Jaff Ransomware | Sequential Behavior

Involved Hosts

Host	Resolved to	Country	City	Protocol
babil117.com	219.118.71.141	JP		HTTP
fkksjobnn43.org				HTTP

Monitored Processes

Behavior Information - Sequential View

Process #1: acrord32.exe

Information	Value
ID	#1
File Name	c:\program files (x86)\adobe\reader 9.1.0\reader\acrord32.exe
Command Line	"C:\Program Files (x86)\Adobe\Reader 9.1.0\Reader\AcroRd32.exe" ""
Initial Working Directory	C:\Users\hJrD1KOKY DS8lUjv\Desktop
Monitor	Start Time: 00:00:26, Reason: Analysis Target
Unmonitor	End Time: 00:04:46, Reason: Terminated
Monitor Duration	00:04:20
Remarks	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0x99c
Parent PID	0x7d0 (c:\windows\explorer.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	1R6PFH\hJrD1KOKY DS8lUjv
Groups	1R6PFH\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) BUILTIN\Administrators (USE_FOR_DENY_ONLY) BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Logon Session 00000000:0000e8a6 (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID) LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 9B0 0x 9AC 0x 9A8 0x 9A4 0x 9A0 0x 9C8 0x 9DC 0x 9E0 0x 9E4 0x 9E8 0x AC0 0x 8BC

Region

Name	Start VA	End VA	Type	Permissions	Actions
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000020000	0x00020000	0x00020fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000030000	0x00030000	0x00030fff	Private Memory	Readable, Writable	Region Actions
apisetschema.dll	0x00040000	0x00040fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x0000000000050000	0x00050000	0x00053fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000060000	0x00060000	0x00062fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000070000	0x00070000	0x0016ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000170000	0x00170000	0x00170fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000180000	0x00180000	0x00180fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000190000	0x00190000	0x00190fff	Pagefile Backed Memory	Readable	Region Actions
private_0x00000000001a0000	0x001a0000	0x001dffff	Private Memory	Readable, Writable	Region Actions
locale.nls	0x001e0000	0x00246fff	Memory Mapped File	Readable	Region Actions
private_0x0000000000250000	0x00250000	0x002cffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x00000000002d0000	0x002d0000	0x002d0fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000002e0000	0x002e0000	0x002e0fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000002f0000	0x002f0000	0x002f0fff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000300000	0x00300000	0x00301fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000310000	0x00310000	0x0031ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000320000	0x00320000	0x00321fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000330000	0x00330000	0x00330fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000340000	0x00340000	0x0043ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000440000	0x00440000	0x005c7fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000005d0000	0x005d0000	0x00750fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000760000	0x00760000	0x0085ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000860000	0x00860000	0x008dffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x00000000008e0000	0x008e0000	0x008e0fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000008f0000	0x008f0000	0x008f6fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000900000	0x00900000	0x00900fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000910000	0x00910000	0x0091ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000920000	0x00920000	0x009fefff	Pagefile Backed Memory	Readable	Region Actions
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001f.db	0x00a00000	0x00a1cfff	Memory Mapped File	Readable	Region Actions
pagefile_0x0000000000a20000	0x00a20000	0x00a21fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000a30000	0x00a30000	0x00a30fff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000a40000	0x00a40000	0x00a40fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000a50000	0x00a50000	0x00a8ffff	Private Memory	Readable, Writable	Region Actions
acrord32.exe	0x00a90000	0x00ae3fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x0000000000af0000	0x00af0000	0x01eeffff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000001ef0000	0x01ef0000	0x01f2ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001f30000	0x01f30000	0x01f4ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000001f50000	0x01f50000	0x01f50fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000001f60000	0x01f60000	0x01f60fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000001f70000	0x01f70000	0x01f70fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000001f80000	0x01f80000	0x01f80fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001f90000	0x01f90000	0x01f90fff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000001fa0000	0x01fa0000	0x01fa1fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000001fb0000	0x01fb0000	0x01fb2fff	Private Memory	Readable, Writable	Region Actions
oleaccrc.dll	0x01fc0000	0x01fc0fff	Memory Mapped File	Readable	Region Actions
private_0x0000000001fd0000	0x01fd0000	0x01fd2fff	Private Memory	Readable, Writable	Region Actions
cversions.2.db	0x01fd0000	0x01fd3fff	Memory Mapped File	Readable	Region Actions
private_0x0000000001fe0000	0x01fe0000	0x0201ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000002020000	0x02020000	0x02020fff	Pagefile Backed Memory	Readable	Region Actions
zy______.pfb	0x02030000	0x02047fff	Memory Mapped File	Readable	Region Actions
{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db	0x02050000	0x0207ffff	Memory Mapped File	Readable	Region Actions
cversions.2.db	0x02080000	0x02083fff	Memory Mapped File	Readable	Region Actions
private_0x0000000002090000	0x02090000	0x020cffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x00000000020d0000	0x020d0000	0x020d0fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x00000000020e0000	0x020e0000	0x0211ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002120000	0x02120000	0x0215ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000002160000	0x02160000	0x02160fff	Pagefile Backed Memory	Readable	Region Actions
private_0x00000000021b0000	0x021b0000	0x022affff	Private Memory	Readable, Writable	Region Actions
sortdefault.nls	0x022b0000	0x0257efff	Memory Mapped File	Readable	Region Actions
private_0x00000000025c0000	0x025c0000	0x026bffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000026d0000	0x026d0000	0x027cffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x00000000027d0000	0x027d0000	0x02bc2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000002be0000	0x02be0000	0x02c1ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002c30000	0x02c30000	0x02d2ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002d30000	0x02d30000	0x02f2ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002f40000	0x02f40000	0x0303ffff	Private Memory	Readable, Writable	Region Actions
staticcache.dat	0x03040000	0x0396ffff	Memory Mapped File	Readable	Region Actions
private_0x0000000003970000	0x03970000	0x03d6ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003d70000	0x03d70000	0x03daffff	Private Memory	Readable, Writable	Region Actions
{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db	0x03db0000	0x03e15fff	Memory Mapped File	Readable	Region Actions
private_0x0000000003e80000	0x03e80000	0x03ebffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003ef0000	0x03ef0000	0x0402efff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003f80000	0x03f80000	0x03fbffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004030000	0x04030000	0x0482ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004830000	0x04830000	0x0492ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004970000	0x04970000	0x049affff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004a10000	0x04a10000	0x04b0ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004b10000	0x04b10000	0x04c0ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004c60000	0x04c60000	0x04c6ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004d00000	0x04d00000	0x04dfffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004e30000	0x04e30000	0x04e6ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004f90000	0x04f90000	0x0508ffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000050b0000	0x050b0000	0x051affff	Private Memory	Readable, Writable	Region Actions
ieframe.dll	0x720c0000	0x72b3ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
mscms.dll	0x72590000	0x72608fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
userenv.dll	0x72620000	0x72636fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
updater.api	0x72680000	0x726b0fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sfc_os.dll	0x726c0000	0x726ccfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msi.dll	0x726d0000	0x7290ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
bibutils.dll	0x72910000	0x72938fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msftedit.dll	0x72940000	0x729d3fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
admplugin.apl	0x729e0000	0x72b38fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
escript.api	0x72b40000	0x72ca6fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
annots.api	0x72cb0000	0x73158fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
acrord32.dll	0x73160000	0x744e1fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
profapi.dll	0x74500000	0x7450afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rsaenh.dll	0x74520000	0x7455afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptsp.dll	0x74560000	0x74575fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntmarta.dll	0x74580000	0x745a0fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
propsys.dll	0x745b0000	0x746a4fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ace.dll	0x746b0000	0x74773fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
bib.dll	0x74780000	0x7479bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
winmm.dll	0x747a0000	0x747d1fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
comctl32.dll	0x747e0000	0x7497dfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cooltype.dll	0x74980000	0x74bdefff	Memory Mapped File	Readable, Writable, Executable	Region Actions
agm.dll	0x74be0000	0x7517ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
version.dll	0x75180000	0x75188fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvcr80.dll	0x75190000	0x7522afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvcp80.dll	0x75230000	0x752b6fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
dwmapi.dll	0x752c0000	0x752d2fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
uxtheme.dll	0x752e0000	0x7535ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sfc.dll	0x75370000	0x75372fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msiltcfg.dll	0x75380000	0x75386fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
oleacc.dll	0x75390000	0x753cbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
oleacc.dll	0x753a0000	0x753dbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msimg32.dll	0x753d0000	0x753d4fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sqlite.dll	0x753e0000	0x7541efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrtremote.dll	0x755a0000	0x755adfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64win.dll	0x755f0000	0x7564bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64.dll	0x75650000	0x7568efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64cpu.dll	0x756c0000	0x756c7fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptbase.dll	0x75890000	0x7589bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sspicli.dll	0x758a0000	0x758fffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
user32.dll	0x75900000	0x759fffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
oleaut32.dll	0x75bb0000	0x75c3efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
devobj.dll	0x75c40000	0x75c51fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
imm32.dll	0x75c60000	0x75cbffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
shlwapi.dll	0x75cc0000	0x75d16fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
gdi32.dll	0x75e80000	0x75f0ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
iertutil.dll	0x75f10000	0x7610afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wldap32.dll	0x76110000	0x76154fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
setupapi.dll	0x76160000	0x762fcfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernelbase.dll	0x76300000	0x76345fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cfgmgr32.dll	0x76390000	0x763b6fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
clbcatq.dll	0x76400000	0x76482fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
shell32.dll	0x76490000	0x770d9fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
usp10.dll	0x770e0000	0x7717cfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
psapi.dll	0x77180000	0x77184fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvcrt.dll	0x77190000	0x7723bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ole32.dll	0x772c0000	0x7741bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msctf.dll	0x77560000	0x7762bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sechost.dll	0x77660000	0x77678fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrt4.dll	0x77690000	0x7777ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernel32.dll	0x77780000	0x7788ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
advapi32.dll	0x77890000	0x7792ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
lpk.dll	0x77930000	0x77939fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000077940000	0x77940000	0x77a39fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000077a40000	0x77a40000	0x77b5efff	Private Memory	Readable, Writable, Executable	Region Actions
For performance reasons, the remaining 19 entries are omitted. The remaining entries can be found in flog.txt.

Process #2: winword.exe

(Host: 4321, Network: 1)

Information	Value
ID	#2
File Name	c:\program files\microsoft office\office10\winword.exe
Command Line	"C:\Program Files\Microsoft Office\office10\WINWORD.EXE" /n "C:\Users\HJRD1K~1\AppData\Local\Temp\A9R3F80.tmp\EQV6A.docm" /o "u"
Initial Working Directory	C:\Users\HJRD1K~1\AppData\Local\Temp\A9R3F80.tmp
Monitor	Start Time: 00:00:47, Reason: Child Process
Unmonitor	End Time: 00:04:45, Reason: Terminated
Monitor Duration	00:03:58

OS Process Information

Information	Value
PID	0x9ec
Parent PID	0x99c (c:\program files (x86)\adobe\reader 9.1.0\reader\acrord32.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	1R6PFH\hJrD1KOKY DS8lUjv
Groups	1R6PFH\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) BUILTIN\Administrators (USE_FOR_DENY_ONLY) BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Logon Session 00000000:0000e8a6 (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID) LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 9F0 0x 9F4 0x 9F8 0x 9FC 0x A00 0x A04 0x A24 0x A28 0x A2C 0x A30 0x A34 0x A38 0x A40 0x A44 0x A48 0x A4C 0x A5C 0x A60 0x AB0 0x AB8 0x AA4 0x 82C 0x 52C

