-	-
ntdll.dll	0x7fffddfa0000	0x7fffde161fff	Memory Mapped File	rwx	-
private_0x00007fffde162000	0x7fffde162000	0x7ffffffeffff	Private Memory	r	-
For performance reasons, the remaining 354 entries are omitted. The remaining entries can be found in flog.txt.

Host Behavior

File (3725)

Operation	Filename	Additional Information	Count	Logfile
Create	CONOUT$	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\oyqqahuq.u3s.ps1	desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\yiyvup3z.lz2.psm1	desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\typesv3.ps1xml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\HelpV3.format.ps1xml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_85525a38-be22-4966-b0fc-b808e4124a0f	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_e1d59afd-fedf-4dad-a2f3-bba3e7eabe5c	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_06f90924-1e5d-474b-ba1f-65c4b5caf36a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_bf1cb9b0-ce8c-44e7-bb1c-52ad1299acf8	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	4	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_90100f0c-eae9-4816-a5c9-cb7f94596ee3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	3	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_90100f0c-eae9-4816-a5c9-cb7f94596ee3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_feb6e263-7453-44d6-b878-c608056d0a54	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_feb6e263-7453-44d6-b878-c608056d0a54	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_2a874a81-10d4-4755-addd-76574f566022	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_2a874a81-10d4-4755-addd-76574f566022	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_7a1c76d2-e099-4a8b-839e-368caecefb78	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_7a1c76d2-e099-4a8b-839e-368caecefb78	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_715975f8-e1f6-4c0b-b0e0-c414c8f31f6c	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_715975f8-e1f6-4c0b-b0e0-c414c8f31f6c	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_7426ec65-88cb-4125-bfda-28a90799cb17	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_7426ec65-88cb-4125-bfda-28a90799cb17	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheContentServerSettingData.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheHostedCacheServerSettingData.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheNetworkSettingData.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheOrchestrator.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCachePrimaryPublicationCacheFile.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCachePrimaryRepublicationCacheFile.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheSecondaryRepublicationCacheFile.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheStatus.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_59bc9091-fe40-4864-9692-4f867c8e4e24	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_59bc9091-fe40-4864-9692-4f867c8e4e24	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_a532ea93-3042-49a9-90eb-8d9b5f6bf9bf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_a532ea93-3042-49a9-90eb-8d9b5f6bf9bf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Dism\Dism.psm1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_9633aa10-1400-46af-967c-4a7f154d1eb2	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_716cbfc2-f9be-454c-8886-abe5ad82ca58	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_716cbfc2-f9be-454c-8886-abe5ad82ca58	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\MSFT_DnsClient.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\MSFT_DnsClientCache.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\MSFT_DnsClientGlobalSetting.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\MSFT_DnsClientServerAddress.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\PS_DnsClientNrptPolicy_v1.0.0.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\PS_DnsClientNRPTGlobal_v1.0.0.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\PS_DnsClientNRPTRule_v1.0.0.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_d4701662-09f1-450f-945d-4b2c1e5121cb	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_d4701662-09f1-450f-945d-4b2c1e5121cb	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_070d1158-b694-415b-9922-55bf6b2e7316	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_070d1158-b694-415b-9922-55bf6b2e7316	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallRule.cmdletDefinition.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecRule.cmdletDefinition.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecMainModeRule.cmdletDefinition.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallAddressFilter.cmdletDefinition.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallApplicationFilter.cmdletDefinition.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallInterfaceFilter.cmdletDefinition.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallInterfaceTypeFilter.cmdletDefinition.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallSecurityFilter.cmdletDefinition.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallPortFilter.cmdletDefinition.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallServiceFilter.cmdletDefinition.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecPhase1AuthSet.cmdletDefinition.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecPhase2AuthSet.cmdletDefinition.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallProfile.cmdletDefinition.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecPolicyChange.cmdletDefinition.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecDospSetting.cmdletDefinition.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecIdentity.cmdletDefinition.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecMainModeSA.cmdletDefinition.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecQuickModeSA.cmdletDefinition.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallSetting.cmdletDefinition.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetGPO.cmdletDefinition.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_97ffb31e-6609-44ec-8dbd-7bd829532fa2	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_97ffb31e-6609-44ec-8dbd-7bd829532fa2	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PrintManagement\MSFT_Printer_v1.0.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PrintManagement\MSFT_PrinterPort_v1.0.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PrintManagement\MSFT_PrinterPortTasks_v1.0.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PrintManagement\MSFT_PrinterDriver_v1.0.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PrintManagement\MSFT_PrinterConfiguration_v1.0.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_3e14834e-86a7-459f-9fcd-501f39eda11e	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_3e14834e-86a7-459f-9fcd-501f39eda11e	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\Remove-DscConfigurationDocument.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\Disable-DscDebug.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\Enable-DscDebug.cdxml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_686ae2ff-290e-48a8-b620-4738af13da54	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_686ae2ff-290e-48a8-b620-4738af13da54	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_31b8a10f-8ce7-4bb1-9bd9-2a27c5b35dd0	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_31b8a10f-8ce7-4bb1-9bd9-2a27c5b35dd0	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_6fb576c0-43d5-4445-8dea-7538cb50b85a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_6fb576c0-43d5-4445-8dea-7538cb50b85a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_83143f66-91fc-433c-913d-32122739b598	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_83143f66-91fc-433c-913d-32122739b598	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_ff24072f-761a-4f22-8347-03f6ef8b7364	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_ff24072f-761a-4f22-8347-03f6ef8b7364	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_e31714f3-7ec1-453d-ad0c-53640b993b8d	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	2	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_e31714f3-7ec1-453d-ad0c-53640b993b8d	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_9e79dfea-9a9e-4b0c-9dc6-4c6306b668db	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_9e79dfea-9a9e-4b0c-9dc6-4c6306b668db	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\WindowsErrorReporting.psm1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_7ea7506b-a93c-4d5e-94a6-d62e077885da	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_bf1ff1f4-3020-4c54-ba97-8106c1387f4c	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_bf1ff1f4-3020-4c54-ba97-8106c1387f4c	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_939f9dda-79d8-444f-baf8-6fed82aaa5ae	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create Pipe	\device\namedpipe\pshost.131959913774779844.2780.defaultappdomain.powershell	open_mode = PIPE_ACCESS_INBOUND, PIPE_ACCESS_OUTBOUND, FILE_FLAG_FIRST_PIPE_INSTANCE, FILE_FLAG_OVERLAPPED, pipe_mode = PIPE_READMODE_MESSAGE, PIPE_TYPE_MESSAGE, max_instances = 1	1	Fn
Get Info	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.config	type = file_attributes	4	Fn
Get Info	C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	type = file_attributes	2	Fn
Get Info	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml	type = file_attributes	3	Fn
Get Info	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\typesv3.ps1xml	type = file_attributes	3	Fn
Get Info	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml	type = file_attributes	3	Fn
Get Info	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	type = file_attributes	3	Fn
Get Info	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml	type = file_attributes	3	Fn
Get Info	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml	type = file_attributes	3	Fn
Get Info	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\HelpV3.format.ps1xml	type = file_attributes	3	Fn
Get Info	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	type = file_attributes	3	Fn
Get Info	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml	type = file_attributes	1	Fn
Get Info	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml	type = file_attributes	1	Fn
Get Info	STD_OUTPUT_HANDLE	type = file_type	1	Fn
Get Info	-	type = file_type	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps	type = file_attributes	1	Fn
Get Info	C:\	type = file_attributes	2	Fn
Get Info	C:\Windows\system32\wldp.dll	type = file_attributes	264	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\oyqqahuq.u3s.ps1	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\yiyvup3z.lz2.psm1	type = file_type	2	Fn
Get Info	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml	type = file_type	4	Fn
Get Info	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\typesv3.ps1xml	type = file_type	4	Fn
Get Info	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml	type = file_type	4	Fn
Get Info	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	type = file_type	4	Fn
Get Info	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml	type = file_type	4	Fn
Get Info	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml	type = file_type	4	Fn
Get Info	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\HelpV3.format.ps1xml	type = file_type	4	Fn
Get Info	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	type = file_type	4	Fn
Get Info	C:\Windows\system32	type = file_attributes	40	Fn
Get Info	C:\Windows	type = file_attributes	36	Fn
Get Info	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\profile.ps1	type = file_attributes	1	Fn
Get Info	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\profile.ps1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1	type = file_attributes	1	Fn
Get Info	STD_INPUT_HANDLE	type = file_type	1	Fn
Get Info	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	type = file_attributes	1	Fn
Get Info	C:\ProgramData\Oracle\Java\javapath	type = file_attributes	32	Fn
Get Info	C:\Windows\System32\Wbem	type = file_attributes	31	Fn
Get Info	C:\Windows\System32\WindowsPowerShell\v1.0\	type = file_attributes	16	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules	type = file_attributes	94	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules	type = file_attributes	68	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\	type = file_attributes	48	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\AppLocker	type = file_attributes	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\AppLocker\AppLocker.psd1	type = file_attributes	3	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Appx	type = file_attributes	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Appx\Appx.psd1	type = file_attributes	3	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\BitsTransfer	type = file_attributes	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\BitsTransfer\BitsTransfer.psd1	type = file_attributes	3	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\BranchCache	type = file_attributes	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\BranchCache\BranchCache.psd1	type = file_attributes	3	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\CimCmdlets	type = file_attributes	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\CimCmdlets\CimCmdlets.psd1	type = file_attributes	3	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\DirectAccessClientComponents	type = file_attributes	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\DirectAccessClientComponents\DirectAccessClientComponents.psd1	type = file_attributes	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Dism	type = file_attributes	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Dism\Dism.psd1	type = file_attributes	3	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\DnsClient	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\DnsClient\DnsClient.psd1	type = file_attributes	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\EventTracingManagement	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\EventTracingManagement\EventTracingManagement.psd1	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\International	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\International\International.psd1	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\iSCSI	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\iSCSI\iSCSI.psd1	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\ISE	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\ISE\ISE.psd1	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Kds	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Kds\Kds.psd1	type = file_attributes	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Archive\en-US	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Archive\en-US\en-US.psd1	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Archive\en-US\en-US.psm1	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Archive\en-US\en-US.cdxml	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Archive\en-US\en-US.xaml	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Archive\en-US\en-US.dll	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Archive	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Archive\Microsoft.PowerShell.Archive.psd1	type = file_attributes	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Diagnostics	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Diagnostics\Microsoft.PowerShell.Diagnostics.psd1	type = file_attributes	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Host	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Host\Microsoft.PowerShell.Host.psd1	type = file_attributes	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1	type = file_attributes	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\en-US	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\en-US\en-US.psd1	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\en-US\en-US.psm1	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\en-US\en-US.cdxml	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\en-US\en-US.xaml	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\en-US\en-US.dll	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.ODataUtils	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\Microsoft.PowerShell.ODataUtils.psd1	type = file_attributes	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Security	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Security\Microsoft.PowerShell.Security.psd1	type = file_attributes	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Utility	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1	type = file_attributes	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.WSMan.Management	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.WSMan.Management\Microsoft.WSMan.Management.psd1	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\MsDtc	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\MsDtc\MsDtc.psd1	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\NetAdapter	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\NetAdapter\NetAdapter.psd1	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\NetConnection	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\NetConnection\NetConnection.psd1	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\NetEventPacketCapture	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\NetEventPacketCapture\NetEventPacketCapture.psd1	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\NetLbfo	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\NetLbfo\NetLbfo.psd1	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\NetNat	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\NetNat\NetNat.psd1	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\NetQos	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\NetQos\NetQos.psd1	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\NetSecurity	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\NetSecurity\NetSecurity.psd1	type = file_attributes	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\NetSwitchTeam	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\NetSwitchTeam\NetSwitchTeam.psd1	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\NetTCPIP	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\NetTCPIP\NetTCPIP.psd1	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\NetworkConnectivityStatus	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\NetworkConnectivityStatus\NetworkConnectivityStatus.psd1	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Modules.psd1	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Modules.psm1	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Modules.cdxml	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Modules.xaml	type = file_attributes	1	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\Modules.dll	type = file_attributes	1	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0	type = file_attributes	22	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\1.0.0.0.psd1	type = file_attributes	22	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\1.0.0.0.psm1	type = file_attributes	22	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\1.0.0.0.cdxml	type = file_attributes	22	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\1.0.0.0.xaml	type = file_attributes	22	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\1.0.0.0.dll	type = file_attributes	22	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement	type = file_attributes	22	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	type = file_attributes	23	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\PackageManagement.psd1	type = file_attributes	23	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\PackageManagement.psm1	type = file_attributes	21	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\PackageManagement.cdxml	type = file_attributes	21	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\PackageManagement.xaml	type = file_attributes	21	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\PackageManagement.dll	type = file_attributes	21	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5	type = file_attributes	20	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\3.3.5.psd1	type = file_attributes	20	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\3.3.5.psm1	type = file_attributes	20	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\3.3.5.cdxml	type = file_attributes	20	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\3.3.5.xaml	type = file_attributes	20	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\3.3.5.dll	type = file_attributes	20	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester	type = file_attributes	20	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	type = file_attributes	20	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\Pester.psd1	type = file_attributes	22	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\Pester.psm1	type = file_attributes	20	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\Pester.cdxml	type = file_attributes	20	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\Pester.xaml	type = file_attributes	20	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\Pester.dll	type = file_attributes	20	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet	type = file_attributes	20	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psd1	type = file_attributes	20	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Modules.psd1	type = file_attributes	20	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Modules.psm1	type = file_attributes	20	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Modules.cdxml	type = file_attributes	20	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Modules.xaml	type = file_attributes	20	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Modules.dll	type = file_attributes	20	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\AppLocker	type = file_attributes	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\AppLocker\AppLocker.psd1	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Appx	type = file_attributes	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Appx\Appx.psd1	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitsTransfer	type = file_attributes	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitsTransfer\BitsTransfer.psd1	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache	type = file_attributes	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCache.psd1	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\CimCmdlets	type = file_attributes	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\CimCmdlets\CimCmdlets.psd1	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DirectAccessClientComponents	type = file_attributes	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DirectAccessClientComponents\DirectAccessClientComponents.psd1	type = file_attributes	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\	type = file_attributes	122	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	4	Fn
Get Info	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config	type = file_attributes	2	Fn
Get Info	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config	type = file_type	2	Fn
Get Info	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config	type = size, size_out = 0	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psm1	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security\Microsoft.PowerShell.Security.psd1	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\Microsoft.PowerShell.ODataUtils.psm1	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\Microsoft.PowerShell.ODataUtils.psd1	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_85525a38-be22-4966-b0fc-b808e4124a0f	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_e1d59afd-fedf-4dad-a2f3-bba3e7eabe5c	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_06f90924-1e5d-474b-ba1f-65c4b5caf36a	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_bf1cb9b0-ce8c-44e7-bb1c-52ad1299acf8	type = file_type	2	Fn
Get Info	C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1	type = file_attributes	3	Fn
Get Info	C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1	type = file_type	2	Fn
Get Info	C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\en-US\Microsoft.PowerShell.Management.psd1	type = file_attributes	1	Fn
Get Info	C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\en\Microsoft.PowerShell.Management.psd1	type = file_attributes	1	Fn
Get Info	C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\PSGetModuleInfo.xml	type = file_attributes	1	Fn
Get Info	C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Commands.Management.dll	type = file_attributes	1	Fn
Get Info	C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Commands.Management.dll\Microsoft.PowerShell.Commands.Management.dll	type = file_attributes	1	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Management	type = file_attributes	1	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Management\Microsoft.PowerShell.Commands.Management.dll	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Commands.Management	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Commands.Management\Microsoft.PowerShell.Commands.Management.dll	type = file_attributes	1	Fn
Get Info	STD_ERROR_HANDLE	type = file_type	1	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	type = file_type	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Host\Microsoft.PowerShell.Host.psd1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	14	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_90100f0c-eae9-4816-a5c9-cb7f94596ee3	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_90100f0c-eae9-4816-a5c9-cb7f94596ee3	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	type = file_type	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml	type = file_attributes	2	Fn
Get Info	C:\Event.format.ps1xml	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Event.format.ps1xml	type = file_attributes	2	Fn