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000020000	0x00020000	0x00020fff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000030000	0x00030000	0x00033fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000040000	0x00040000	0x00043fff	Pagefile Backed Memory	Readable	Region Actions
locale.nls	0x00050000	0x000b6fff	Memory Mapped File	Readable	Region Actions
private_0x00000000000c0000	0x000c0000	0x000c0fff	Private Memory	Readable, Writable	Region Actions
pagefile_0x00000000000d0000	0x000d0000	0x000d1fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000000e0000	0x000e0000	0x000e1fff	Pagefile Backed Memory	Readable	Region Actions
private_0x00000000000f0000	0x000f0000	0x000f0fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000100000	0x00100000	0x001fffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000200000	0x00200000	0x00200fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000210000	0x00210000	0x0021ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000220000	0x00220000	0x0022ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000230000	0x00230000	0x0032ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000330000	0x00330000	0x0033ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000340000	0x00340000	0x00370fff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000380000	0x00380000	0x00381fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000390000	0x00390000	0x0039ffff	Private Memory	-	Region Actions
pagefile_0x00000000003a0000	0x003a0000	0x003a6fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000003b0000	0x003b0000	0x003b1fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x00000000003c0000	0x003c0000	0x003c7fff	Private Memory	Readable, Writable	Region Actions
private_0x00000000003c0000	0x003c0000	0x003c1fff	Private Memory	Readable, Writable	Region Actions
pagefile_0x00000000003d0000	0x003d0000	0x003d1fff	Pagefile Backed Memory	Readable	Region Actions
private_0x00000000003e0000	0x003e0000	0x003e0fff	Private Memory	Readable, Writable	Region Actions
private_0x00000000003e0000	0x003e0000	0x003e1fff	Private Memory	Readable, Writable	Region Actions
private_0x00000000003f0000	0x003f0000	0x004effff	Private Memory	Readable, Writable	Region Actions
pagefile_0x00000000004f0000	0x004f0000	0x00677fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000680000	0x00680000	0x00800fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000810000	0x00810000	0x01c0ffff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000001c10000	0x01c10000	0x01d0ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001d10000	0x01d10000	0x01d4ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001d50000	0x01d50000	0x01d50fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001d50000	0x01d50000	0x01d80fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001d50000	0x01d50000	0x01d51fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001d60000	0x01d60000	0x01d60fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001d70000	0x01d70000	0x01d70fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001d80000	0x01d80000	0x01da7fff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000001db0000	0x01db0000	0x01db0fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000001dc0000	0x01dc0000	0x01dc0fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001dd0000	0x01dd0000	0x01ddffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001de0000	0x01de0000	0x01e4afff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001e50000	0x01e50000	0x01ecffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000001ed0000	0x01ed0000	0x01faefff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000001fb0000	0x01fb0000	0x01fb4fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000001fc0000	0x01fc0000	0x01fc0fff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000001fd0000	0x01fd0000	0x01fd1fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000001fe0000	0x01fe0000	0x01feffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001ff0000	0x01ff0000	0x020effff	Private Memory	Readable, Writable	Region Actions
pagefile_0x00000000020f0000	0x020f0000	0x020f0fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000002100000	0x02100000	0x02100fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000002110000	0x02110000	0x02111fff	Pagefile Backed Memory	Readable	Region Actions
msxml6r.dll	0x02110000	0x02110fff	Memory Mapped File	Readable	Region Actions
pagefile_0x0000000002120000	0x02120000	0x02120fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000002130000	0x02130000	0x0222ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000002230000	0x02230000	0x02622fff	Pagefile Backed Memory	Readable	Region Actions
sortdefault.nls	0x02630000	0x028fefff	Memory Mapped File	Readable	Region Actions
private_0x0000000002900000	0x02900000	0x02900fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002910000	0x02910000	0x02a0ffff	Private Memory	Readable, Writable	Region Actions
arialbd.ttf	0x02910000	0x029c6fff	Memory Mapped File	Readable	Region Actions
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001f.db	0x02a10000	0x02a2cfff	Memory Mapped File	Readable	Region Actions
pagefile_0x0000000002a30000	0x02a30000	0x02a30fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000002a40000	0x02a40000	0x02abffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002ac0000	0x02ac0000	0x02bbffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000002bc0000	0x02bc0000	0x02bc1fff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000002bd0000	0x02bd0000	0x02bd1fff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000002be0000	0x02be0000	0x02be0fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000002bf0000	0x02bf0000	0x02ceffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002cf0000	0x02cf0000	0x02cfbfff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000002d00000	0x02d00000	0x02d01fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000002d10000	0x02d10000	0x02d11fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000002d20000	0x02d20000	0x02d2ffff	Private Memory	-	Region Actions
private_0x0000000002d30000	0x02d30000	0x02e2ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002e30000	0x02e30000	0x02f61fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002e30000	0x02e30000	0x02f2ffff	Private Memory	Readable, Writable	Region Actions
normnfd.nls	0x02f70000	0x02f79fff	Memory Mapped File	Readable	Region Actions
private_0x0000000002f80000	0x02f80000	0x02f80fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002f90000	0x02f90000	0x02f92fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002fa0000	0x02fa0000	0x02fa3fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002fb0000	0x02fb0000	0x030affff	Private Memory	Readable, Writable	Region Actions
pagefile_0x00000000030b0000	0x030b0000	0x034affff	Pagefile Backed Memory	Readable	Region Actions
staticcache.dat	0x034b0000	0x03ddffff	Memory Mapped File	Readable	Region Actions
private_0x0000000003de0000	0x03de0000	0x03edffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003ee0000	0x03ee0000	0x03f1ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003f20000	0x03f20000	0x03f20fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003f30000	0x03f30000	0x03f30fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003f40000	0x03f40000	0x03f4ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003f50000	0x03f50000	0x03f50fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003f60000	0x03f60000	0x03f67fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003f70000	0x03f70000	0x03f7ffff	Private Memory	Readable, Writable	Region Actions
kernelbase.dll.mui	0x03f80000	0x0403ffff	Memory Mapped File	Readable, Writable	Region Actions
private_0x0000000004040000	0x04040000	0x04042fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004050000	0x04050000	0x040cffff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000040d0000	0x040d0000	0x041cffff	Private Memory	Readable, Writable	Region Actions
vbe7.dll	0x041d0000	0x041ddfff	Memory Mapped File	Readable	Region Actions
stdole2.tlb	0x041e0000	0x041e3fff	Memory Mapped File	Readable	Region Actions
private_0x00000000041f0000	0x041f0000	0x0426ffff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000004270000	0x04270000	0x0436ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000004370000	0x04370000	0x04b6ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
segoeui.ttf	0x04b70000	0x04beefff	Memory Mapped File	Readable	Region Actions
private_0x0000000004bf0000	0x04bf0000	0x04c2ffff	Private Memory	Readable, Writable	Region Actions
c_1251.nls	0x04c30000	0x04c40fff	Memory Mapped File	Readable	Region Actions
private_0x0000000004c50000	0x04c50000	0x04d4ffff	Private Memory	Readable, Writable	Region Actions
tahoma.ttf	0x04d50000	0x04dfafff	Memory Mapped File	Readable	Region Actions
fm20.dll	0x04e00000	0x04e2bfff	Memory Mapped File	Readable	Region Actions
private_0x0000000004e30000	0x04e30000	0x04f2ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004f30000	0x04f30000	0x0512ffff	Private Memory	Readable, Writable	Region Actions
~wrf{cb9c70b7-0129-4019-8611-f8b802863c7a}.tmp	0x05130000	0x051affff	Memory Mapped File	Readable, Writable	Region Actions
mso.dll	0x051b0000	0x0522cfff	Memory Mapped File	Readable	Region Actions
private_0x0000000005230000	0x05230000	0x05233fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000005240000	0x05240000	0x05243fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000005250000	0x05250000	0x05252fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000005260000	0x05260000	0x0535ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000005360000	0x05360000	0x053dffff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000053e0000	0x053e0000	0x053e7fff	Private Memory	Readable, Writable	Region Actions
private_0x00000000053f0000	0x053f0000	0x053f2fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000005400000	0x05400000	0x054fffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000005500000	0x05500000	0x064fffff	Pagefile Backed Memory	Readable, Writable	Region Actions
times.ttf	0x06500000	0x065cbfff	Memory Mapped File	Readable	Region Actions
private_0x00000000065d0000	0x065d0000	0x0664ffff	Private Memory	Readable, Writable	Region Actions
msword.olb	0x06650000	0x0672ffff	Memory Mapped File	Readable	Region Actions
private_0x0000000006730000	0x06730000	0x0676ffff	Private Memory	Readable, Writable	Region Actions
vbe7.dll	0x06770000	0x0677efff	Memory Mapped File	Readable	Region Actions
stdole2.tlb	0x06780000	0x06783fff	Memory Mapped File	Readable	Region Actions
private_0x0000000006780000	0x06780000	0x0678ffff	Private Memory	-	Region Actions
private_0x0000000006790000	0x06790000	0x06790fff	Private Memory	Readable, Writable	Region Actions
private_0x00000000067a0000	0x067a0000	0x0681ffff	Private Memory	Readable, Writable	Region Actions
~df72046d49b0fa10ff.tmp	0x06820000	0x0689ffff	Memory Mapped File	Readable, Writable	Region Actions Download Dump
msforms.exd	0x068a0000	0x068c3fff	Memory Mapped File	Readable	Region Actions
private_0x00000000068d0000	0x068d0000	0x068d0fff	Private Memory	Readable, Writable	Region Actions
vbe6ext.olb	0x068e0000	0x068e9fff	Memory Mapped File	Readable	Region Actions
c_1255.nls	0x068f0000	0x06900fff	Memory Mapped File	Readable	Region Actions
stdole2.tlb	0x06910000	0x06913fff	Memory Mapped File	Readable	Region Actions
private_0x0000000006920000	0x06920000	0x06923fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000006930000	0x06930000	0x069affff	Private Memory	Readable, Writable	Region Actions
private_0x00000000069b0000	0x069b0000	0x06daffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000006db0000	0x06db0000	0x071affff	Private Memory	Readable, Writable	Region Actions
pagefile_0x00000000071b0000	0x071b0000	0x079affff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x00000000079b0000	0x079b0000	0x07d77fff	Private Memory	Readable, Writable	Region Actions
private_0x00000000079e0000	0x079e0000	0x07adffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000007a60000	0x07a60000	0x07b5ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000007b60000	0x07b60000	0x07c5ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000007d80000	0x07d80000	0x07f7ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000007f80000	0x07f80000	0x08380fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000008000000	0x08000000	0x080fffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000008100000	0x08100000	0x08257fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000008260000	0x08260000	0x0826ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000008270000	0x08270000	0x08670fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000008390000	0x08390000	0x08790fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000008680000	0x08680000	0x08a80fff	Private Memory	Readable, Writable	Region Actions
For performance reasons, the remaining 241 entries are omitted. The remaining entries can be found in flog.txt.

Created Files

Filename	File Size	Hash Values	Actions
c:\users\hjrd1k~1\appdata\local\temp\eewadro20	152.00 KB (155648 bytes)	MD5: 466db2d02db000f686f48c0700beb840 SHA1: 091198445211afd1b131fbd87bf110525089081c SHA256: bb7150957102f0ec8507889158ef7b938b46ef97c2ec0c146b5bb5af2aac864b	File Actions Show Properties Download
c:\users\hjrd1k~1\appdata\local\temp\pitupi20.exe	152.00 KB (155648 bytes)	MD5: 924c84415b775af12a10366469d3df69 SHA1: 8ab568db2bc914e3e6af048666eb0bc4ba2e414d SHA256: 0746594fc3e49975d3d94bac8e80c0cdaa96d90ede3b271e6f372f55b20bac2f	File Actions Show Properties Download
c:\users\hjrd1k~1\appdata\local\temp\~df72046d49b0fa10ff.tmp	0.50 KB (512 bytes)	MD5: bf619eac0cdf3f68d496ea9344137e8b SHA1: 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 SHA256: 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560	File Actions Show Properties Download

Threads

Thread 0x9f0

(Host: 4321, Network: 1)