Get Info	C:\Diagnostics.format.ps1xml	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Diagnostics.format.ps1xml	type = file_attributes	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Diagnostics\PSGetModuleInfo.xml	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Diagnostics\Microsoft.PowerShell.Commands.Diagnostics.dll	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Diagnostics\Microsoft.PowerShell.Commands.Diagnostics.dll\Microsoft.PowerShell.Commands.Diagnostics.dll	type = file_attributes	1	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Diagnostics	type = file_attributes	1	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Diagnostics\Microsoft.PowerShell.Commands.Diagnostics.dll	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Commands.Diagnostics	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Commands.Diagnostics\Microsoft.PowerShell.Commands.Diagnostics.dll	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Diagnostics\Microsoft.PowerShell.Diagnostics.psd1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	4	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_feb6e263-7453-44d6-b878-c608056d0a54	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_feb6e263-7453-44d6-b878-c608056d0a54	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	type = file_type	4	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\Microsoft.PowerShell.Archive.psd1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_2a874a81-10d4-4755-addd-76574f566022	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_2a874a81-10d4-4755-addd-76574f566022	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_7a1c76d2-e099-4a8b-839e-368caecefb78	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_7a1c76d2-e099-4a8b-839e-368caecefb78	type = file_type	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Appx\PSGetModuleInfo.xml	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Appx\Appx.psm1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	4	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_715975f8-e1f6-4c0b-b0e0-c414c8f31f6c	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_715975f8-e1f6-4c0b-b0e0-c414c8f31f6c	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	type = file_type	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetworkTransition\NetworkTransition.psd1	type = file_attributes	1	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.BackgroundIntelligentTransfer.Management	type = file_attributes	1	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.BackgroundIntelligentTransfer.Management\Microsoft.BackgroundIntelligentTransfer.Management.psd1	type = file_attributes	1	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.BackgroundIntelligentTransfer.Management\Microsoft.BackgroundIntelligentTransfer.Management.psm1	type = file_attributes	1	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.BackgroundIntelligentTransfer.Management\Microsoft.BackgroundIntelligentTransfer.Management.cdxml	type = file_attributes	1	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.BackgroundIntelligentTransfer.Management\Microsoft.BackgroundIntelligentTransfer.Management.xaml	type = file_attributes	1	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.BackgroundIntelligentTransfer.Management\Microsoft.BackgroundIntelligentTransfer.Management.dll	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.BackgroundIntelligentTransfer.Management	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.BackgroundIntelligentTransfer.Management\Microsoft.BackgroundIntelligentTransfer.Management.psd1	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.BackgroundIntelligentTransfer.Management\Microsoft.BackgroundIntelligentTransfer.Management.psm1	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.BackgroundIntelligentTransfer.Management\Microsoft.BackgroundIntelligentTransfer.Management.cdxml	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.BackgroundIntelligentTransfer.Management\Microsoft.BackgroundIntelligentTransfer.Management.xaml	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.BackgroundIntelligentTransfer.Management\Microsoft.BackgroundIntelligentTransfer.Management.dll	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	4	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_7426ec65-88cb-4125-bfda-28a90799cb17	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_7426ec65-88cb-4125-bfda-28a90799cb17	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft_Corporation\DefaultDomain_Path_vts5ulh4lcatsmkjq054m5tgofqeypsd\10.0.10240.16384\user.config	type = file_attributes	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft_Corporation\DefaultDomain_Path_vts5ulh4lcatsmkjq054m5tgofqeypsd\10.0.10240.16384\user.config	type = file_attributes	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheContentServerSettingData.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheContentServerSettingData.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheHostedCacheServerSettingData.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheHostedCacheServerSettingData.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheNetworkSettingData.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheNetworkSettingData.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheOrchestrator.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheOrchestrator.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCachePrimaryPublicationCacheFile.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCachePrimaryPublicationCacheFile.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCachePrimaryRepublicationCacheFile.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCachePrimaryRepublicationCacheFile.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheSecondaryRepublicationCacheFile.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheSecondaryRepublicationCacheFile.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheStatus.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheStatus.cdxml	type = file_type	4	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	4	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_59bc9091-fe40-4864-9692-4f867c8e4e24	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_59bc9091-fe40-4864-9692-4f867c8e4e24	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	4	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_a532ea93-3042-49a9-90eb-8d9b5f6bf9bf	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_a532ea93-3042-49a9-90eb-8d9b5f6bf9bf	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	type = file_type	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Dism\Dism.psm1	type = file_attributes	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Dism\Dism.psm1	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	4	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_9633aa10-1400-46af-967c-4a7f154d1eb2	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Dism\Dism.psd1	type = file_attributes	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	4	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_716cbfc2-f9be-454c-8886-abe5ad82ca58	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_716cbfc2-f9be-454c-8886-abe5ad82ca58	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	type = file_type	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\MSFT_DnsClient.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\MSFT_DnsClient.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\MSFT_DnsClientCache.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\MSFT_DnsClientCache.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\MSFT_DnsClientGlobalSetting.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\MSFT_DnsClientGlobalSetting.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\MSFT_DnsClientServerAddress.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\MSFT_DnsClientServerAddress.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\PS_DnsClientNrptPolicy_v1.0.0.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\PS_DnsClientNrptPolicy_v1.0.0.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\PS_DnsClientNRPTGlobal_v1.0.0.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\PS_DnsClientNRPTGlobal_v1.0.0.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\PS_DnsClientNRPTRule_v1.0.0.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\PS_DnsClientNRPTRule_v1.0.0.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\DnsClient.psd1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	6	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_d4701662-09f1-450f-945d-4b2c1e5121cb	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_d4701662-09f1-450f-945d-4b2c1e5121cb	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	type = file_type	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\EventTracingManagement\MSFT_EtwTraceProvider_v1.0.cdxml	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\EventTracingManagement\MSFT_AutologgerConfig_v1.0.cdxml	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Kds\Kds.psd1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	4	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_070d1158-b694-415b-9922-55bf6b2e7316	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_070d1158-b694-415b-9922-55bf6b2e7316	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	type = file_type	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetEventPacketCapture\MSFT_NetEventWFPCaptureProvider.cdxml	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallRule.cmdletDefinition.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallRule.cmdletDefinition.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecRule.cmdletDefinition.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecRule.cmdletDefinition.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecMainModeRule.cmdletDefinition.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecMainModeRule.cmdletDefinition.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallAddressFilter.cmdletDefinition.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallAddressFilter.cmdletDefinition.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallApplicationFilter.cmdletDefinition.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallApplicationFilter.cmdletDefinition.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallInterfaceFilter.cmdletDefinition.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallInterfaceFilter.cmdletDefinition.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallInterfaceTypeFilter.cmdletDefinition.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallInterfaceTypeFilter.cmdletDefinition.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallSecurityFilter.cmdletDefinition.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallSecurityFilter.cmdletDefinition.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallPortFilter.cmdletDefinition.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallPortFilter.cmdletDefinition.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallServiceFilter.cmdletDefinition.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallServiceFilter.cmdletDefinition.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecPhase1AuthSet.cmdletDefinition.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecPhase1AuthSet.cmdletDefinition.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecPhase2AuthSet.cmdletDefinition.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecPhase2AuthSet.cmdletDefinition.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallProfile.cmdletDefinition.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallProfile.cmdletDefinition.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecPolicyChange.cmdletDefinition.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecPolicyChange.cmdletDefinition.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecDospSetting.cmdletDefinition.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecDospSetting.cmdletDefinition.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecIdentity.cmdletDefinition.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecIdentity.cmdletDefinition.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecMainModeSA.cmdletDefinition.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecMainModeSA.cmdletDefinition.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecQuickModeSA.cmdletDefinition.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecQuickModeSA.cmdletDefinition.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallSetting.cmdletDefinition.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallSetting.cmdletDefinition.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetGPO.cmdletDefinition.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetGPO.cmdletDefinition.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetSecurity.psd1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	4	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_97ffb31e-6609-44ec-8dbd-7bd829532fa2	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_97ffb31e-6609-44ec-8dbd-7bd829532fa2	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	type = file_type	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSwitchTeam\MSFT_NetSwitchTeamMember.cdxml	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PrintManagement\PSGetModuleInfo.xml	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PrintManagement\MSFT_Printer_v1.0.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PrintManagement\MSFT_Printer_v1.0.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PrintManagement\MSFT_PrinterPort_v1.0.cdxml	type = file_attributes	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PrintManagement\MSFT_PrinterPort_v1.0.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PrintManagement\MSFT_PrinterPortTasks_v1.0.cdxml	type = file_attributes	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PrintManagement\MSFT_PrinterPortTasks_v1.0.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PrintManagement\MSFT_PrinterDriver_v1.0.cdxml	type = file_attributes	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PrintManagement\MSFT_PrinterDriver_v1.0.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PrintManagement\MSFT_PrinterConfiguration_v1.0.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PrintManagement\MSFT_PrinterConfiguration_v1.0.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PrintManagement\MSFT_WsdPrinterPort_v1.0.cdxml	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PrintManagement\PrintManagement.psd1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	4	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_3e14834e-86a7-459f-9fcd-501f39eda11e	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\PrintManagement\PrintManagement.psd1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_3e14834e-86a7-459f-9fcd-501f39eda11e	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	type = file_type	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\Remove-DscConfigurationDocument.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\Remove-DscConfigurationDocument.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\Disable-DscDebug.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\Disable-DscDebug.