Category	Operation	Information	Count	Logfile
MOD	GET_HANDLE	module_name = c:\windows\system32\msi.dll, base_address = 0x7fef8ae0000	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\msi.dll, function = MsiProvideQualifiedComponentA, address = 0x7fef8b63b3c	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\msi.dll, function = MsiGetProductCodeA, address = 0x7fef8b5a13c	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\msi.dll, function = MsiReinstallFeatureA, address = 0x7fef8b61618	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\msi.dll, function = MsiProvideComponentA, address = 0x7fef8b5f088	1	Fn
MOD	GET_HANDLE	module_name = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL, base_address = 0x0	1	Fn
MOD	LOAD	module_name = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL, base_address = 0x7feeaa60000	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoVBADigSigCallDlg, address = 0x7feeab6d160	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoVbaInitSecurity, address = 0x7feeaada1e8	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFIEPolicyAndVersion, address = 0x7feeaa824b8	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFAnsiCodePageSupportsLCID, address = 0x7feeaada080	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFInitOffice, address = 0x7feeaa7f98c	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoUninitOffice, address = 0x7feeaa6ec34	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFGetFontSettings, address = 0x7feeaa63fac	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoRgchToRgwch, address = 0x7feeaa72878	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoHrSimpleQueryInterface, address = 0x7feeaa67a5c	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoHrSimpleQueryInterface2, address = 0x7feeaa679d4	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFCreateControl, address = 0x7feeaa6870c	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFLongLoad, address = 0x7feeabacb48	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFLongSave, address = 0x7feeabacb6c	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFGetTooltips, address = 0x7feeaa723e0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFSetTooltips, address = 0x7feeaada480	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFLoadToolbarSet, address = 0x7feeaac7d64	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFCreateToolbarSet, address = 0x7feeaa655d0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoHpalOffice, address = 0x7feeaa705e0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFWndProcNeeded, address = 0x7feeaa63cd4	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFWndProc, address = 0x7feeaa66c80	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFCreateITFCHwnd, address = 0x7feeaa63d08	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoDestroyITFC, address = 0x7feeaa6eaa0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFPitbsFromHwndAndMsg, address = 0x7feeaa6e064	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFGetComponentManager, address = 0x7feeaa67af0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoMultiByteToWideChar, address = 0x7feeaa7005c	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoWideCharToMultiByte, address = 0x7feeaa68b00	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoHrRegisterAll, address = 0x7feeab6cb3c	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFSetComponentManager, address = 0x7feeaa747c4	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFCreateStdComponentManager, address = 0x7feeaa63e0c	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFHandledMessageNeeded, address = 0x7feeaa6ab58	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoPeekMessage, address = 0x7feeaa6a820	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFCreateIPref, address = 0x7feeaa615ac	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoDestroyIPref, address = 0x7feeaa6ebfc	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoChsFromLid, address = 0x7feeaa61414	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoCpgFromChs, address = 0x7feeaa665d4	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoSetLocale, address = 0x7feeaa61554	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFSetHMsoinstOfSdm, address = 0x7feeaa63dbc	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoSetVbaInterfaces, address = 0x7feeab6d274	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoGetControlInstanceId, address = 0x7feeab372f4	1	Fn
MOD	GET_FILENAME	file_name = C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL	2	Fn
REG	OPEN_KEY	reg_name = HKEY_CLASSES_ROOT\Licenses	1	Fn
REG	READ_VALUE	reg_name = HKEY_CLASSES_ROOT\Licenses\8804558B-B773-11d1-BC3E-0000F87552E7, data_ident_out = }	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = SysFreeString, address = 0x7feff9a1320	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = LoadTypeLib, address = 0x7feff9af1e0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = RegisterTypeLib, address = 0x7feff9fcaa0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = QueryPathOfRegTypeLib, address = 0x7feffa31760	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = UnRegisterTypeLib, address = 0x7feffa320d0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = OleTranslateColor, address = 0x7feff9cc760	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = OleCreateFontIndirect, address = 0x7feff9fecd0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = OleCreatePictureIndirect, address = 0x7feff9fe840	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = OleLoadPicture, address = 0x7feffa0f420	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = OleCreatePropertyFrameIndirect, address = 0x7feffa04ec0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = OleCreatePropertyFrame, address = 0x7feffa09350	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = OleIconToCursor, address = 0x7feff9d6e40	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = LoadTypeLibEx, address = 0x7feff9aa550	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = OleLoadPictureEx, address = 0x7feffa0f320	1	Fn
MOD	GET_HANDLE	module_name = c:\windows\system32\user32.dll, base_address = 0x77940000	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\user32.dll, function = GetSystemMetrics, address = 0x779594f0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\user32.dll, function = MonitorFromWindow, address = 0x77955f08	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\user32.dll, function = MonitorFromRect, address = 0x77952b00	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\user32.dll, function = MonitorFromPoint, address = 0x7794ab64	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\user32.dll, function = EnumDisplayMonitors, address = 0x77955c30	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\user32.dll, function = GetMonitorInfoA, address = 0x7794a730	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\user32.dll, function = EnumDisplayDevicesA, address = 0x7794a5b4	1	Fn
MOD	GET_HANDLE	module_name = c:\windows\system32\oleaut32.dll, base_address = 0x7feff9a0000	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = DispCallFunc, address = 0x7feff9a2270	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = LoadTypeLibEx, address = 0x7feff9aa550	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = UnRegisterTypeLib, address = 0x7feffa320d0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = CreateTypeLib2, address = 0x7feffa2dbd0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarDateFromUdate, address = 0x7feff9a5c90	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarUdateFromDate, address = 0x7feff9a6330	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = GetAltMonthNames, address = 0x7feff9c66c0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarNumFromParseNum, address = 0x7feff9a4710	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarParseNumFromStr, address = 0x7feff9a48f0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarDecFromR4, address = 0x7feff9db640	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarDecFromR8, address = 0x7feff9db360	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarDecFromDate, address = 0x7feff9e2640	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarDecFromI4, address = 0x7feff9c58a0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarDecFromCy, address = 0x7feff9c5820	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarR4FromDec, address = 0x7feff9daf20	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = GetRecordInfoFromTypeInfo, address = 0x7feff9fa0c0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = GetRecordInfoFromGuids, address = 0x7feffa32160	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = SafeArrayGetRecordInfo, address = 0x7feff9c5af0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = SafeArraySetRecordInfo, address = 0x7feff9c5a90	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = SafeArrayGetIID, address = 0x7feff9c5a60	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = SafeArraySetIID, address = 0x7feff9c5a30	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = SafeArrayCopyData, address = 0x7feff9a60b0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = SafeArrayAllocDescriptorEx, address = 0x7feff9a3e90	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = SafeArrayCreateEx, address = 0x7feff9f9f80	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarFormat, address = 0x7feffa29b20	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarFormatDateTime, address = 0x7feffa29aa0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarFormatNumber, address = 0x7feffa29990	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarFormatPercent, address = 0x7feffa29890	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarFormatCurrency, address = 0x7feffa29770	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarWeekdayName, address = 0x7feffa0b8d0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarMonthName, address = 0x7feffa0b800	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarAdd, address = 0x7feffa248e0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarAnd, address = 0x7feffa29470	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarCat, address = 0x7feffa296a0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarDiv, address = 0x7feffa22fe0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarEqv, address = 0x7feffa29cf0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarIdiv, address = 0x7feffa28ff0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarImp, address = 0x7feffa29c00	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarMod, address = 0x7feffa28e60	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarMul, address = 0x7feffa23690	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarOr, address = 0x7feffa292d0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarPow, address = 0x7feffa22e80	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarSub, address = 0x7feffa23f90	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarXor, address = 0x7feffa291a0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarAbs, address = 0x7feffa07c30	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarFix, address = 0x7feffa07a60	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarInt, address = 0x7feffa07890	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarNeg, address = 0x7feffa07ea0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarNot, address = 0x7feffa29600	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarRound, address = 0x7feffa076a0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarCmp, address = 0x7feffa283f0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarDecAdd, address = 0x7feff9d3070	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarDecCmp, address = 0x7feff9dd700	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarBstrCat, address = 0x7feff9dd890	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarCyMulI4, address = 0x7feff9bcaf0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = VarBstrCmp, address = 0x7feff9c8a00	1	Fn
MOD	GET_HANDLE	module_name = c:\windows\system32\ole32.dll, base_address = 0x7feff520000	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\ole32.dll, function = CoCreateInstanceEx, address = 0x7feff52de90	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\ole32.dll, function = CLSIDFromProgIDEx, address = 0x7feff53a4c4	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	16	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	19	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\program files\common files\microsoft shared\vba\vba7.1\vbeui.dll, address = 0x7feeaa7005c	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	2	Fn
COM	METHOD	interface = IMalloc, method = Alloc	4	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = ITypeLib, method = AddRef	1	Fn
COM	QUERY	interface = ITypeLib, new_interface = {CACC1E8A-622B-11D2-AA78-00C04F9901D2}	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = ITypeLib, method = AddRef	1	Fn
COM	QUERY	interface = ITypeLib, new_interface = {CACC1E8A-622B-11D2-AA78-00C04F9901D2}	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = ITypeLib, method = AddRef	1	Fn
COM	QUERY	interface = ITypeLib, new_interface = {CACC1E8A-622B-11D2-AA78-00C04F9901D2}	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	5	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	24	Fn
COM	METHOD	interface = IMalloc, method = Free	2	Fn
COM	METHOD	interface = IMalloc, method = Alloc	3	Fn
COM	METHOD	interface = IMalloc, method = Free	2	Fn
COM	METHOD	interface = IMalloc, method = Alloc	3	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	17	Fn
COM	METHOD	interface = IMalloc, method = Free	2	Fn
COM	METHOD	interface = IMalloc, method = Alloc	3	Fn
COM	METHOD	interface = IMalloc, method = Free	2	Fn
COM	METHOD	interface = IMalloc, method = Alloc	3	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	17	Fn
COM	METHOD	interface = IMalloc, method = Free	2	Fn
COM	METHOD	interface = IMalloc, method = Alloc	3	Fn
COM	METHOD	interface = IMalloc, method = Free	2	Fn
COM	METHOD	interface = IMalloc, method = Alloc	3	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	17	Fn
COM	METHOD	interface = IMalloc, method = Free	2	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	12	Fn
COM	METHOD	interface = IMalloc, method = Free	2	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	12	Fn
COM	METHOD	interface = IMalloc, method = Free	2	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	4	Fn
COM	METHOD	interface = IMalloc, method = Free	2	Fn
COM	METHOD	interface = IMalloc, method = Alloc	3	Fn
COM	METHOD	interface = IMalloc, method = Free	7	Fn
REG	OPEN_KEY	reg_name = HKEY_CLASSES_ROOT\CLSID\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\DesignerFeatures	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Realloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
REG	OPEN_KEY	reg_name = HKEY_CLASSES_ROOT\Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32	1	Fn
REG	READ_VALUE	reg_name = HKEY_CLASSES_ROOT\Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32, value_name = ThreadingModel, data_ident_out = 65	1	Fn
REG	READ_VALUE	reg_name = HKEY_CLASSES_ROOT\Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\Instance CLSID, data_ident_out = {C62A69F0-16DC-11CE-9E98-00AA00574A4F}	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	6	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	2	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
MOD	GET_FILENAME	file_name = C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL	1	Fn
COM	METHOD	interface = ITypeLib, method = GetTypeInfoType	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	12	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	5	Fn
COM	METHOD	interface = IMalloc, method = Alloc	8	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetLibAttr	2	Fn
COM	METHOD	interface = IMalloc, method = Alloc	3	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	QUERY	interface = ITypeLib, new_interface = {CACC1E84-622B-11D2-AA78-00C04F9901D2}	1	Fn
COM	METHOD	interface = ITypeLib, method = GetLibAttr	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = ITypeLib, method = GetLibAttr	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	QUERY	interface = ITypeLib, new_interface = {CACC1E84-622B-11D2-AA78-00C04F9901D2}	1	Fn
COM	METHOD	interface = ITypeLib, method = GetLibAttr	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	3	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	QUERY	interface = ITypeLib, new_interface = {CACC1E84-622B-11D2-AA78-00C04F9901D2}	1	Fn
COM	METHOD	interface = ITypeLib, method = GetLibAttr	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	QUERY	interface = ITypeLib, new_interface = {CACC1E84-622B-11D2-AA78-00C04F9901D2}	1	Fn
COM	METHOD	interface = ITypeLib, method = GetLibAttr	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	17	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetLibAttr	3	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = ITypeLib, method = GetTypeInfoOfGuid	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	3	Fn
COM	METHOD	interface = ITypeLib, method = GetTypeInfoCount	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	10	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	150	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	13	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	5	Fn
COM	METHOD	interface = IMalloc, method = Alloc	169	Fn
COM	METHOD	interface = IMalloc, method = Free	169	Fn
COM	METHOD	interface = IMalloc, method = Alloc	16	Fn
COM	METHOD	interface = IMalloc, method = Free	33	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	166	Fn
COM	METHOD	interface = IMalloc, method = Free	166	Fn
COM	METHOD	interface = IMalloc, method = Alloc	16	Fn
COM	METHOD	interface = IMalloc, method = Free	33	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	4	Fn
COM	METHOD	interface = IMalloc, method = Alloc	94	Fn
COM	METHOD	interface = IMalloc, method = Free	94	Fn
COM	METHOD	interface = IMalloc, method = Alloc	17	Fn
COM	METHOD	interface = IMalloc, method = Free	17	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	88	Fn
COM	METHOD	interface = IMalloc, method = Free	88	Fn
COM	METHOD	interface = IMalloc, method = Alloc	23	Fn
COM	METHOD	interface = IMalloc, method = Free	23	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	176	Fn
COM	METHOD	interface = IMalloc, method = Free	176	Fn
COM	METHOD	interface = IMalloc, method = Alloc	12	Fn
COM	METHOD	interface = IMalloc, method = Free	25	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	144	Fn
COM	METHOD	interface = IMalloc, method = Free	144	Fn
COM	METHOD	interface = IMalloc, method = Alloc	12	Fn
COM	METHOD	interface = IMalloc, method = Free	25	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	199	Fn
COM	METHOD	interface = IMalloc, method = Free	209	Fn
COM	METHOD	interface = IMalloc, method = Alloc	13	Fn
COM	METHOD	interface = IMalloc, method = Free	27	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	37	Fn
COM	METHOD	interface = IMalloc, method = Free	13	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	2	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	32	Fn
COM	METHOD	interface = IMalloc, method = Free	80	Fn
COM	METHOD	interface = IMalloc, method = Alloc	17	Fn
COM	METHOD	interface = IMalloc, method = Free	35	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetTypeInfoCount	2	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\system32\oleaut32.dll, function = RegisterTypeLibForUser, address = 0x7feff9f6430	1	Fn
COM	METHOD	interface = IMalloc, method = Free	2	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetLibAttr	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Free	2	Fn
COM	METHOD	interface = IMalloc, method = Alloc	3	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll, function = ImageList_Destroy, address = 0x7fefc6407a4	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll, function = ImageList_GetIconSize, address = 0x7fefc641010	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll, function = InitCommonControls, address = 0x7fefc718b5c	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll, function = ImageList_LoadImageA, address = 0x7fefc6401a8	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll, function = ImageList_SetOverlayImage, address = 0x7fefc640a70	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll, function = ImageList_AddMasked, address = 0x7fefc640b60	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll, function = ImageList_GetImageInfo, address = 0x7fefc641180	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll, function = ImageList_Draw, address = 0x7fefc640cd8	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll, function = ImageList_DrawEx, address = 0x7fefc640bdc	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll, function = PropertySheetA, address = 0x7fefc625c64	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll, function = DestroyPropertySheetPage, address = 0x7fefc61f018	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll, function = CreatePropertySheetPageA, address = 0x7fefc61fce8	1	Fn
REG	READ_VALUE	value_name = MdiMaximized, data_ident_out = 208	1	Fn
REG	READ_VALUE	value_name = GridWidth, data_ident_out = 0	1	Fn
REG	READ_VALUE	value_name = GridHeight, data_ident_out = 0	1	Fn
REG	READ_VALUE	value_name = ShowGrid, data_ident_out = 0	1	Fn
REG	READ_VALUE	value_name = AlignToGrid, data_ident_out = 0	1	Fn
REG	READ_VALUE	value_name = SaveBeforeRun, data_ident_out = 160	1	Fn
REG	READ_VALUE	value_name = ShowToolTips, data_ident_out = 160	1	Fn
REG	READ_VALUE	value_name = CollapseWindows, data_ident_out = 160	1	Fn
REG	READ_VALUE	value_name = UpgradeVBX, data_ident_out = 160	1	Fn
REG	READ_VALUE	value_name = ReadOnlyMode, data_ident_out = 160	1	Fn
REG	READ_VALUE	value_name = BackgroundProjectLoad, data_ident_out = 160	1	Fn
REG	READ_VALUE	value_name = FolderView, data_ident_out = 160	1	Fn
REG	READ_VALUE	value_name = Tool	1	Fn
WND	SET_ATTRIBUTE		1	Fn
WND	SET_ATTRIBUTE		1	Fn
REG	READ_VALUE	value_name = UI	1	Fn
REG	READ_VALUE	value_name = Dock	1	Fn
REG	OPEN_KEY	reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\VBE\6.0\Addins64	1	Fn
REG	OPEN_KEY	reg_name = Designers	1	Fn
REG	OPEN_KEY	reg_name = ToolboxControls	1	Fn
REG	READ_VALUE	value_name = CtlsShowSelected, data_ident_out = 160	1	Fn
REG	READ_VALUE	value_name = DsnShowSelected, data_ident_out = 160	1	Fn
REG	READ_VALUE	reg_name = HKEY_CLASSES_ROOT\Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\Instance CLSID, data_ident_out = {C62A69F0-16DC-11CE-9E98-00AA00574A4F}	1	Fn
COM	CREATE	class_name = UserForm, interface = IClassFactory, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER	1	Fn
COM	METHOD	class_name = UserForm, interface = IClassFactory, new_interface = IUnknown, method = CreateInstance	1	Fn
COM	QUERY	class_name = UserForm, interface = IClassFactory, new_interface = IUnknown,	1	Fn
COM	METHOD	class_name = UserForm, interface = IClassFactory, method = AddRef	1	Fn
COM	METHOD	class_name = UserForm, interface = IClassFactory, method = LockServer	1	Fn
COM	QUERY	class_name = UserForm, interface = IUnknown, new_interface = IQuickActivate	1	Fn
COM	QUERY	class_name = UserForm, interface = IUnknown, new_interface = IOleControl	1	Fn
COM	QUERY	class_name = UserForm, interface = IUnknown, new_interface = IPersistStorage	1	Fn
COM	QUERY	class_name = UserForm, interface = IUnknown, new_interface = {5EFC7970-14BC-11CF-9B2B-00AA00573819}	1	Fn
COM	QUERY	class_name = UserForm, interface = IUnknown, new_interface = IDispatch	2	Fn
WND	SET_ATTRIBUTE		1	Fn
COM	QUERY	class_name = UserForm, interface = IUnknown, new_interface = IOleControl	1	Fn
COM	METHOD	class_name = UserForm, interface = IUnknown, method = AddRef	1	Fn
COM	QUERY	class_name = UserForm, interface = IUnknown, new_interface = {468CFB80-B4F9-11CF-80DD-00AA00614895}	1	Fn
COM	QUERY	class_name = UserForm, interface = IUnknown, new_interface = IConnectionPointContainer	1	Fn
COM	METHOD	class_name = UserForm, interface = IConnectionPointContainer, new_interface = IConnectionPoint, method = FindConnectionPoint	1	Fn
COM	METHOD	class_name = UserForm, interface = IConnectionPoint, method = Unadvise	1	Fn
COM	QUERY	class_name = UserForm, interface = IUnknown, new_interface = IViewObject	1	Fn
COM	METHOD	class_name = UserForm, interface = IViewObject, method = SetAdvise	1	Fn
WND	SET_ATTRIBUTE		1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = ICreateTypeLib2, method = SetGuid	1	Fn
COM	METHOD	interface = ICreateTypeLib2, method = SetLcid	1	Fn
COM	METHOD	interface = ICreateTypeLib2, method = SetLibFlags	1	Fn
COM	METHOD	interface = ICreateTypeLib2, method = SetVersion	1	Fn
COM	METHOD	interface = ICreateTypeLib2, method = SetName	1	Fn
COM	METHOD	interface = ICreateTypeLib2, method = SetHelpContext	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	44	Fn
COM	METHOD	interface = IMalloc, method = Free	3	Fn
COM	METHOD	interface = IMalloc, method = Alloc	4	Fn
COM	METHOD	interface = IMalloc, method = Free	3	Fn
COM	METHOD	interface = IMalloc, method = Alloc	3	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
KEYBOARD	READ	virtual_key_code = VK_CANCEL, result_out = 0	2	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	5	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	3	Fn
COM	METHOD	interface = IMalloc, method = Free	2	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
KEYBOARD	READ	virtual_key_code = VK_CANCEL, result_out = 0	2	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	3	Fn
COM	METHOD	interface = ITypeLib, method = RemoteGetLibAttr	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	3	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	2	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	4	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
KEYBOARD	READ	virtual_key_code = VK_CANCEL, result_out = 0	1	Fn
COM	METHOD	class_name = UserForm, interface = IClassFactory, new_interface = IUnknown, method = CreateInstance	1	Fn
COM	QUERY	class_name = UserForm, interface = IClassFactory, new_interface = IUnknown,	1	Fn
COM	METHOD	class_name = UserForm, interface = IUnknown, method = AddRef	2	Fn
COM	QUERY	class_name = UserForm, interface = IUnknown, new_interface = IDispatch	1	Fn
REG	READ_VALUE	reg_name = HKEY_CLASSES_ROOT\Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\Instance CLSID, data_ident_out = {C62A69F0-16DC-11CE-9E98-00AA00574A4F}	1	Fn
COM	METHOD	class_name = UserForm, interface = IUnknown, method = AddRef	1	Fn
COM	QUERY	class_name = UserForm, interface = IUnknown, new_interface = IQuickActivate	1	Fn
COM	QUERY	class_name = UserForm, interface = IUnknown, new_interface = IOleControl	1	Fn
COM	QUERY	class_name = UserForm, interface = IUnknown, new_interface = IPersistStorage	1	Fn
COM	QUERY	class_name = UserForm, interface = IUnknown, new_interface = {5EFC7970-14BC-11CF-9B2B-00AA00573819}	1	Fn
COM	QUERY	class_name = UserForm, interface = IUnknown, new_interface = IDispatch	1	Fn
WND	SET_ATTRIBUTE		1	Fn
COM	QUERY	class_name = UserForm, interface = IUnknown, new_interface = IOleControl	1	Fn
COM	QUERY	class_name = UserForm, interface = IUnknown, new_interface = IOleObject	1	Fn
COM	METHOD	class_name = UserForm, interface = IUnknown, method = AddRef	1	Fn
COM	QUERY	class_name = UserForm, interface = IUnknown, new_interface = {468CFB80-B4F9-11CF-80DD-00AA00614895}	1	Fn
COM	QUERY	class_name = UserForm, interface = IUnknown, new_interface = {F27BE360-1B98-11CF-84FC-00AA00A71DCB}	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	3	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	3	Fn
COM	METHOD	interface = IMalloc, method = Free	3	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
KEYBOARD	READ	virtual_key_code = VK_CANCEL, result_out = 0	2	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	2	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	3	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	9	Fn
KEYBOARD	READ	virtual_key_code = VK_CANCEL, result_out = 0	1	Fn
COM	CREATE	class_name = XMLHTTPRequest, interface = IUnknown, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER	1	Fn
COM	QUERY	class_name = XMLHTTPRequest, interface = IUnknown, new_interface = {7FD52380-4E07-101B-AE2D-08002B2EC713},	1	Fn
COM	QUERY	class_name = XMLHTTPRequest, interface = IUnknown, new_interface = {37D84F60-42CB-11CE-8135-00AA004BB851},	1	Fn
COM	QUERY	class_name = XMLHTTPRequest, interface = IUnknown, new_interface = IDispatch,	1	Fn
COM	METHOD	class_name = XMLHTTPRequest, interface = IUnknown, method = AddRef	1	Fn
KEYBOARD	READ	virtual_key_code = VK_CANCEL, result_out = 0	1	Fn
COM	CREATE	class_name = WshShell, interface = IUnknown, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER	1	Fn
COM	QUERY	class_name = WshShell, interface = IUnknown, new_interface = {7FD52380-4E07-101B-AE2D-08002B2EC713},	1	Fn
COM	QUERY	class_name = WshShell, interface = IUnknown, new_interface = {37D84F60-42CB-11CE-8135-00AA004BB851},	1	Fn
COM	QUERY	class_name = WshShell, interface = IUnknown, new_interface = IDispatch,	1	Fn
COM	METHOD	class_name = WshShell, interface = IDispatch, method = AddRef	1	Fn
KEYBOARD	READ	virtual_key_code = VK_CANCEL, result_out = 0	1	Fn
COM	CREATE	class_name = Shell, interface = IUnknown, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER	1	Fn
COM	QUERY	class_name = Shell, interface = IUnknown, new_interface = {7FD52380-4E07-101B-AE2D-08002B2EC713},	1	Fn
COM	QUERY	class_name = Shell, interface = IUnknown, new_interface = {37D84F60-42CB-11CE-8135-00AA004BB851},	1	Fn
COM	QUERY	class_name = Shell, interface = IUnknown, new_interface = IDispatch,	1	Fn
COM	METHOD	class_name = Shell, interface = IUnknown, method = AddRef	1	Fn
COM	METHOD	class_name = WshShell, interface = IDispatch, method = GetIDsOfNames	1	Fn
SYS	GET_INFO	type = dummy for com invoke handler	1	Fn
COM	METHOD	class_name = WshShell, interface = IDispatch, new_interface = IDispatch, method = Invoke	1	Fn
COM	METHOD	class_name = WshShell, interface = IDispatch, method = AddRef	1	Fn
COM	METHOD	class_name = WshShell, interface = IDispatch, method = Invoke	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	2	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	2	Fn
KEYBOARD	READ	virtual_key_code = VK_CANCEL, result_out = 0	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	5	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	5	Fn
KEYBOARD	READ	virtual_key_code = VK_CANCEL, result_out = 0	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
KEYBOARD	READ	virtual_key_code = VK_CANCEL, result_out = 0	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	13	Fn
KEYBOARD	READ	virtual_key_code = VK_CANCEL, result_out = 0	2	Fn
COM	METHOD	class_name = XMLHTTPRequest, interface = IUnknown, method = AddRef	1	Fn
COM	METHOD	class_name = XMLHTTPRequest, interface = IUnknown, method = GetIDsOfNames	1	Fn
URL	DOWNLOAD	url = http://babil117.com/f87346b	1	Fn
COM	METHOD	class_name = XMLHTTPRequest, interface = IUnknown, method = Invoke	1	Fn
KEYBOARD	READ	virtual_key_code = VK_CANCEL, result_out = 0	1	Fn
COM	METHOD	class_name = XMLHTTPRequest, interface = IUnknown, method = AddRef	1	Fn
COM	METHOD	class_name = XMLHTTPRequest, interface = IUnknown, method = GetIDsOfNames	1	Fn
COM	METHOD	class_name = XMLHTTPRequest, interface = IUnknown, method = Invoke	1	Fn
COM	METHOD	class_name = XMLHTTPRequest, interface = IUnknown, method = AddRef	1	Fn
COM	METHOD	class_name = XMLHTTPRequest, interface = IUnknown, method = GetIDsOfNames	1	Fn
COM	METHOD	class_name = XMLHTTPRequest, interface = IUnknown, method = Invoke	1	Fn
KEYBOARD	READ	virtual_key_code = VK_CANCEL, result_out = 0	1	Fn
COM	METHOD	class_name = XMLHTTPRequest, interface = IUnknown, method = GetIDsOfNames	1	Fn
COM	METHOD	class_name = XMLHTTPRequest, interface = IUnknown, method = Invoke	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
KEYBOARD	READ	virtual_key_code = VK_CANCEL, result_out = 0	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	2	Fn
KEYBOARD	READ	virtual_key_code = VK_CANCEL, result_out = 0	2	Fn
COM	METHOD	class_name = XMLHTTPRequest, interface = IUnknown, method = AddRef	1	Fn
COM	METHOD	class_name = XMLHTTPRequest, interface = IUnknown, method = GetIDsOfNames	1	Fn
COM	METHOD	class_name = XMLHTTPRequest, interface = IUnknown, method = Invoke	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
KEYBOARD	READ	virtual_key_code = VK_CANCEL, result_out = 0	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	4	Fn
KEYBOARD	READ	virtual_key_code = VK_CANCEL, result_out = 0	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1k~1\appdata\local\temp\eewadro20, file_attributes = _O_RDWR, _O_CREAT, _O_EXCL	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
KEYBOARD	READ	virtual_key_code = VK_CANCEL, result_out = 0	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	1	Fn
KEYBOARD	READ	virtual_key_code = VK_CANCEL, result_out = 0	2	Fn
FILE	CREATE	file_name = c:\users\hjrd1k~1\appdata\local\temp\pitupi20.exe, file_attributes = _O_RDWR, _O_CREAT, _O_EXCL	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
FILE	WRITE	file_name = c:\users\hjrd1k~1\appdata\local\temp\pitupi20.exe, size = 155648	1	Fn Data
COM	METHOD	interface = IMalloc, method = Free	1	Fn
COM	METHOD	class_name = Shell, interface = IUnknown, method = GetIDsOfNames	1	Fn
PROC	CREATE	process_name = C:\Users\HJRD1K~1\AppData\Local\Temp\pitupi20.exe	1	Fn
COM	METHOD	class_name = Shell, interface = IUnknown, method = Invoke	1	Fn
KEYBOARD	READ	virtual_key_code = VK_CANCEL, result_out = 0	1	Fn
COM	METHOD	interface = IMalloc, method = Free	4	Fn
COM	QUERY	class_name = UserForm, interface = IUnknown, new_interface = IOleInPlaceObject	1	Fn
COM	METHOD	class_name = UserForm, interface = IOleInPlaceObject, method = InPlaceDeactivate	1	Fn
COM	QUERY	class_name = UserForm, interface = IUnknown, new_interface = IOleObject	1	Fn
COM	QUERY	class_name = UserForm, interface = IUnknown, new_interface = IViewObject	1	Fn
COM	METHOD	class_name = UserForm, interface = IViewObject, method = SetAdvise	1	Fn
COM	QUERY	class_name = UserForm, interface = IUnknown, new_interface = IOleObject	1	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	145	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	11	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	20	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	19	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	9	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	9	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	9	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	9	Fn
COM	METHOD	interface = IMalloc, method = Alloc	1	Fn
COM	METHOD	interface = IMalloc, method = Free	16	Fn
COM	METHOD	interface = IMalloc, method = Alloc	2	Fn
COM	METHOD	interface = IStream, method = RemoteWrite	5	Fn
COM	METHOD	interface = IStream, method = RemoteSeek	1	Fn
REG	WRITE_VALUE	value_name = Tool, type = REG_BINARY	1	Fn Data
COM	METHOD	interface = IMalloc, method = Free	8	Fn