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\Enable-DscDebug.cdxml	type = file_attributes	3	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\Enable-DscDebug.cdxml	type = file_type	4	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\PSDesiredStateConfiguration.psd1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	4	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_686ae2ff-290e-48a8-b620-4738af13da54	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\PSDesiredStateConfiguration\PSDesiredStateConfiguration.psd1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_686ae2ff-290e-48a8-b620-4738af13da54	type = file_type	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSScheduledJob\PSScheduledJob.types.ps1xml	type = file_attributes	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSScheduledJob\PSScheduledJob.Format.ps1xml	type = file_attributes	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSScheduledJob\PSGetModuleInfo.xml	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSScheduledJob\Microsoft.PowerShell.ScheduledJob.dll	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSScheduledJob\Microsoft.PowerShell.ScheduledJob.dll\Microsoft.PowerShell.ScheduledJob.dll	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSScheduledJob\PSScheduledJob.psd1	type = file_attributes	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	4	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_31b8a10f-8ce7-4bb1-9bd9-2a27c5b35dd0	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\PSScheduledJob\PSScheduledJob.psd1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_31b8a10f-8ce7-4bb1-9bd9-2a27c5b35dd0	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	type = file_type	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ScheduledTasks\PSScheduledJobPrxy.psm1	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ScheduledTasks\ScheduledTasks.psd1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	4	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_6fb576c0-43d5-4445-8dea-7538cb50b85a	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\ScheduledTasks\ScheduledTasks.psd1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_6fb576c0-43d5-4445-8dea-7538cb50b85a	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	type = file_type	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SecureBoot\SecureBoot.psd1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	4	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_83143f66-91fc-433c-913d-32122739b598	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\SecureBoot\SecureBoot.psd1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_83143f66-91fc-433c-913d-32122739b598	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	type = file_type	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\TLS\TLS.psd1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	4	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_ff24072f-761a-4f22-8347-03f6ef8b7364	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\TLS\TLS.psd1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_ff24072f-761a-4f22-8347-03f6ef8b7364	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	type = file_type	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\TrustedPlatformModule\TrustedPlatformModule.psd1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	4	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_e31714f3-7ec1-453d-ad0c-53640b993b8d	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	4	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\TrustedPlatformModule\TrustedPlatformModule.psd1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_e31714f3-7ec1-453d-ad0c-53640b993b8d	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	type = file_type	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\VpnClient\PS_VpnConnectionTriggerApplication_v1.0.cdxml	type = file_attributes	1	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\WindowsDeveloperLicense\WindowsDeveloperLicense.psd1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	4	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_9e79dfea-9a9e-4b0c-9dc6-4c6306b668db	type = file_type	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\WindowsDeveloperLicense\WindowsDeveloperLicense.psd1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_9e79dfea-9a9e-4b0c-9dc6-4c6306b668db	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	type = file_type	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\WindowsErrorReporting.psm1	type = file_attributes	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\WindowsErrorReporting.psm1	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	4	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_7ea7506b-a93c-4d5e-94a6-d62e077885da	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\WindowsErrorReporting.psd1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	4	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_bf1ff1f4-3020-4c54-ba97-8106c1387f4c	type = file_type	2	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	2	Fn
Get Info	c:\windows\system32\windowspowershell\v1.0\Modules\WindowsErrorReporting\WindowsErrorReporting.psd1	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_bf1ff1f4-3020-4c54-ba97-8106c1387f4c	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	type = file_type	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	type = file_type	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\WindowsUpdate\.\WindowsUpdateLog.psm1	type = file_attributes	1	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.format.ps1xml	type = file_attributes	2	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PSGetModuleInfo.xml	type = file_attributes	1	Fn
Get Info	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\Microsoft.PowerShell.PackageManagement.dll	type = file_attributes	1	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	type = file_type	4	Fn
Get Info	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_939f9dda-79d8-444f-baf8-6fed82aaa5ae	type = file_type	2	Fn
Get Info	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Dism	type = file_attributes	1	Fn
Open	STD_OUTPUT_HANDLE	-	1	Fn
Open	STD_INPUT_HANDLE	-	1	Fn
Open	STD_ERROR_HANDLE	-	1	Fn
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml	size = 4096, size_out = 4096	54	Fn Data
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml	size = 4096, size_out = 719	1	Fn Data
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\typesv3.ps1xml	size = 4096, size_out = 4096	4	Fn Data
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\typesv3.ps1xml	size = 4096, size_out = 2838	1	Fn Data
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\typesv3.ps1xml	size = 234, size_out = 0	1	Fn
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\typesv3.ps1xml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml	size = 4096, size_out = 4096	6	Fn Data
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml	size = 4096, size_out = 2762	1	Fn Data
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml	size = 310, size_out = 0	1	Fn
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	size = 4096, size_out = 4096	36	Fn Data
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	size = 4096, size_out = 1199	1	Fn Data
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	size = 849, size_out = 0	1	Fn
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml	size = 4096, size_out = 4096	5	Fn Data
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml	size = 4096, size_out = 3065	1	Fn Data
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml	size = 7, size_out = 0	1	Fn
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml	size = 4096, size_out = 4096	70	Fn Data
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml	size = 4096, size_out = 1218	1	Fn Data
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml	size = 830, size_out = 0	1	Fn
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\HelpV3.format.ps1xml	size = 4096, size_out = 4096	54	Fn Data
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\HelpV3.format.ps1xml	size = 4096, size_out = 1337	1	Fn Data
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\HelpV3.format.ps1xml	size = 711, size_out = 0	1	Fn
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\HelpV3.format.ps1xml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	size = 4096, size_out = 4096	27	Fn Data
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	size = 4096, size_out = 3416	1	Fn Data
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	size = 680, size_out = 0	1	Fn
Read	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	size = 4096, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 4096, size_out = 1427	1	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 621, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 4096, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 4096	3	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 1509	1	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 539, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config	size = 4096, size_out = 4096	8	Fn Data
Read	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config	size = 4096, size_out = 3215	1	Fn Data
Read	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 1921	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_85525a38-be22-4966-b0fc-b808e4124a0f	size = 4096, size_out = 4096	4	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_85525a38-be22-4966-b0fc-b808e4124a0f	size = 3, size_out = 3	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_85525a38-be22-4966-b0fc-b808e4124a0f	size = 53, size_out = 53	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_85525a38-be22-4966-b0fc-b808e4124a0f	size = 6, size_out = 6	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_85525a38-be22-4966-b0fc-b808e4124a0f	size = 15, size_out = 15	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_85525a38-be22-4966-b0fc-b808e4124a0f	size = 4096, size_out = 1634	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_85525a38-be22-4966-b0fc-b808e4124a0f	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_e1d59afd-fedf-4dad-a2f3-bba3e7eabe5c	size = 4096, size_out = 2418	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_e1d59afd-fedf-4dad-a2f3-bba3e7eabe5c	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_06f90924-1e5d-474b-ba1f-65c4b5caf36a	size = 4096, size_out = 341	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_06f90924-1e5d-474b-ba1f-65c4b5caf36a	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_bf1cb9b0-ce8c-44e7-bb1c-52ad1299acf8	size = 4096, size_out = 4096	3	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_bf1cb9b0-ce8c-44e7-bb1c-52ad1299acf8	size = 13, size_out = 13	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_bf1cb9b0-ce8c-44e7-bb1c-52ad1299acf8	size = 31, size_out = 31	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_bf1cb9b0-ce8c-44e7-bb1c-52ad1299acf8	size = 12, size_out = 12	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_bf1cb9b0-ce8c-44e7-bb1c-52ad1299acf8	size = 4096, size_out = 2458	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_bf1cb9b0-ce8c-44e7-bb1c-52ad1299acf8	size = 4096, size_out = 0	1	Fn
Read	C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1	size = 4096, size_out = 2389	1	Fn Data
Read	C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1	size = 683, size_out = 0	1	Fn
Read	C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1	size = 4096, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 4096, size_out = 1427	1	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 621, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 4096, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 4096	3	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 1509	1	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 539, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 1921	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 0	4	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 2193	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_90100f0c-eae9-4816-a5c9-cb7f94596ee3	size = 4096, size_out = 501	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_90100f0c-eae9-4816-a5c9-cb7f94596ee3	size = 4096, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 4096, size_out = 1427	1	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 621, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 4096, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 4096	3	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 1509	1	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 539, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 2193	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 2479	2	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_feb6e263-7453-44d6-b878-c608056d0a54	size = 4096, size_out = 1001	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_feb6e263-7453-44d6-b878-c608056d0a54	size = 4096, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 4096, size_out = 1427	2	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 621, size_out = 0	2	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 4096, size_out = 0	2	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 4096	6	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 1509	2	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 539, size_out = 0	2	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 0	2	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 2757	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_2a874a81-10d4-4755-addd-76574f566022	size = 4096, size_out = 504	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_2a874a81-10d4-4755-addd-76574f566022	size = 4096, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 4096, size_out = 1427	1	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 621, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 2757	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 2996	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_7a1c76d2-e099-4a8b-839e-368caecefb78	size = 4096, size_out = 1043	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_7a1c76d2-e099-4a8b-839e-368caecefb78	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 2996	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 3225	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_715975f8-e1f6-4c0b-b0e0-c414c8f31f6c	size = 4096, size_out = 2583	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_715975f8-e1f6-4c0b-b0e0-c414c8f31f6c	size = 4096, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 4096, size_out = 1427	1	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 621, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 4096, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 4096	3	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 1509	1	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 539, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 3225	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 3470	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_7426ec65-88cb-4125-bfda-28a90799cb17	size = 4096, size_out = 1547	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_7426ec65-88cb-4125-bfda-28a90799cb17	size = 4096, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 4096, size_out = 1427	1	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 621, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 4096, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 4096	3	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 1509	1	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 539, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheContentServerSettingData.cdxml	size = 4096, size_out = 439	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheContentServerSettingData.cdxml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheHostedCacheServerSettingData.cdxml	size = 4096, size_out = 447	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheHostedCacheServerSettingData.cdxml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheNetworkSettingData.cdxml	size = 4096, size_out = 427	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheNetworkSettingData.cdxml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheOrchestrator.cdxml	size = 4096, size_out = 4096	8	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheOrchestrator.cdxml	size = 4096, size_out = 2660	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheOrchestrator.cdxml	size = 412, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheOrchestrator.cdxml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCachePrimaryPublicationCacheFile.cdxml	size = 4096, size_out = 407	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCachePrimaryPublicationCacheFile.cdxml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCachePrimaryRepublicationCacheFile.cdxml	size = 4096, size_out = 407	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCachePrimaryRepublicationCacheFile.cdxml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheSecondaryRepublicationCacheFile.cdxml	size = 4096, size_out = 425	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheSecondaryRepublicationCacheFile.cdxml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheStatus.cdxml	size = 4096, size_out = 401	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BranchCache\BranchCacheStatus.cdxml	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 3470	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 3713	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_59bc9091-fe40-4864-9692-4f867c8e4e24	size = 4096, size_out = 4096	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_59bc9091-fe40-4864-9692-4f867c8e4e24	size = 39, size_out = 39	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_59bc9091-fe40-4864-9692-4f867c8e4e24	size = 4096, size_out = 1720	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_59bc9091-fe40-4864-9692-4f867c8e4e24	size = 4096, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 4096, size_out = 1427	1	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 621, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 4096, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 4096	3	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 1509	1	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 539, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 3713	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 3954	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_a532ea93-3042-49a9-90eb-8d9b5f6bf9bf	size = 4096, size_out = 4096	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_a532ea93-3042-49a9-90eb-8d9b5f6bf9bf	size = 56, size_out = 56	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_a532ea93-3042-49a9-90eb-8d9b5f6bf9bf	size = 4096, size_out = 342	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_a532ea93-3042-49a9-90eb-8d9b5f6bf9bf	size = 4096, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 4096, size_out = 1427	1	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 621, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 4096, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 4096	3	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 1509	1	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 539, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Dism\Dism.psm1	size = 4096, size_out = 423	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Dism\Dism.psm1	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 4096	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 136	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 4096	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 365	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 4096	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 365	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 4096	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 594	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_716cbfc2-f9be-454c-8886-abe5ad82ca58	size = 4096, size_out = 4096	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_716cbfc2-f9be-454c-8886-abe5ad82ca58	size = 15, size_out = 15	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_716cbfc2-f9be-454c-8886-abe5ad82ca58	size = 4096, size_out = 3677	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_716cbfc2-f9be-454c-8886-abe5ad82ca58	size = 4096, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 4096, size_out = 1427	1	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 621, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 4096, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 4096	3	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 1509	1	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 539, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\MSFT_DnsClient.cdxml	size = 4096, size_out = 4096	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\MSFT_DnsClient.cdxml	size = 4096, size_out = 408	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\MSFT_DnsClient.cdxml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\MSFT_DnsClientCache.cdxml	size = 4096, size_out = 4096	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\MSFT_DnsClientCache.cdxml	size = 4096, size_out = 34	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\MSFT_DnsClientCache.cdxml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\MSFT_DnsClientGlobalSetting.cdxml	size = 4096, size_out = 1306	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\MSFT_DnsClientGlobalSetting.cdxml	size = 742, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\MSFT_DnsClientGlobalSetting.cdxml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\MSFT_DnsClientServerAddress.cdxml	size = 4096, size_out = 3613	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\MSFT_DnsClientServerAddress.cdxml	size = 483, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\MSFT_DnsClientServerAddress.cdxml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\PS_DnsClientNrptPolicy_v1.0.0.cdxml	size = 4096, size_out = 1704	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\PS_DnsClientNrptPolicy_v1.0.0.cdxml	size = 344, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\PS_DnsClientNrptPolicy_v1.0.0.cdxml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\PS_DnsClientNRPTGlobal_v1.0.0.cdxml	size = 4096, size_out = 4096	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\PS_DnsClientNRPTGlobal_v1.0.0.cdxml	size = 4096, size_out = 1092	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\PS_DnsClientNRPTGlobal_v1.0.0.cdxml	size = 956, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\PS_DnsClientNRPTGlobal_v1.0.0.cdxml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\PS_DnsClientNRPTRule_v1.0.0.cdxml	size = 4096, size_out = 4096	4	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\PS_DnsClientNRPTRule_v1.0.0.cdxml	size = 4096, size_out = 2266	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\PS_DnsClientNRPTRule_v1.0.0.cdxml	size = 806, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\PS_DnsClientNRPTRule_v1.0.0.cdxml	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 4096	2	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 594	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 0	2	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 4096	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 833	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_d4701662-09f1-450f-945d-4b2c1e5121cb	size = 4096, size_out = 3199	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_d4701662-09f1-450f-945d-4b2c1e5121cb	size = 4096, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 4096, size_out = 1427	1	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 621, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 4096, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 4096	3	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 1509	1	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 539, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 4096	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 2031	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 0	1	Fn
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex	size = 4096, size_out = 2258	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_070d1158-b694-415b-9922-55bf6b2e7316	size = 4096, size_out = 1191	1	Fn Data
Read	C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_070d1158-b694-415b-9922-55bf6b2e7316	size = 4096, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 4096, size_out = 1427	1	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 621, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\PackageManagement.psd1	size = 4096, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 4096	3	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 1509	1	Fn Data
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 539, size_out = 0	1	Fn
Read	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallRule.cmdletDefinition.cdxml	size = 4096, size_out = 4096	7	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallRule.cmdletDefinition.cdxml	size = 4096, size_out = 2610	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallRule.cmdletDefinition.cdxml	size = 462, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallRule.cmdletDefinition.cdxml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecRule.cmdletDefinition.cdxml	size = 4096, size_out = 4096	9	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecRule.cmdletDefinition.cdxml	size = 4096, size_out = 2379	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecRule.cmdletDefinition.cdxml	size = 693, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecRule.cmdletDefinition.cdxml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecMainModeRule.cmdletDefinition.cdxml	size = 4096, size_out = 4096	4	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecMainModeRule.cmdletDefinition.cdxml	size = 4096, size_out = 354	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecMainModeRule.cmdletDefinition.cdxml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallAddressFilter.cmdletDefinition.cdxml	size = 4096, size_out = 3841	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallAddressFilter.cmdletDefinition.cdxml	size = 255, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallAddressFilter.cmdletDefinition.cdxml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallApplicationFilter.cmdletDefinition.cdxml	size = 4096, size_out = 3232	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallApplicationFilter.cmdletDefinition.cdxml	size = 864, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallApplicationFilter.cmdletDefinition.cdxml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallInterfaceFilter.cmdletDefinition.cdxml	size = 4096, size_out = 3045	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallInterfaceFilter.cmdletDefinition.cdxml	size = 27, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallInterfaceFilter.cmdletDefinition.cdxml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallInterfaceTypeFilter.cmdletDefinition.cdxml	size = 4096, size_out = 3691	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallInterfaceTypeFilter.cmdletDefinition.cdxml	size = 405, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallInterfaceTypeFilter.cmdletDefinition.cdxml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallSecurityFilter.cmdletDefinition.cdxml	size = 4096, size_out = 4096	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallSecurityFilter.cmdletDefinition.cdxml	size = 4096, size_out = 1458	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallSecurityFilter.cmdletDefinition.cdxml	size = 590, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallSecurityFilter.cmdletDefinition.cdxml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallPortFilter.cmdletDefinition.cdxml	size = 4096, size_out = 4096	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallPortFilter.cmdletDefinition.cdxml	size = 4096, size_out = 768	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallPortFilter.cmdletDefinition.cdxml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallServiceFilter.cmdletDefinition.cdxml	size = 4096, size_out = 2800	1	Fn Data
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallServiceFilter.cmdletDefinition.cdxml	size = 272, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetFirewallServiceFilter.cmdletDefinition.cdxml	size = 4096, size_out = 0	1	Fn
Read	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSecurity\NetIPsecPhase1AuthSet.cmdletDefinition.cdxml	size = 4096, size_out = 4096	2	Fn Data
For performance reasons, the remaining 317 entries are omitted. The remaining entries can be found in glog.xml.