Process #4: pitupi20.exe

(Host: 8464, Network: 6)

Information	Value
ID	#4
File Name	c:\users\hjrd1koky ds8lujv\appdata\local\temp\pitupi20.exe
Command Line	"C:\Users\hJrD1KOKY DS8lUjv\AppData\Local\Temp\pitupi20.exe"
Initial Working Directory	C:\Users\HJRD1K~1\AppData\Local\Temp\A9R3F80.tmp
Monitor	Start Time: 00:01:23, Reason: Child Process
Unmonitor	End Time: 00:03:50, Reason: Terminated
Monitor Duration	00:02:27

OS Process Information

Information	Value
PID	0xa64
Parent PID	0x9ec (c:\program files\microsoft office\office10\winword.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	1R6PFH\hJrD1KOKY DS8lUjv
Groups	1R6PFH\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) BUILTIN\Administrators (USE_FOR_DENY_ONLY) BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Logon Session 00000000:0000e8a6 (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID) LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x A68 0x A6C 0x A70 0x A74 0x A78 0x A7C 0x A88 0x A90 0x A94 0x AAC 0x AB4 0x B78 0x B7C 0x 9CC

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000020000	0x00020000	0x00020fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000030000	0x00030000	0x00030fff	Private Memory	Readable, Writable	Region Actions
apisetschema.dll	0x00040000	0x00040fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000000050000	0x00050000	0x0008ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000090000	0x00090000	0x0018ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000190000	0x00190000	0x00193fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000001a0000	0x001a0000	0x001a0fff	Pagefile Backed Memory	Readable	Region Actions
locale.nls	0x001b0000	0x00216fff	Memory Mapped File	Readable	Region Actions
pagefile_0x0000000000220000	0x00220000	0x00226fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000230000	0x00230000	0x00231fff	Pagefile Backed Memory	Readable, Writable	Region Actions
odbcint.dll.mui	0x00240000	0x0024afff	Memory Mapped File	Readable, Writable	Region Actions
private_0x0000000000250000	0x00250000	0x00253fff	Private Memory	Readable, Writable, Executable	Region Actions
pagefile_0x0000000000250000	0x00250000	0x00250fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000260000	0x00260000	0x0026bfff	Private Memory	Readable, Writable, Executable	Region Actions
pagefile_0x0000000000260000	0x00260000	0x00260fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000270000	0x00270000	0x0027dfff	Private Memory	Readable, Writable, Executable	Region Actions
rsaenh.dll	0x00280000	0x002bbfff	Memory Mapped File	Readable	Region Actions
private_0x0000000000280000	0x00280000	0x002bffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000002c0000	0x002c0000	0x002fffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000300000	0x00300000	0x0033ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000340000	0x00340000	0x0034ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000350000	0x00350000	0x0038ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000390000	0x00390000	0x003cffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x00000000003d0000	0x003d0000	0x003d0fff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x00000000003e0000	0x003e0000	0x003e0fff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x00000000003f0000	0x003f0000	0x003f1fff	Pagefile Backed Memory	Readable	Region Actions
pitupi20.exe	0x00400000	0x00435fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000000400000	0x00400000	0x0040ffff	Private Memory	Readable, Writable, Executable	Region Actions
pagefile_0x0000000000410000	0x00410000	0x00411fff	Pagefile Backed Memory	Readable	Region Actions
stdole2.tlb	0x00420000	0x00423fff	Memory Mapped File	Readable	Region Actions
private_0x0000000000420000	0x00420000	0x0043ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000440000	0x00440000	0x005c7fff	Pagefile Backed Memory	Readable	Region Actions
private_0x00000000005d0000	0x005d0000	0x0060ffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000005d0000	0x005d0000	0x005d0fff	Private Memory	Readable, Writable	Region Actions
private_0x00000000005e0000	0x005e0000	0x005e0fff	Private Memory	Readable, Writable	Region Actions
oleaccrc.dll	0x00610000	0x00610fff	Memory Mapped File	Readable	Region Actions
pagefile_0x0000000000620000	0x00620000	0x00621fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000630000	0x00630000	0x006affff	Private Memory	Readable, Writable	Region Actions
pagefile_0x00000000006b0000	0x006b0000	0x00830fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000840000	0x00840000	0x0087ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000880000	0x00880000	0x00881fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000890000	0x00890000	0x00890fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x00000000008a0000	0x008a0000	0x0099ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x00000000009a0000	0x009a0000	0x01d9ffff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000001da0000	0x01da0000	0x01e9ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001ea0000	0x01ea0000	0x01f1ffff	Private Memory	Readable, Writable	Region Actions
index.dat	0x01f20000	0x01f2bfff	Memory Mapped File	Readable, Writable	Region Actions
private_0x0000000001f30000	0x01f30000	0x01f6ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000001f70000	0x01f70000	0x02362fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000002370000	0x02370000	0x0246ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002470000	0x02470000	0x0256ffff	Private Memory	Readable, Writable	Region Actions
sortdefault.nls	0x02570000	0x0283efff	Memory Mapped File	Readable	Region Actions
private_0x0000000002840000	0x02840000	0x0293ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002840000	0x02840000	0x0288ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002940000	0x02940000	0x02a3ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002a40000	0x02a40000	0x02b3ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000002b40000	0x02b40000	0x02c1efff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000002c20000	0x02c20000	0x02c5ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002c60000	0x02c60000	0x02c9ffff	Private Memory	Readable, Writable	Region Actions
index.dat	0x02ca0000	0x02ca7fff	Memory Mapped File	Readable, Writable	Region Actions
index.dat	0x02cb0000	0x02cbffff	Memory Mapped File	Readable, Writable	Region Actions
private_0x0000000002cd0000	0x02cd0000	0x02cdffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002cf0000	0x02cf0000	0x02d2ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002d30000	0x02d30000	0x02e2ffff	Private Memory	Readable, Writable	Region Actions
mshtml.tlb	0x02e30000	0x02fc0fff	Memory Mapped File	Readable	Region Actions
private_0x0000000002e30000	0x02e30000	0x02f2ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002f30000	0x02f30000	0x0302ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003030000	0x03030000	0x0312ffff	Private Memory	Readable, Writable	Region Actions
ieframe.dll	0x03130000	0x03baffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000003bb0000	0x03bb0000	0x03caffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003cb0000	0x03cb0000	0x03eaffff	Private Memory	Readable, Writable	Region Actions
kernelbase.dll.mui	0x03eb0000	0x03f6ffff	Memory Mapped File	Readable, Writable	Region Actions
private_0x0000000003f70000	0x03f70000	0x0401ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003f70000	0x03f70000	0x03faffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003fe0000	0x03fe0000	0x0401ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004020000	0x04020000	0x0405ffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000040b0000	0x040b0000	0x041affff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004250000	0x04250000	0x0428ffff	Private Memory	Readable, Writable	Region Actions
staticcache.dat	0x04290000	0x04bbffff	Memory Mapped File	Readable	Region Actions
private_0x0000000004bc0000	0x04bc0000	0x050b1fff	Private Memory	Readable, Writable	Region Actions
private_0x00000000050c0000	0x050c0000	0x051bffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000051c0000	0x051c0000	0x055bffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000055c0000	0x055c0000	0x056bffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000005810000	0x05810000	0x0581ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000005a10000	0x05a10000	0x05a4ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000005a50000	0x05a50000	0x05d92fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000005da0000	0x05da0000	0x06291fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000005da0000	0x05da0000	0x06291fff	Private Memory	Readable, Writable	Region Actions
private_0x00000000062a0000	0x062a0000	0x06791fff	Private Memory	Readable, Writable	Region Actions
windowscodecs.dll	0x70b70000	0x70c6afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ieframe.dll	0x71110000	0x71b8ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
iconcodecservice.dll	0x71b90000	0x71b95fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
fwpuclnt.dll	0x71bd0000	0x71c07fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rasadhlp.dll	0x71c10000	0x71c15fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wship6.dll	0x71c20000	0x71c25fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
npmproxy.dll	0x71c30000	0x71c37fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
netprofm.dll	0x71c40000	0x71c99fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sensapi.dll	0x71ca0000	0x71ca5fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rtutils.dll	0x71cb0000	0x71cbcfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
winnsi.dll	0x71cc0000	0x71cc6fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
iphlpapi.dll	0x71cd0000	0x71cebfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
browcli.dll	0x71cf0000	0x71cfcfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
netutils.dll	0x71d00000	0x71d08fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cscapi.dll	0x71d10000	0x71d1afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wkscli.dll	0x71d20000	0x71d2efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
davhlpr.dll	0x71d30000	0x71d37fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
davclnt.dll	0x71d40000	0x71d56fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntlanman.dll	0x71d60000	0x71d73fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
winsta.dll	0x71d80000	0x71da8fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
drprov.dll	0x71db0000	0x71db7fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sxs.dll	0x71dc0000	0x71e1efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msls31.dll	0x71e20000	0x71e49fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
mshtml.dll	0x71e50000	0x72406fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
mpr.dll	0x72410000	0x72421fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
odbcint.dll	0x72430000	0x72467fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
xolehlp.dll	0x72470000	0x7247ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
odbc32.dll	0x72480000	0x7250bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rasman.dll	0x72510000	0x72524fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rasapi32.dll	0x72530000	0x72581fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
profapi.dll	0x74500000	0x7450afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rsaenh.dll	0x74520000	0x7455afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptsp.dll	0x74560000	0x74575fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntmarta.dll	0x74580000	0x745a0fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
comctl32.dll	0x747e0000	0x7497dfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
version.dll	0x75180000	0x75188fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
uxtheme.dll	0x752e0000	0x7535ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
oleacc.dll	0x75390000	0x753cbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
winrnr.dll	0x75510000	0x75517fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
dnsapi.dll	0x75520000	0x75563fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pnrpnsp.dll	0x75570000	0x75581fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrtremote.dll	0x755a0000	0x755adfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
mswsock.dll	0x755b0000	0x755ebfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64win.dll	0x755f0000	0x7564bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64.dll	0x75650000	0x7568efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
napinsp.dll	0x75690000	0x7569ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
nlaapi.dll	0x756a0000	0x756affff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wshtcpip.dll	0x756b0000	0x756b4fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64cpu.dll	0x756c0000	0x756c7fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptbase.dll	0x75890000	0x7589bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sspicli.dll	0x758a0000	0x758fffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
user32.dll	0x75900000	0x759fffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
crypt32.dll	0x75a90000	0x75bacfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
oleaut32.dll	0x75bb0000	0x75c3efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
imm32.dll	0x75c60000	0x75cbffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
shlwapi.dll	0x75cc0000	0x75d16fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wininet.dll	0x75d80000	0x75e74fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
gdi32.dll	0x75e80000	0x75f0ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
For performance reasons, the remaining 44 entries are omitted. The remaining entries can be found in flog.txt.

Created Files

Filename	File Size	Hash Values	Actions
c:\users\hjrd1koky ds8lujv\desktop\vdhed-l_f7g\readme.html	1.40 KB (1431 bytes)	MD5: 9624972019f6d95770ef8313c2a362f2 SHA1: 2bfeb5a4d20086829fdce20d258b50e913e0541a SHA256: 09b0b11b9fb386b027e429a6a97246a5f5a6556d3d64cb28ad5c17a4a0a01f65	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\vdhed-l_f7g\readme.txt	0.47 KB (482 bytes)	MD5: c51eee67f762912077f6fdf1b119c718 SHA1: 26cd4d579c1f003acfa02b2ca2c11253a7e144e3 SHA256: 69506708bcbaf9bf6fcaf1d968eb14360a4eb4fafe7f0889a323ac4a22782822	File Actions Show Properties Download
c:\programdata\rondo\backup.om	0.00 KB (2 bytes)	MD5: c4103f122d27677c9db144cae1394a66 SHA1: 1489f923c4dca729178b3e3233458550d8dddf29 SHA256: 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7	File Actions Show Properties Download
c:\programdata\rondo\wallpaper.bmp	4.94 MB (5185078 bytes)	MD5: 4028240c63d305bce16e0c2dd509d598 SHA1: e9912a2ba5b975cae08ea294b3461fc6b3d7c614 SHA256: de3b661a0901563fc6a53821612044dac0759beb99e59992e9b5ee25aaa7615d	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\contacts\administrator.contact.jaff	67.04 KB (68648 bytes)	MD5: c9696f5d88f69061cf624470971db4d2 SHA1: 3a67720082d254b3d48c7e30020d5c161b38aad2 SHA256: 8b0bbdfe7da53d65a1a995bf4a9233b2db3e95f06e9d137eb76a94c2dd11a48f	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\20id.avi.jaff	92.57 KB (94792 bytes)	MD5: 591b803db0e63da097dfd19c3fafb74f SHA1: e6a11b7e85f630ceaa209556306c7f1f66c76aa2 SHA256: b8cae86d4974dabb2734cd7a157b71cc58a035bc3bddb942c5286a171930294a	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\ajzw-epo.avi.jaff	98.24 KB (100600 bytes)	MD5: 1659c175f3aa6e02006a4fef504794cc SHA1: b74cc41c9041636b38dd4447c35aef9ddf4d7ed2 SHA256: 72e69b5a803b73988d55e92e7eae2b8074fc83a3b9ba706921b2e1f743cc79ea	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\axc6so2re.m4a.jaff	62.87 KB (64376 bytes)	MD5: e7128cf60408429fdeab9e4f0bec4ef2 SHA1: 15b1736ebd482e21b8c1ef5e6d2f2fe6ec4dea96 SHA256: 82884283715f019acbf84859f9b887096946c728fba802b179efc67e257905a6	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\b20d9bq9wak1y.jpg.jaff	90.43 KB (92600 bytes)	MD5: 85cf3b593003f8ed65ecad27f0fa3f72 SHA1: 50849150d5fcb8a496cdd467c1487e7e5d0bf779 SHA256: bb2030e004b23d2f5bf094bfb2c689de3850343594b88349a6a8b4ba0e6e2223	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\fstg.swf.jaff	13.95 KB (14280 bytes)	MD5: b511745e7f40080d62a3ac953dfc3293 SHA1: ea575ed6d2b71498ced1c0bfc21fbe97ba1e47e7 SHA256: 733f000fb85058db5dcf3439091a3c2b0b49c89763320b10e5f5c1e33e1c4748	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\gd1baaokx xqll8mg9oh.pps.jaff	55.62 KB (56952 bytes)	MD5: ccdc686554b7427e600ec0e3e7166458 SHA1: 7fa1467be073c8b2b875ce29568b116fd14374d8 SHA256: dc1ae93600e3534825946ec979dfb3f3a4adc111d2303867ff33cec2dc3b1b82	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\gnxh5.m4a.jaff	45.23 KB (46312 bytes)	MD5: a3a766dc79f990ae2338451f06e6f82f SHA1: b3f71b8535576c8f54df818b8ebadc4f728a0aff SHA256: 0441e09577a81f772208990670abd1645ce107eb5f70766c85a574a4d57b2797	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\gyaslu.gif.jaff	49.70 KB (50888 bytes)	MD5: dc0177498bc8e7b6be560908b7f539be SHA1: 07523cc0c7afd266e730b6af84cf250d46707294 SHA256: 382aa58daca94e8eac634c4b9ab58ce9ab7df3eade07be2b75b2d8167f06ba2e	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\hzvj8a65k_2lv70dc8w.wav.jaff	40.15 KB (41112 bytes)	MD5: 2f020ee7584b210749f40e578b01640f SHA1: 7d11921f6488b10dedcd84a37b03bc72f54aa9d7 SHA256: 63dd3d45c2be55ddd9db4a2b1fc866e6e7bce7808e84e40c7bfa05b240e5ef16	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\jjhy52i5bspk80_.pptx.jaff	77.66 KB (79528 bytes)	MD5: 78f51a3b78d9079f65077a37ab53e5f2 SHA1: a2b09c7fb320d4becdc374f5dc206b962a783b4d SHA256: 7e42ba76ca16962322516b4a744a4007d7b6a3e53c4b9d681fc0ed8fcbb8d824	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\jltxy3syjrqo.odp.jaff	57.37 KB (58744 bytes)	MD5: be10cb3792b8b3723a65898a86b52272 SHA1: 174743fde082638c713dfd00f166fc6dc29da8b5 SHA256: 6f5bdd7872ffc62dc8c69777fa0cc00bb49e2e5858391b564f2caa472790af5b	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\jsf2w.wav.jaff	93.24 KB (95480 bytes)	MD5: 402fe54247d00c6f1e0d912c57dfe3c9 SHA1: 8b430d5af2b627b382077371fc13625967adbf17 SHA256: cb4d60bd5575d502f1800f2737ec3257f813d4c7b3c9b2311780fa0b34904bc6	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\mhecdzcb5d2tf.mkv.jaff	66.49 KB (68088 bytes)	MD5: b4e68699aef70bf3f8f63ebe294bab3c SHA1: 79a5e52a5ab52db6a8d758c8c4b27423973bcb04 SHA256: 26f9dc5b6d762d4f06b9c9feca6c554b5dfc4a09d18e3cbd5c1ce1e679e0b6b6	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\mub.png.jaff	78.05 KB (79928 bytes)	MD5: c64fb254ddc6343e137ad856690f8c23 SHA1: 81af0a30fc59088464fe50a8c575aed52a6a0714 SHA256: f0a16cad8753ec6588a4ba7b288e37586f83b8a2bccca3761c9da5f255e5f436	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\opnqerfem nc.wav.jaff	76.21 KB (78040 bytes)	MD5: d905f6e25c07a35a4f78a5ce8c258135 SHA1: ad07c34ffd42a1f64fe460264d709310c6164204 SHA256: 0f0c1aa3f6ac45edc7cbc264b8e9ceda5fc2ec2bfa29b8d1aeb3155f1c9eef76	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\pegixilxpev.odp.jaff	40.41 KB (41384 bytes)	MD5: 964189ed44f36896a28e3817953356e3 SHA1: dcc69e3e8d089a64d219a0f420e9af0c38a70ff6 SHA256: 6d8c07f36acd72a4a7f15b9908c58a5b026fe633e4a1c33e7f753bc92724e670	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\qbfxmud0saassf3v.swf.jaff	70.18 KB (71864 bytes)	MD5: ee1de00abb6c20503dd151c6fb9eef77 SHA1: 72aa31ca230572dd1b27b8f21adb2b606f72aec7 SHA256: 8084d35a4ca0e6a2c5f18b356491eadbb25446552a7882210be5c0bbbf87c363	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\rv6gp_.swf.jaff	95.27 KB (97560 bytes)	MD5: b39c6c12dec78224b998a2f62c2f7b43 SHA1: 467e553d33c624f0d47bf8fbffa36cbe05e43b53 SHA256: de4e7fdca1e0ea12d99ec2ebfa493e2d26fbed345f28d28d965406ade8a0fdee	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\sbfcf-kainxodnh rra.png.jaff	48.07 KB (49224 bytes)	MD5: 2c7983fe8f446ac48b8f322fa0703849 SHA1: ff30ece9a6f0a15d2614d31ca1d5905935588b71 SHA256: 2be65ba684686b2341b4c329d0836f7f6b637023e602ad10a092dc4eb12f1855	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\sr-qxg8.avi.jaff	76.05 KB (77880 bytes)	MD5: 9f89cab7c203030934718abe04ab8a85 SHA1: fd8d10cf676d88c1e629c30e86ef8663a8fccf8f SHA256: 430052560907831f7ea22206d0d67ac31123fc53d260ce177eb781c05a89fb2d	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\sshjbstfshohobuncds.mp4.jaff	26.88 KB (27528 bytes)	MD5: b6f19d38037d047c9b71a3dd8049b082 SHA1: 6fa705438b9d43015b2e812ebf64f97118d67f20 SHA256: 98573a24f47891bb3f8e825fe135d08c02cfecc5614e6d5d5d54f7869daec1f3	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\u1mukqe.png.jaff	51.38 KB (52616 bytes)	MD5: 4f25e4c9960316564e17e523c797f025 SHA1: 469488c852b94484841910815a8b2ace64a87b6d SHA256: d8f52e4c88beb9ad0c4e5b96586f95f34eef65bb249f7df7522185d46176d281	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\v4ghb.bmp.jaff	9.63 KB (9864 bytes)	MD5: cc14edc8314e00df24aa56d8cb133e1e SHA1: 25e98b60c419aa18eb48ee4229f669ad78005dbd SHA256: 09db2c29ff755891e760bcf6b20c4b3364531426d7bc04e354a86b9ddeba7ca2	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\w0q0xltr.m4a.jaff	39.63 KB (40584 bytes)	MD5: 0033c696c6fcff172782097bc4d6e052 SHA1: f0a39a66f7e369df3c309fdcce5cdd641ced83b4 SHA256: 1d2e4534446c0ec40e6df49f49f5f18d926995517bfd450b7167e2618acc0dbb	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\wk5bz4o9q1fwf.mp4.jaff	68.43 KB (70072 bytes)	MD5: 44dbd79f4a32c0fa0d53407351691057 SHA1: 85228a0968a763b5f35113e450e72226827d406c SHA256: ddda14132f31f452352b1ca6aeecbd49aa55bee5d70dd221c4b527ba695e6ba0	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\zjzspmnf.png.jaff	3.13 KB (3208 bytes)	MD5: 06ba71561a2480bf88709379c86f83ac SHA1: b739b883da0c461233be7990598180b74b91f933 SHA256: 28cbd0ba6af1556bb4afcf327c0358da450246009835f3e53e8816e383650056	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\-7v4vzrmt9tgdmf.xlsx.jaff	78.38 KB (80264 bytes)	MD5: cbe7a075b36e45d63d97d2c319772520 SHA1: 2908ef2a65509edd031c995e7f78743dede5ad1d SHA256: 104122eae30e05ecf658f32b1e7103eaa15bb4f54dad5befc1515644cb4bcfff	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\2l2ya0ad.pptx.jaff	80.62 KB (82552 bytes)	MD5: 2f2141a93d1a06a670b9686433491435 SHA1: 0fdf113e72882ea7211a0fe745158acf4cdee7bb SHA256: c1c1b0c79aa9a41fd0231e67eb7109b3aaf13696b57e796b02756c3f127779ce	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\6_vyndtfmhcw.pdf.jaff	10.35 KB (10600 bytes)	MD5: c71662c504398b83ea51614c5cf60774 SHA1: e2e5155ff48b63aa9a2c49a94751976b4d69a53b SHA256: 32342362084d2547a9f7e7308cc25b609836eb54c19346ded1f6f15eda6edce9	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\blzyu-zzcvrj_pwn3.pptx.jaff	36.76 KB (37640 bytes)	MD5: da756e69603fc2e8981dd82bb94ed81a SHA1: c5d2067350bf0fd69efcff749024012499a2359a SHA256: 237d2eb9fa10bf778308c870dc5172e723dfc5a13e0b061d1ee55672374ee937	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\byqw_q-g67.pptx.jaff	10.87 KB (11128 bytes)	MD5: 80002fec9d279d4ee83a9c4b6ea2521d SHA1: 7e3eeddf922727120a4eff15799e56931232dd22 SHA256: 6ca741ac8e920e0bb227c07a389a1e9ec817ada8bc9dc3562d846f221553fa5c	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\crfcnex6l.xlsx.jaff	23.48 KB (24040 bytes)	MD5: f3fa8ac640508416df490ad4e9d262d3 SHA1: 847ddb8bdce652d00ab7b591ad39bf8793a89a0c SHA256: d915f89e2abb5960ff6cdec2c9853d368444a2fa08c10714e188dfd50ba37e27	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\frl8ns.ppt.jaff	30.99 KB (31736 bytes)	MD5: 2aafa151bb4701159444eccd1070df72 SHA1: 18fcd508aeba2730299f1653a8e238ababab2792 SHA256: 56cf087357a109bea67f7986d1dc42dc6bc0a3fcd1570e4275c158ef9f96694b	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\gh8gmygh9o7.docx.jaff	29.37 KB (30072 bytes)	MD5: b1bea1f6f070f1aadfce02c3f99e5ddf SHA1: 135d586a0e308be20909db8cf3ecdb3298c66b3b SHA256: 77d03cbc87f761199086ff274bf03f89f9f5a2fa473aeecbae9ed2baa9d94c11	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\k7fdk6f.docx.jaff	10.96 KB (11224 bytes)	MD5: 7b03b21dec4cf733773cb45c2ef5c665 SHA1: 00bf4daf47b80eedd0820ad8bab0dccbed119c4c SHA256: 49d4cd31adebb72926e84d7272a093705fe27f7ca7c084003d7bac323d57223e	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\k9npofkvnc.pps.jaff	66.57 KB (68168 bytes)	MD5: 1b0aa8818c8302c5936baac08c91c6d5 SHA1: 50b25e87a561ad833b91e2cd25fb2a523f09ff26 SHA256: 61a4b169a1cc6de80c4a6caf8aed11ef1f11e957aff86cee7424e11c47bb7b83	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\lkvfi.docx.jaff	79.01 KB (80904 bytes)	MD5: 1bce89fd5a803d77ffebf109dce3b696 SHA1: a38c9283462fb4c1274c7d28ccc6dbde880af07d SHA256: 0981743cbfba0b4da36458751ea796ca03fdba18b87f6dbbe9d8484c2ae53cd7	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\niy3fhj.pps.jaff	48.54 KB (49704 bytes)	MD5: b37323605fe0fa613919d3e268521b66 SHA1: 96b4ee46f1064b5dfc5054ca971245c5e816adab SHA256: 337522dc12ed027b06aeb2703fc0ee10204db52cf28a3bb7cc3495b40b43003a	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\nxc7tbz5yr1kbup.docx.jaff	22.21 KB (22744 bytes)	MD5: 9188be37cc7eed983137713c8d840bb0 SHA1: 2ca59a899b1bf5ec51abf9b0a0a219bdd6d39308 SHA256: dcf08ea931a5fa80ddbd33134b91046382b137b0c8f2404e97daed6d3658eb57	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\omwvs1ixczu4j4nno.csv.jaff	72.57 KB (74312 bytes)	MD5: 5b5839ca4f7a28f461979b15d7ea674e SHA1: 901b078e9327c7d8f5f93c943a1fb1821c0bbdea SHA256: bc7c4453f6fa120d0821c316bde036168d1b2e18fa7fe46b3ee87b6c79c589d7	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\p1j0_ef.pptx.jaff	25.87 KB (26488 bytes)	MD5: 4af24afee9046d2a880c5936ccf7bd77 SHA1: 9002ada72853d7cbd36f1ed5c1285c15977987db SHA256: d2e906b1d0aa36684370b4321b004800e392ce48dfc786582a7888dd4bf3e39b	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\rbyfqly3xxqa3zf r0.docx.jaff	15.90 KB (16280 bytes)	MD5: 6ff2501f7815dc531ea561557e5bc295 SHA1: 21480747c497dfd7557dd92ac0af2cc8178af3c8 SHA256: 