Registry (1745)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\Transcription	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell\Transcription	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	1	Fn
Open Key	HKEY_CURRENT_USER\Environment	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell	-	4	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell	-	4	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell	-	4	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell	-	4	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell	-	4	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security	-	4	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell	-	4	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application	-	2	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents	-	2	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer	-	2	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service	-	2	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts	-	2	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System	-	2	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell	-	2	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	84	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	9	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine	-	4	Fn
Open Key	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	1	Fn
Open Key	HKEY_CURRENT_USER\SOFTWARE\Microsoft\.NETFramework\XML	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\XML	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	5	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine	-	5	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	2	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	6	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	2	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	9	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	5	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	2	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	2	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	4	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	4	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	11	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	11	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	5	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	5	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	2	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	43	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	7	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	6	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	6	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	26	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	7	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	7	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	16	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	2	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	15	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	15	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	36	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	4	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	4	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	10	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	10	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	6	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	8	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	8	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	4	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	4	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	25	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	22	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	5	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	17	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	20	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	5	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	5	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	13	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	13	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	6	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	4	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	4	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	17	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	17	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	11	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	11	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	5	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	7	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	7	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	30	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	2	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	6	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	7	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	7	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	3	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	-	2	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine	value_name = ApplicationBase, data = 0, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine	value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time	value_name = TZI, type = REG_BINARY	2	Fn Data
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST	value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST	value_name = FirstEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST	value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST	value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST	value_name = 2007, type = REG_BINARY	2	Fn Data
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST	value_name = 2008, type = REG_BINARY	2	Fn Data
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time	value_name = MUI_Display, data = 0, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time	value_name = MUI_Display, data = @tzres.dll,-670, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time	value_name = MUI_Std, data = 0, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time	value_name = MUI_Std, data = @tzres.dll,-672, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time	value_name = MUI_Dlt, data = 0, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time	value_name = MUI_Dlt, data = @tzres.dll,-671, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = PSMODULEPATH, data = 0, type = REG_EXPAND_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = PSMODULEPATH, data = %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\, type = REG_EXPAND_SZ	1	Fn
Read Value	HKEY_CURRENT_USER\Environment	value_name = PSMODULEPATH, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine	value_name = ApplicationBase, data = 0, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine	value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	84	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	9	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine	value_name = ApplicationBase, data = 0, type = REG_SZ	4	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine	value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ	4	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds	value_name = PipelineMaxStackSizeMB, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine	value_name = ApplicationBase, data = 0, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine	value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	5	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine	value_name = ApplicationBase, data = 0, type = REG_SZ	5	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine	value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ	5	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	2	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	6	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	2	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	9	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	5	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	2	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	2	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	4	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	4	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	11	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	11	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	5	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	5	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	2	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	43	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	7	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	6	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	6	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	26	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	7	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	7	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	16	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	2	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	15	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	15	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	36	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	4	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	4	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	10	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	10	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	6	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	8	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	8	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	4	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	4	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	25	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	22	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	5	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	17	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	20	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	5	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	5	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	13	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	13	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	6	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	4	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	4	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	17	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	17	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	11	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	11	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	5	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	7	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	7	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	30	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	2	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	6	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	7	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	7	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	3	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine	value_name = ApplicationBase, data = 0, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine	value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = __PSLockdownPolicy, type = REG_NONE	2	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	-	3	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	-	3	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	-	3	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	-	3	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	-	3	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	-	3	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	-	3	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	-	3	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	-	1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	-	1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	-	1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	-	1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	-	1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	-	1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	-	1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	-	1	Fn
Get Key Info	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	-	3	Fn
Get Key Info	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	-	1	Fn