3d1f40043f69c8ed1523adbb237cda7ed12ad476edc9e01c49722f0ea307ec13	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\rzu t0gzsb2nzwyha.pptx.jaff	44.02 KB (45080 bytes)	MD5: 44f52a610beecce92bfcf504ce1940c4 SHA1: d6da2193d868ee41dba745bc8913297fd1e980d6 SHA256: 10e7b9ad0355756dbfe219f5162ddc958a6110878d07781ef1efb2feb1cea6ef	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\tuy7k1x.pps.jaff	81.35 KB (83304 bytes)	MD5: b8417c0d496c0442dde3f50dc4d8745e SHA1: 92ae146c3742e88b1e3c5b0e9a2b21d5f568a085 SHA256: a87a525a12e2b41945a520253ed217ff0838bd5c9d4bcaa254be0a9f56b9900d	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\u4dvje.xlsx.jaff	16.34 KB (16728 bytes)	MD5: 582b5b4166a87948f8418de70c1efdb0 SHA1: 46561f340b5d53506f8ac23dbcc7ed96756e5e29 SHA256: d0a9512cc31bd57a495732440b88e7ac0a57d8fe82df97af679b4943f8c3ddea	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\v9k _9k.pptx.jaff	38.34 KB (39256 bytes)	MD5: 3ee930e0e479c901a9fad214ad572211 SHA1: 4cdea5982dce08d7cc74c49aac3897661eb25a39 SHA256: 22959971d57066005705a8a68b56f9a374030f2a93f20b576d213c9e60bc6a00	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\vk2uoq7lerjl.xlsx.jaff	65.95 KB (67528 bytes)	MD5: 7592bbdeb68e522a2b7337ba907e5e8d SHA1: d3afbd3bdefb3a72fdc58cf844515fc0b129528f SHA256: ae9c7baea8e8ccc59e41149e89f35704934f676d9618cdcb31f8a498e2b388c7	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\ypvwhtkfqb1uj.csv.jaff	84.63 KB (86664 bytes)	MD5: 8215e87299e6b2bf83416b1d27c250e4 SHA1: 4fcdeb231b2e9f8f4d067ee3ebeed03ad8a44625 SHA256: bbfae820a33773c2075b2e42d022466a9d9ad3227e16b5c73e62912da030fe56	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\z vcpzp0j wc6_lb.docx.jaff	21.73 KB (22248 bytes)	MD5: 34992a2c5c728ac5dac8f8e00b0401e5 SHA1: 29e5d3a203e8aaa32c8077a52034c08432cc0e6e SHA256: 86dbee278a20f73397c5a1bba8ee0367097cf27350f286c96f6bc0d09aca490e	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\zspkl7ggi_oif7hjt.xlsx.jaff	11.02 KB (11288 bytes)	MD5: 1efc1e05588c820f909a438ec1681f17 SHA1: a6690351d201532e9726fa57c20f27067e2fbdcd SHA256: c7daa95bf32f325173ec753566c366bdf23f012448f908c470c9599402647a7a	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\-qgo7tjmvpc2fq.wav.jaff	59.90 KB (61336 bytes)	MD5: 9f70d94cf27e81489c9ca29723102ed1 SHA1: 336c15d2000f0d57871c3c44e2f1c40074ac1d22 SHA256: ae3db08bfab245a2d02a0f2583b124e89b16edd0512ad6e2cdaea4c7e4d101de	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\e677hz.m4a.jaff	93.93 KB (96184 bytes)	MD5: 6cc138af6d0a9428155ebbb2a8373748 SHA1: 4b61648918265dfc7a290693ac340a3096aa0910 SHA256: ddcea2ae2418c537054157d44101456ba470bc60f4be1bf6c3d0c7b9becb8885	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\g5t48aobb9.wav.jaff	31.40 KB (32152 bytes)	MD5: 3ec379cb61b5986d4a05845580b9862c SHA1: ab767ef2a388bf8c0e7a805d7e9084dbd0c47757 SHA256: bffd89f9424067aba372f8ba5f9e1fbce91e39f11099649f90186e6c3f2431d2	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\lxkf1x6u.wav.jaff	10.16 KB (10408 bytes)	MD5: b9e4dce941ee2ad778f6ede893c51f53 SHA1: 1b14c250bbdf1eb441dc7adf337974d05dd38074 SHA256: 93a2b320006c10f0b6ea2788a7ff4c504571ce23ad4e779a89cd8334bdad103f	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\rgkb8kxarwqg.mp3.jaff	91.37 KB (93560 bytes)	MD5: c7659048584188da3d2aa3690350b645 SHA1: dc4380b56a51cd89d7d0514d7a9244a2fa067da9 SHA256: e1eaf6f8ded0e7ab8f30da78b5c76e93f1698bc2031e061511d598742eb63af5	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\ri9hgrgjctfu19.mp3.jaff	15.85 KB (16232 bytes)	MD5: 91a4b32678af0140911bc7277622b32b SHA1: 1ad385e268eea18e43007a01dffb86fc3949d632 SHA256: d3af0900ff544f31790325837b823496bdca8b52b697b24463aea8dfa6594f95	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\s0p75.wav.jaff	37.74 KB (38648 bytes)	MD5: 6ed8e12811ca162bfb83528741919639 SHA1: 950b88a4d2ad3874c85cb14391c9ca9bc3186025 SHA256: b8b84902f5b8ed76f626aa1c28bc4efa4ab358b2e9e828f1a4d48b997d60a17a	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\2mcajc.jpg.jaff	40.20 KB (41160 bytes)	MD5: e3b44f80df5e2eca2029c0bb3533e094 SHA1: 4ca0b78e99bd65c7dcac3e3ebbaf545ff22f13f2 SHA256: 4942cd9fb96accbd8d0cfe7764150dd1ea46a1b6160919a349ea5273ddc26c8d	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\bxkj.bmp.jaff	39.85 KB (40808 bytes)	MD5: 846b277d9875fd58e83372d5909d6356 SHA1: c956ecb54a5f42b9b3df4f73b7fd69db4a596df0 SHA256: c179532bba304f98a57ef6278939ebed8a3c69ccbc0335a75e4fc7bd6a157b41	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\fkpvxol9c7u.bmp.jaff	15.27 KB (15640 bytes)	MD5: f09b9e49b9371ba1490776597a5fbfbe SHA1: 5df39de86f960ee2b3d95eac581b649d96c7f9b6 SHA256: 124da94ad453ad8c83f99fed57dd002eaa3ce2a69f79907f1e444ef9b70f8b9d	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\n8_t6skpqfnfeok9k.png.jaff	38.34 KB (39256 bytes)	MD5: 2abc31836d3833f66a18abe0057942ca SHA1: 81f2ac891eed3abc78613fda68d84eede498b615 SHA256: 191a59f9d6ff0ac04848537c5217739636c1d661220eb6410f7df63872075746	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\rubuq1kl0y6.bmp.jaff	21.13 KB (21640 bytes)	MD5: 4ef5178b68796783ae7e0d3b1799b6f3 SHA1: c58f455f672e4e0c16365c2bc8ae60066e0e7a65 SHA256: f05e8a34c4d3b34c073165bfa02383b271e2988843518a360d4b7e3bef8fed56	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\-bjtnqujsdkd0.avi.jaff	3.21 KB (3288 bytes)	MD5: ac2fa32c251bd686b5971db8ceda24a7 SHA1: 681a5c0c32a3a8700f970bf448de4a7f242f92a5 SHA256: fcdee4515b432ae20f6ce1c9b29b603cd53ad45f877b4fbbb46f78ab9547fe78	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\1xar.flv.jaff	76.95 KB (78792 bytes)	MD5: 9c7ef6fed5dd34a8dede33c0899d57ba SHA1: f43686b09f3093b6b69567fb943082e698f71cbc SHA256: fa2395e14ec0e0b554d8f6f9a6a85f4b7c45106a89957e290c936665ea3fcedc	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\wwmf0-vjk.avi.jaff	56.15 KB (57496 bytes)	MD5: f5b882577b9d08d30d8c23e5b0095903 SHA1: b038ba9adf77e4f697699af97ca3d238c853b1a6 SHA256: 37faaac5bca54ea9edd3bbf284f3a5ecb8f0a0fdc39521f48d9693d7443bb3b3	File Actions Show Properties Download
c:\windows\debug\wia\wiatrace.log.jaff	1.09 KB (1112 bytes)	MD5: 599e206030c723bd22b46006d1ae3f04 SHA1: 08cfcd4f13cf62f197d484ccb146050ee4d80a56 SHA256: b32a533ab621f2d67f52ecda6a5766a08e60b2db1286c4f813b0f7edfb2c2e1f	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\gdipfontcachev1.dat.jaff	109.18 KB (111800 bytes)	MD5: 9386a709a6b6e531e8fc9030169784d2 SHA1: 55607c3ef0b64f77cc60a76d664b9b4a2370905f SHA256: 56da555dafce088543e5be214afd1dc59086c921b694d5f303354e6cedfe2d0e	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\iconcache.db.jaff	2.66 MB (2784917 bytes)	MD5: de4f4520bd8b5fd901d87de83209b1bf SHA1: d7e80f2dd48be478ca127f94df89386e83cf9a11 SHA256: fb25ad754e06760d109e97023b437dae7217da38bfd2ec260cdb130ca6daee5a	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\1umym4fvfj8.bmp.jaff	57.29 KB (58664 bytes)	MD5: 97980c7a68ead7402690b9cdb0a75825 SHA1: a0f0eef52990d4f420c5c712b2d4e52df0d78c91 SHA256: 65e2734d760f79369e0f61c209a3b2757192dbf787111eb3381fe4f71c840238	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\6bvjas.swf.jaff	56.57 KB (57928 bytes)	MD5: 701357e4098d8036d540cbb4ed7c055d SHA1: 2779e24ceefdc924764b7c0ab6a85960280ed7ba SHA256: d8162198b7655a33bbdc9c36d8ccae08d5f0ad58bb0ee891d068abe467cecda2	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\6tuqomdegtfjit.doc.jaff	76.54 KB (78376 bytes)	MD5: 2d7dbedb1ac0c0fb8e18bc1d1e049559 SHA1: 2bf67f0a10e8c2e7cafe41a3603d7fab05177efe SHA256: 0ef0c8db4970b015052a1bca0fda06a7ad8330131e48abcb16cd46d270f743a7	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\ajxc1nza_vscscleoiqb.mkv.jaff	11.54 KB (11816 bytes)	MD5: 6c34f958c0d6ccb8e334330e44dfefd5 SHA1: 3079b87901d78b080bcc75788cab5d93fa7775c1 SHA256: 2fc7cf5bad22314b7db5baa8970e6f7e68f9e9b13c11c364f235d56ab1450ffb	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\aoirnr.bmp.jaff	45.07 KB (46152 bytes)	MD5: dacb48fd5f4b049d29c99818559f5795 SHA1: 137c57da01974f1416f448da5389bf9ae787b024 SHA256: d45961c200ad54e64873b86a3755cc3bc360f2988d455c0da93007dafcc21985	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\cvyd6qnuq0.avi.jaff	3.91 KB (4008 bytes)	MD5: c172b89fb8da454f0e50a5fa97e05ec9 SHA1: 3ad1b253ad11f5fb7f1bf1c27dbc4d97763af656 SHA256: 8ae6f2a887faf3ba1eb1bd24d36605dd146e187e5a2d1358fddec65e87eb2735	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\cxz2lhgcrpu5gr3.jpg.jaff	6.51 KB (6664 bytes)	MD5: 6f021d452f41973af91b6bd9976b3cea SHA1: bf3267fc4bc80eb23af478a66160673723053315 SHA256: 204d82aa35a8bc3aad9eb6045eb05529b4f8df372154f400fe8f1ff613398354	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\d13gx7nnep6ztouowqrk.gif.jaff	26.80 KB (27448 bytes)	MD5: 6d63ea3fb773aa824ba9b8b34b8358bc SHA1: c72032f702c504ebbe96f0e99784b9df01df0744 SHA256: 39901ac1f55aeed0cd26b00d9b12962e349e68d956c05da52ff380e916b13ad9	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\dxdhm29hf.m4a.jaff	9.07 KB (9288 bytes)	MD5: 1b33019e292fbc5f021a66255f909ca6 SHA1: a94ee5d1a9a0c6e78b1beb287d83a8e2b7f6cc04 SHA256: 29a2241e07637591d643a8d7ffef1370b2949478fe6746252862ab4727294cb2	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\enf-dk nq5v8xyepqi14.jpg.jaff	53.66 KB (54952 bytes)	MD5: 22c53f4afb52f9a0795e0ab17e0879c2 SHA1: 9afa162b403d7bfdae46a16c762ac2532419e56c SHA256: 9d959a703bb9dffc18c830b6da58df9805366c768d9a6aed2e0676c1e95b8c72	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\eodf9hgt_59rejnq.mp4.jaff	88.66 KB (90792 bytes)	MD5: 21b9b9bc0427adf5a081af98f51dec90 SHA1: e86dcec680e307cd56c0c8e38899db1d586ffce0 SHA256: 896d98ab32389883045e909b396d1e0e433ae0d68bd81f9a9e2ff27c53eabb21	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\fow2m nchnstq5iwnwtd.doc.jaff	19.49 KB (19960 bytes)	MD5: a653c5cf71c708579da2cd736208282d SHA1: 16483f01eb5a8970a6c206319e740c356e8a50b5 SHA256: 0459af5f3422ae149f10631a27419901fb0a088b01adce5754045211ff590c2d	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\fwceha5-ofonjm_mrk.gif.jaff	80.40 KB (82328 bytes)	MD5: 86a38cca8a591a8f797f1b8b5f1375d5 SHA1: 71d8886aa2db512a7f34ee27a9f610776a807361 SHA256: aabbe5f2d706975a8bb2166e6d4415b41588095e238c5480f1e59931d6031f87	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\hfrlk4kyteho4-5tr.avi.jaff	89.12 KB (91256 bytes)	MD5: ba784331926add989cb2706fad0ebae7 SHA1: b1ffba90fd6132f457f0b5cf706970d285115fcc SHA256: 7314121e22b2a44979e2409a153dfe9e2a35a40ab77e118596fcbfeb0805281f	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\hjf9yedugrf.jpg.jaff	96.96 KB (99288 bytes)	MD5: 60620f72ef6f1fdfc319bffd130784a3 SHA1: 81c97947e606029990d22675c7d4d2079c36680a SHA256: b3396c5e19174afbce36a1d6d148b3865ca967d520050c9addfe75165bd6eeee	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\hopluwn1s1.mp3.jaff	45.20 KB (46280 bytes)	MD5: c8ffb0459a1b05295b87349f0b8d0f1c SHA1: 078882c2e8683312d2d67470f486020bd7d4b390 SHA256: a60a2c6f81815f2651a843eb21d6fbf742a2b6250f586be78ea936b2fdc9a593	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\imvse8th0al5lg7u1h.png.jaff	94.98 KB (97256 bytes)	MD5: 614492e695ef633f971430d9d40f264c SHA1: 448db4fbb87d200a549802a8393e03bbc7da7795 SHA256: d244295d7e196290de701589ef4865bbca2b51eee1e15c778bed4a9eeb195797	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\jaag1ry1xnhlw3txr-f.avi.jaff	1.74 KB (1784 bytes)	MD5: 03a3a8100331b1e1f10b8a7c3877fdd1 SHA1: 7d1b36e276b3bc105bbbc56b81ba216b7f4105a4 SHA256: 9f1af29ad03ec8a86e285c2bc8fc5a29cff457e81fd59be090b31a67cf4c7acd	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\jdl2cayixjci0f.swf.jaff	82.23 KB (84200 bytes)	MD5: 8d03f5ab05add474bcdbd22a3e33656e SHA1: 5e38e06232db7525983dae483fe745c0f066077e SHA256: 5b75b8182c1cad9221a5f10d4a0e8cf08e8a60b02071d4ddbfd4c19407d0f6c4	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\lblpnyrfop.swf.jaff	63.68 KB (65208 bytes)	MD5: 40b5a4c271048207c5a0c6f645ac0629 SHA1: bf3fe504ff7a7bae7167e44d422b33f8e0e8123a SHA256: 0c89450349530a2268a069d341550f3d0170379f92a25d090bd63aaf59b186d9	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\mkhvyavqb8y.mp4.jaff	88.21 KB (90328 bytes)	MD5: 