Process (1)

Operation	Process	Additional Information	Success	Count	Logfile
Create	Dec.exe	show_window = SW_SHOWMAXIMIZED		1	Fn

Module (9)

Operation	Module	Additional Information	Count	Logfile
Load	C:\Windows\system32\en-US\tzres.dll.mui	base_address = 0x8ab0001	3	Fn
Get Filename	-	process_name = c:\windows\system32\backgroundtaskhost.exe, file_name_orig = C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, size = 2048	1	Fn
Get Filename	-	process_name = c:\windows\system32\backgroundtaskhost.exe, file_name_orig = C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, size = 2048	2	Fn
Get Filename	-	process_name = c:\windows\syswow64\windowspowershell\v1.0\powershell.exe, file_name_orig = C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, size = 260	3	Fn

User (1)

Operation	Additional Information	Success	Count	Logfile
Lookup Privilege	privilege = SeDebugPrivilege, luid = 20		1	Fn

System (5087)

Operation	Additional Information	Count	Logfile
Sleep	duration = 0 milliseconds (0.000 seconds)	3509	Fn
Sleep	duration = 5 milliseconds (0.005 seconds)	1	Fn
Sleep	duration = -1 (infinite)	2	Fn
Get Info	type = SYSTEM_PROCESS_INFORMATION	3	Fn
Get Info	type = System Directory, result_out = C:\Windows\system32	786	Fn
Get Info	type = Hardware Information	786	Fn

Mutex (245)

Operation	Additional Information	Count	Logfile
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	3	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	4	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Create	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	3	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	3	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	3	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	6	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	-	43	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	3	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	3	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	2	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn
Release	mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000	1	Fn

Environment (493)

Operation	Additional Information	Count	Logfile
Get Environment String	name = MshEnableTrace	29	Fn
Get Environment String	name = PSModulePath, result_out = C:\Windows\system32\WindowsPowerShell\v1.0\Modules\	1	Fn
Get Environment String	name = PathEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC	1	Fn
Get Environment String	name = PinnableBufferCache_System.Threading.OverlappedData_Disabled	1	Fn
Get Environment String	name = PinnableBufferCache_System.Threading.OverlappedData_MinCount	1	Fn
Get Environment String	name = PSMODULEPATH, result_out = C:\Windows\system32\WindowsPowerShell\v1.0\Modules\	1	Fn
Get Environment String	name = USERPROFILE, result_out = C:\Users\CIiHmnxMn6Ps	2	Fn
Get Environment String	name = PSModuleAutoLoadingPreference	10	Fn
Get Environment String	name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.CPL	6	Fn
Get Environment String	name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\	3	Fn
Get Environment String	name = PSMODULEPATH, result_out = C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules;C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules\	113	Fn
Get Environment String	name = PSDisableModuleAutoLoadingMemoryCache	322	Fn
Get Environment String	name = PSDisableModuleAutoloadingCacheMaintenance	1	Fn
Set Environment String	name = PathEXT, value = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.CPL	1	Fn
Set Environment String	name = PSMODULEPATH, value = C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules;C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules\	1	Fn

Process #12: cmd.exe

Information	Value
ID	#12
File Name	c:\windows\syswow64\cmd.exe
Command Line	cmd.exe /c start dec.exe
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:03:11, Reason: Child Process
Unmonitor	End Time: 00:03:13, Reason: Self Terminated
Monitor Duration	00:00:02

OS Process Information

Information	Value
PID	0xa34
Parent PID	0x57c (c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\windows\start menu\programs\startup\enc.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x A60 0x A74 0x A88 0x 9F0 0x A5C 0x 9F4

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000050000	0x00050000	0x0006ffff	Private Memory	rw	-
pagefile_0x0000000000050000	0x00050000	0x0005ffff	Pagefile Backed Memory	rw	-
private_0x0000000000060000	0x00060000	0x00063fff	Private Memory	rw	-
private_0x0000000000070000	0x00070000	0x00070fff	Private Memory	rw	-
private_0x0000000000070000	0x00070000	0x00073fff	Private Memory	rw	-
pagefile_0x0000000000080000	0x00080000	0x00093fff	Pagefile Backed Memory	r	-
private_0x00000000000a0000	0x000a0000	0x000dffff	Private Memory	rw	-
private_0x00000000000e0000	0x000e0000	0x001dffff	Private Memory	rw	-
pagefile_0x00000000001e0000	0x001e0000	0x001e3fff	Pagefile Backed Memory	r	-
pagefile_0x00000000001f0000	0x001f0000	0x001f0fff	Pagefile Backed Memory	r	-
private_0x0000000000200000	0x00200000	0x00201fff	Private Memory	rw	-
locale.nls	0x00210000	0x002cdfff	Memory Mapped File	r	-
private_0x00000000002d0000	0x002d0000	0x0030ffff	Private Memory	rw	-
imm32.dll	0x00310000	0x00339fff	Memory Mapped File	r	-
cmd.exe.mui	0x00310000	0x00330fff	Memory Mapped File	r	-
private_0x0000000000340000	0x00340000	0x00340fff	Private Memory	rw	-
private_0x0000000000350000	0x00350000	0x0035ffff	Private Memory	rw	-
private_0x0000000000360000	0x00360000	0x00360fff	Private Memory	rw	-
pagefile_0x0000000000370000	0x00370000	0x00372fff	Pagefile Backed Memory	r	-
windowsshell.manifest	0x00380000	0x00380fff	Memory Mapped File	r	-
pagefile_0x0000000000380000	0x00380000	0x00380fff	Pagefile Backed Memory	rw	-
pagefile_0x0000000000390000	0x00390000	0x00391fff	Pagefile Backed Memory	r	-
pagefile_0x00000000003a0000	0x003a0000	0x003a0fff	Pagefile Backed Memory	r	-
pagefile_0x00000000003b0000	0x003b0000	0x003b0fff	Pagefile Backed Memory	r	-
private_0x00000000003c0000	0x003c0000	0x003cffff	Private Memory	rw	-
pagefile_0x00000000003d0000	0x003d0000	0x003d1fff	Pagefile Backed Memory	r	-
pagefile_0x00000000003e0000	0x003e0000	0x003e2fff	Pagefile Backed Memory	r	-
pagefile_0x00000000003f0000	0x003f0000	0x003f0fff	Pagefile Backed Memory	r	-
pagefile_0x00000000003f0000	0x003f0000	0x003f3fff	Pagefile Backed Memory	r	-
private_0x0000000000400000	0x00400000	0x004fffff	Private Memory	rw	-
private_0x0000000000500000	0x00500000	0x005fffff	Private Memory	rw	-
pagefile_0x0000000000600000	0x00600000	0x00787fff	Pagefile Backed Memory	r	-
pagefile_0x0000000000790000	0x00790000	0x00910fff	Pagefile Backed Memory	r	-
private_0x0000000000920000	0x00920000	0x0095ffff	Private Memory	rw	-
user32.dll.mui	0x00920000	0x00924fff	Memory Mapped File	r	-
private_0x0000000000930000	0x00930000	0x00933fff	Private Memory	rw	-
duser.dll.mui	0x00940000	0x00940fff	Memory Mapped File	r	-
private_0x0000000000950000	0x00950000	0x0095ffff	Private Memory	rw	-
oleaut32.dll	0x00960000	0x009f0fff	Memory Mapped File	r	-
private_0x0000000000960000	0x00960000	0x0099ffff	Private Memory	rw	-
private_0x00000000009a0000	0x009a0000	0x00a9ffff	Private Memory	rw	-
private_0x0000000000aa0000	0x00aa0000	0x00adffff	Private Memory	rw	-
private_0x0000000000ae0000	0x00ae0000	0x00b1ffff	Private Memory	rw	-
comctl32.dll.mui	0x00b20000	0x00b22fff	Memory Mapped File	r	-
imageres.dll.mui	0x00b30000	0x00b30fff	Memory Mapped File	r	-
pagefile_0x0000000000b40000	0x00b40000	0x00b40fff	Pagefile Backed Memory	r	-
cmd.exe	0x00b50000	0x00b9ffff	Memory Mapped File	rwx	-
pagefile_0x0000000000ba0000	0x00ba0000	0x04b9ffff	Pagefile Backed Memory	-	-
pagefile_0x0000000004ba0000	0x04ba0000	0x05f9ffff	Pagefile Backed Memory	r	-
sortdefault.nls	0x05fa0000	0x062d6fff	Memory Mapped File	r	-
private_0x00000000062e0000	0x062e0000	0x063dffff	Private Memory	rw	-
private_0x00000000063e0000	0x063e0000	0x064dffff	Private Memory	rw	-
shell32.dll.mui	0x064e0000	0x06540fff	Memory Mapped File	r	-
private_0x0000000006550000	0x06550000	0x0658ffff	Private Memory	rw	-
private_0x0000000006590000	0x06590000	0x0668ffff	Private Memory	rw	-
pagefile_0x0000000006690000	0x06690000	0x06747fff	Pagefile Backed Memory	r	-
private_0x0000000006750000	0x06750000	0x067cffff	Private Memory	rw	-
imageres.dll	0x067d0000	0x093e2fff	Memory Mapped File	r	-
pagefile_0x00000000093f0000	0x093f0000	0x098e1fff	Pagefile Backed Memory	rw	-
staticcache.dat	0x098f0000	0x0a92ffff	Memory Mapped File	r	-
pagefile_0x000000000a930000	0x0a930000	0x0a978fff	Pagefile Backed Memory	rw	-
wow64cpu.dll	0x678d0000	0x678d7fff	Memory Mapped File	rwx	-
wow64win.dll	0x678e0000	0x67952fff	Memory Mapped File	rwx	-
wow64.dll	0x67960000	0x679aefff	Memory Mapped File	rwx	-
atlthunk.dll	0x74120000	0x7412cfff	Memory Mapped File	rwx	-
xmllite.dll	0x74130000	0x7415cfff	Memory Mapped File	rwx	-
dwmapi.dll	0x74160000	0x7417cfff	Memory Mapped File	rwx	-
duser.dll	0x74180000	0x741f9fff	Memory Mapped File	rwx	-
winnsi.dll	0x74200000	0x74207fff	Memory Mapped File	rwx	-
iphlpapi.dll	0x74210000	0x7423ffff	Memory Mapped File	rwx	-
wdi.dll	0x74240000	0x74259fff	Memory Mapped File	rwx	-
ndfapi.dll	0x74260000	0x74299fff	Memory Mapped File	rwx	-
actxprxy.dll	0x742a0000	0x744a6fff	Memory Mapped File	rwx	-
propsys.dll	0x744b0000	0x745f1fff	Memory Mapped File	rwx	-
uxtheme.dll	0x74600000	0x74674fff	Memory Mapped File	rwx	-
comctl32.dll	0x74680000	0x74888fff	Memory Mapped File	rwx	-
rsaenh.dll	0x748b0000	0x748defff	Memory Mapped File	rwx	-
bcrypt.dll	0x748e0000	0x748fafff	Memory Mapped File	rwx	-
cryptsp.dll	0x74900000	0x74912fff	Memory Mapped File	rwx	-
cmdext.dll	0x74920000	0x74927fff	Memory Mapped File	rwx	-
bcryptprimitives.dll	0x749d0000	0x74a28fff	Memory Mapped File	rwx	-
cryptbase.dll	0x74a30000	0x74a39fff	Memory Mapped File	rwx	-
sspicli.dll	0x74a40000	0x74a5dfff	Memory Mapped File	rwx	-
advapi32.dll	0x74b20000	0x74b9afff	Memory Mapped File	rwx	-
gdi32.dll	0x74c40000	0x74d8cfff	Memory Mapped File	rwx	-
kernel32.dll	0x74db0000	0x74e9ffff	Memory Mapped File	rwx	-
msvcrt.dll	0x74ea0000	0x74f5dfff	Memory Mapped File	rwx	-
shcore.dll	0x74f60000	0x74fecfff	Memory Mapped File	rwx	-
ws2_32.dll	0x74ff0000	0x7504bfff	Memory Mapped File	rwx	-
msctf.dll	0x75050000	0x7516ffff	Memory Mapped File	rwx	-
oleaut32.dll	0x751c0000	0x75251fff	Memory Mapped File	rwx	-
ole32.dll	0x75260000	0x75349fff	Memory Mapped File	rwx	-
rpcrt4.dll	0x75350000	0x753fbfff	Memory Mapped File	rwx	-
kernelbase.dll	0x75400000	0x75575fff	Memory Mapped File	rwx	-
user32.dll	0x75790000	0x758cffff	Memory Mapped File	rwx	-
imm32.dll	0x75a50000	0x75a7afff	Memory Mapped File	rwx	-
combase.dll	0x75a80000	0x75c39fff	Memory Mapped File	rwx	-
nsi.dll	0x75c40000	0x75c46fff	Memory Mapped File	rwx	-
powrprof.dll	0x75dd0000	0x75e13fff	Memory Mapped File	rwx	-
profapi.dll	0x75e20000	0x75e2efff	Memory Mapped File	rwx	-
sechost.dll	0x75e30000	0x75e72fff	Memory Mapped File	rwx	-
shell32.dll	0x75e80000	0x7723efff	Memory Mapped File	rwx	-
kernel.appcore.dll	0x77290000	0x7729bfff	Memory Mapped File	rwx	-
clbcatq.dll	0x77300000	0x77381fff	Memory Mapped File	rwx	-
windows.storage.dll	0x77400000	0x778dcfff	Memory Mapped File	rwx	-
shlwapi.dll	0x778e0000	0x77923fff	Memory Mapped File	rwx	-
ntdll.dll	0x77930000	0x77aa8fff	Memory Mapped File	rwx	-
private_0x000000007eda7000	0x7eda7000	0x7eda9fff	Private Memory	rw	-
private_0x000000007edaa000	0x7edaa000	0x7edacfff	Private Memory	rw	-
private_0x000000007edad000	0x7edad000	0x7edaffff	Private Memory	rw	-
pagefile_0x000000007edb0000	0x7edb0000	0x7eeaffff	Pagefile Backed Memory	r	-
pagefile_0x000000007eeb0000	0x7eeb0000	0x7eed2fff	Pagefile Backed Memory	r	-
private_0x000000007eed3000	0x7eed3000	0x7eed3fff	Private Memory	rw	-
private_0x000000007eed5000	0x7eed5000	0x7eed7fff	Private Memory	rw	-
private_0x000000007eed8000	0x7eed8000	0x7eedafff	Private Memory	rw	-
private_0x000000007eedb000	0x7eedb000	0x7eeddfff	Private Memory	rw	-
private_0x000000007eede000	0x7eede000	0x7eedefff	Private Memory	rw	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	r	-
private_0x000000007fff0000	0x7fff0000	0x7dffddf9ffff	Private Memory	r	-
pagefile_0x00007dffddfa0000	0x7dffddfa0000	0x7fffddf9ffff	Pagefile Backed Memory	-	-
ntdll.dll	0x7fffddfa0000	0x7fffde161fff	Memory Mapped File	rwx	-
private_0x00007fffde162000	0x7fffde162000	0x7ffffffeffff	Private Memory	r	-

Host Behavior

File (16)

Operation	Filename	Additional Information	Count	Logfile
Get Info	C:\Windows\system32	type = file_attributes	1	Fn
Get Info	C:\Windows\System32	type = file_attributes	1	Fn
Get Info	STD_ERROR_HANDLE	type = file_type	1	Fn
Open	STD_OUTPUT_HANDLE	-	5	Fn
Open	STD_INPUT_HANDLE	-	3	Fn
Open	STD_ERROR_HANDLE	-	4	Fn
Write	STD_ERROR_HANDLE	size = 42	1	Fn Data

Registry (17)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	-	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 248, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = AutoRun, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = AutoRun, data = 9, type = REG_NONE	1	Fn

Module (8)

Operation	Module	Additional Information	Count	Logfile
Get Handle	c:\windows\syswow64\cmd.exe	base_address = 0xb50000	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x74db0000	2	Fn
Get Filename	-	process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadUILanguage, address_out = 0x74df2780	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileExW, address_out = 0x74dcfa80	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x74dca790	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetConsoleInputExeNameW, address_out = 0x755135c0	1	Fn

Environment (13)

Operation	Additional Information	Count	Logfile
Get Environment String	-	4	Fn Data
Get Environment String	name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\	2	Fn
Get Environment String	name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC	2	Fn
Get Environment String	name = PROMPT	1	Fn
Get Environment String	name = COMSPEC, result_out = C:\Windows\system32\cmd.exe	1	Fn
Get Environment String	name = KEYS	1	Fn
Set Environment String	name = PROMPT, value = $P$G	1	Fn
Set Environment String	name = =C:, value = C:\Windows\System32	1	Fn

Notifications (2/3)

Monitored Processes

Behavior Information - Grouped by Category

Before

After