2a14f433e3ae3babc154bf04755f1155 SHA1: ba0421a940e9a4ef1763dd9845645d5a7e764c84 SHA256: e25f44434e691bccb0f127e348d2beb579089b70b8434d66f941ee7b2082bb2c	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\nme n6axgu 6n9r9h.wav.jaff	55.85 KB (57192 bytes)	MD5: 124c42ebcb971de7d606a02e811b81e3 SHA1: d7b7f2a1f1ec9cc870304bb23483dc3471f22fa6 SHA256: e2c44b345c5fa93c874bd8eb1b732c18f2d3ccfc4328b7906c581ba2555cb1df	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\p82vjamr2.bmp.jaff	62.34 KB (63832 bytes)	MD5: 98b711a450ddd2019837301c907848b6 SHA1: f672dbc50bfbd89066e11c5e781d392d1003370b SHA256: 755c232bd7f25e52961a27f407e1be5b7458edb365905d3afe0a081ec695308e	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\rauj.mp3.jaff	60.77 KB (62232 bytes)	MD5: 6842c0180930c90ee6425a9c6830a6ca SHA1: 46e0fcc2b6c53900602488be2107db482a1bdbbb SHA256: cf86af2c0d5a222551ea9ceaecbbcc87d50f2ceef0bde891da2f152ac9c6f528	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\rgmlqmmcul5i.wav.jaff	26.76 KB (27400 bytes)	MD5: 4baeae833ff94d455d1d2034ba43b868 SHA1: 7bf5b51add3ff78a91281e58c91ae4e96497993e SHA256: aee3e5fa2fc75de9b62b63f1928743a8d71e42ce756d967dfed01df6e3bc8c47	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\rsg5kpk01wz6hddsa.wav.jaff	8.76 KB (8968 bytes)	MD5: 98622b5b51c24ce20a188680d19ae75a SHA1: 3c11e0d7b01cb7f9d9e79b3046ab050d45a2e84f SHA256: d6dda18b9f6434e0d824dab6fc3d10d22df0823abfd3e5a0900cc959e81c7aec	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\so5pb.mp3.jaff	25.98 KB (26600 bytes)	MD5: e2a2cedb1d2738a3700a156d59ceffce SHA1: 1196036c76f248a626021890dab8dc4a45395dc5 SHA256: 3730400d5705c3999e1ce58c3223921c9a288c4b52b21ea6f1ad28e8b72c41ef	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\tbli z3y5kyu5snq.bmp.jaff	19.32 KB (19784 bytes)	MD5: 76515adff5380926a63e192b9c3149d7 SHA1: e462ffb4cf71530756c704c130d09dac98fa120b SHA256: 6bc47d396e87094455f406c53914e96133871ec1ebe3a51e37bf353bd5808247	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\tt0jey_-gfzcftc4.gif.jaff	9.35 KB (9576 bytes)	MD5: dfedd2d4a1475695637600401c7cc5b7 SHA1: 059e23542ffa35bfb74085cc1a8e5b8d8686053b SHA256: f506c4b35081815b47778dca688a7ea8ac0b870b767962681651e3286c00e7fd	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\unzi_o.mp3.jaff	40.62 KB (41592 bytes)	MD5: 71c853893947c7bc8a27672a913af6f0 SHA1: 71cf6bc3ef94e946fd30de95d15999ff97de882d SHA256: 70d3725bacd5888eef18313b52209ee470a673c7508d0f14d54066e8002779e2	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\wh1pl.mp3.jaff	30.82 KB (31560 bytes)	MD5: fa351fb97c0aa0f4af6e476e7fa2148b SHA1: a571c5856f37fbc1871268c2a92c59cbe0edd4c1 SHA256: 3f5ea7eb0e9baa749f545a4813db71772a5a1a05c9c57d772763d4e70d48e8b3	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\ylvyw _ g.ots.jaff	22.24 KB (22776 bytes)	MD5: c4299fa47bc63152017171dd89f201ba SHA1: 61e62620bc374907f56411d7d380285b2a0e59c6 SHA256: c28145615ae2154dbb1acd11ca41f183bdd8c77f377b5a092c6973bab632df4d	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\zcepaktaksgqv.flv.jaff	32.70 KB (33480 bytes)	MD5: b73cbf497e9a898853554c7c54cadf9e SHA1: cbeb8bfe2392156db3afa8ae005e0139d91873f5 SHA256: 1b44e70a3b8e94debc657a216875be6a4144f0cba69b97b0dd878ca1c7bca322	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\zuppqhwgrwyopshn8e_q.avi.jaff	36.43 KB (37304 bytes)	MD5: c3219589cd426b5b8af67e6cf25eea9e SHA1: 241bf74f901c7403c06d487a2b4ef660d0bcdd77 SHA256: 2159f61afc7cfc575abd38b0790cfa4ebfd13fc5ac5c1c0634ef81abdc7f83c9	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\_ng8cvnx6peynwbd2-.mkv.jaff	82.18 KB (84152 bytes)	MD5: 718c0ccbef1a14c0d3f32d177c8dfd76 SHA1: 5ce9806dfe436a32072b8a7704c281b0eeefe799 SHA256: c49ba4fecffb231559c75836eb0e115ef943ad39b31f62102d7ff4ca9a69d1ac	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\vdhed-l_f7g\7b38ndg8nli0_u3oo.mp4.jaff	48.46 KB (49624 bytes)	MD5: 25a15afbfe8d4d4575c534c66e5d8ce6 SHA1: ea55c98f0bb7464d685349fb5d55b2fe931dffe7 SHA256: e1fd7b9c4fac1d76ab4c33e73c4afd1d4c3d8f1a941e082f0f5179c78efc17a3	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\vdhed-l_f7g\ao3t70.png.jaff	18.07 KB (18504 bytes)	MD5: 1fb1e99a8fb710096b3650995c243796 SHA1: 28172952817f4d7efab8b75cd789ba43f8dc5aea SHA256: 2a06a185e4ff98ea29bfe897ef07740da5c62455936f8b44a9635a3795a4ba7d	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\vdhed-l_f7g\g8p8l_bfm0n6.mp4.jaff	77.05 KB (78904 bytes)	MD5: 5bdda52326ff8f830b749311e2a9866b SHA1: 1dc88309488f4505589bb5b3e628319df46b4c8e SHA256: f59471dfe67af5ef01863af61b2e273cd22399aff28f9be8584d37d92f7ae462	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\vdhed-l_f7g\k4dgb-lh2h5gjhxu.gif.jaff	47.59 KB (48728 bytes)	MD5: 067f324dd22e39bd3e5b21994e8394f8 SHA1: 67bec23bf22e32f0b006a7999edd57100f096f01 SHA256: 80f634b4b31a3fee80d01523dab819e4d19655a8f36327846cee829c1bc77ee3	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\vdhed-l_f7g\rxmpj3o6wstenbgy.swf.jaff	25.71 KB (26328 bytes)	MD5: 68f95020c49daa89c8062b88edcc372a SHA1: e2f5b2b7d4b9ccb6389beae836c43c7f342fc7cd SHA256: 2384f2f11874c2395bfea6eed04589807f26ffa44f211758f78c26e5fda17e3f	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\vdhed-l_f7g\ujiodahvsqoqc.mp3.jaff	5.46 KB (5592 bytes)	MD5: 6dfbd1dd82bef41288b88e3645e04b32 SHA1: 84d8e31f30f90ebf8faedcdb127b7678baf77a86 SHA256: a619ad8a916d482b64b05eec1c34c45241e95ac9abfde0f1d26896393c881d97	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\vdhed-l_f7g\_xcx-.xlsx.jaff	61.13 KB (62600 bytes)	MD5: 2f79f252560242c139f6c79ec48137ae SHA1: a06135580577a3c15bd62b8cc0c5514a7f8cd2ff SHA256: 68f9b5f100a3cce7a9ed51ac433132affd475efc384e90bdf5a22fcd122f016d	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\njkw\0u-gmyikds1dn3.doc.jaff	34.02 KB (34840 bytes)	MD5: da700773230d1cf957b76605efc59589 SHA1: 4ec1e00783d7c180a6aac0c2f87a47da4890a843 SHA256: 289d94d24a1506c8b93c90491063dfccb958c8429f0d05f19317256cfa8fb50f	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\njkw\c6icmj.docx.jaff	81.30 KB (83256 bytes)	MD5: 58cf9b62ff7cf19d3c8b1963f1352126 SHA1: 4438b8b93fa3c18535b1430ed08a94ef9e2e45db SHA256: a66f988ff471d0e810424d9f3bf5c9edf6fa789414ac0cf4613c507bd73f54e6	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\njkw\etpn_t3dzme4qxx_.pdf.jaff	62.73 KB (64232 bytes)	MD5: ef970d951452ce0233afd3309072c8e9 SHA1: cc4278012a712e0b78079ed929b936f2964aa8bb SHA256: 740cce8dfd7e0f3eb7f8afac40ddbc4efa1c8698b15cc70a19a8ac844966a6a5	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\njkw\igvglhehcqg.pptx.jaff	20.87 KB (21368 bytes)	MD5: 44757c5acba6b3e4d6bc6c67f25bae7b SHA1: ac7f8f7caea524fd4f47bc0af4c26630cbf2da2d SHA256: 9d589de0013979814985dce6132cbb3263ff313f9c7e00ce7ef07a3afc46733f	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\njkw\m kgn.doc.jaff	91.54 KB (93736 bytes)	MD5: 69a1c9a0a1fe4fcc9938fe20f50a751b SHA1: ad093a3fd3493c94b34826bc98d4bffa91101a64 SHA256: 052b03f444c5a598f1c1a6954bdc517ec84e53bc07d2b0198c16654ef2b072fd	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\njkw\ufym4xwytsyw5_.odt.jaff	53.87 KB (55160 bytes)	MD5: cbca2469ec5bcd570e5a5cd9adbb872b SHA1: d3ea2f627b8478a00ee04d023e16b0de89e1f300 SHA256: 2cb6d16353ec37b3d61e99c9eb0a2634d95c763b61ad4b5714513b03ad1d1ea0	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\njkw\usqlkd4kp9v0fk.ods.jaff	74.26 KB (76040 bytes)	MD5: 50401a44b503983288cf2b524e849a10 SHA1: 1e26fc73228a98cda31327130130c652c90cf060 SHA256: 4a85c61d2ba5e79d9106e2a234d85342d872ef794b4a2f6b35ca1a9617464f3f	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\njkw\ynigeyz8lkn.pdf.jaff	31.10 KB (31848 bytes)	MD5: b71f4336aa72091fc4e9c833408c0f84 SHA1: 22a87b60ec69be672d6742dda630aa2351a55926 SHA256: 42ecfc6d65c29a06495e0fbcd28195ce6bd55ef7ab1bc7807423028ebb048804	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\njkw\_x6jfwjkkp2-9drr_g.doc.jaff	42.07 KB (43080 bytes)	MD5: 7e08a4fc8a21773e6c578278cd45e6a4 SHA1: ff9780cfda07cee83584e224108c0dd5a776d89c SHA256: 0dcb106c50ab9d5cfba2f6f37e75a9dcf835fb011cc938cc4543de0fb4475aa3	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\vl2a-uk\1cpl8obl6gqx 2a.pdf.jaff	52.96 KB (54232 bytes)	MD5: 7de8e9d8c832e757b77c7498101c74f9 SHA1: 478d54d3b9f52c32472c7257c070bb4ef2cfc9e7 SHA256: 665699c7975f1b45e5ae36da35937f1c0d8f654e1c457a5d88e614f64295e440	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\vl2a-uk\a1vlpwr7c4l.pptx.jaff	7.77 KB (7960 bytes)	MD5: 801f977fe1d45230884f80d7e16a0c71 SHA1: 51944b3457459b5766a2c172252cf6b2c5e50f55 SHA256: 9778803c9a585df3b6d388210f2f1144c6adfa887fc410c7ec47afa6514e3143	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\vl2a-uk\ixyka-jbiii7bumbew.csv.jaff	89.35 KB (91496 bytes)	MD5: b6c86ec97994fa67f43566b64951f3cc SHA1: efab2d7292b11857c7b2f7fa1f9ddd8f25381aee SHA256: cc177ee09615300c29367f4eb15d4802211aedcb54ef3e8eba5d8b27ec58c462	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\vl2a-uk\kxcg.docx.jaff	25.29 KB (25896 bytes)	MD5: 2b3c6e0ce69d380647d5bd173b171ba0 SHA1: 91c20312e510922a6424d86a4964ab9e2b651c3e SHA256: 3507fc277340cdef22fc61ac6d389a1ed990647922b95ed057f0ada03c1a671f	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\vl2a-uk\qaegdv.xls.jaff	31.98 KB (32744 bytes)	MD5: 42840428b6570f542245f25bc6b9c77b SHA1: fbcc2bd1ebcfb4269756949d0bb9f2b16c22ae91 SHA256: 898680f7d188611172cd881f4f74ee44d4375425bd7db9c019af8c8691136a12	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\vl2a-uk\r6eg7tatbs.doc.jaff	61.40 KB (62872 bytes)	MD5: 5785ec8e99d5f9a48455d629233724c7 SHA1: 0cec7d511ebaadc0051e7281e9b2087d1cabfd57 SHA256: c3b6f940d7b1fb2cadcb95b45be4e2e7382ebb3aeba4dfe3d076a4f291a0839e	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\documents\vl2a-uk\ye0lqhminpmci5grd635.pptx.jaff	66.45 KB (68040 bytes)	MD5: 133abab571cf96d2656c08011991b0ea SHA1: 107a9b478c885b75c0c486af620d9a28e19be36a SHA256: 11fc9ec8a4e6c87d30ce576f3e360fc3b5aa87755d3a3e7fb374a9025b93879d	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\wrzwpq28zvvbh1\az_p7vzvnsahvwvs.m4a.jaff	68.77 KB (70424 bytes)	MD5: e60892c31fdb28a3131869c67f5f80a5 SHA1: c2283a94cfb7d38f1290875498fccebed9b06f87 SHA256: df5a46b8c5438d7a7adb36e36077aec3ab4c53e3e8e51f9a281a3d389ab5b45c	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\wrzwpq28zvvbh1\hbq jprjf.mp3.jaff	48.30 KB (49464 bytes)	MD5: 00cf86e69975084cf02102e98250b76b SHA1: 04eb744b39c722eccd9fcf76d9f8de3e9d386a2b SHA256: 230670546d15dfe6060e3f4aebd7fa2476e2c4c8c61c3b448abddd9fac6f6b73	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\wrzwpq28zvvbh1\iq3ampbfifa.m4a.jaff	10.54 KB (10792 bytes)	MD5: 84e87a4f93bb06d6b4d8c1a7caafdd9b SHA1: f6f73ffce7944c2ebfce4cca8207a225cd0b6ab8 SHA256: 55140704e3f8b7c12538e934737f068076186ab9871af2418234942267706547	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\wrzwpq28zvvbh1\kzuam4a7ji_ui6lu.m4a.jaff	81.10 KB (83048 bytes)	MD5: 981e0258a222dfda5c679df9aea556af SHA1: 4f34bd7c84a03bbe3ef97d47e6f9f187ebed2f87 SHA256: 956f96777bda116b3dbe7aa54fae62f79f8a55a2bb83048b566c99882b6a5f6a	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\wrzwpq28zvvbh1\oco d.m4a.jaff	74.55 KB (76344 bytes)	MD5: d0b178ebde7b03f60748915d31e083b3 SHA1: c1dc8202fbb8278e7ad347e949f701affc0c2801 SHA256: 9647d05fe530ceeef86a9cf144423b3e71a3c4e5ff805d31e10cacd368d3bd0d	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\2mkhjdl keu\2oqh.gif.jaff	51.65 KB (52888 bytes)	MD5: 7947d6eb76d08379299e6d64cea7e1cf SHA1: f8ad267e566b30bfaef5cc88d5af647b08772ca6 SHA256: 2e072ca1f13221ba52bcebc6ffabfb7090d6ba12928bf43948f417e692702d7a	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\2mkhjdl keu\gkk9v.gif.jaff	3.38 KB (3464 bytes)	MD5: 01b6af735fb15b27f2360681b9d58e4a SHA1: f3380b357bd3303e5b9bd199b423c62416b99faa SHA256: e04b8f183e57ee3809443909bc70b2432a2911ffa297eaac9d6740828b55e61b	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\2mkhjdl keu\m0mncm3hfent8wlghg.png.jaff	96.02 KB (98328 bytes)	MD5: f0e86de6dd0d8736c38fab3f108f770a SHA1: 9c239aeac5948fe4dd535b5d25b77c8262a44c96 SHA256: 0e09925f421e32ae246be453166fb819daba424b5726302efdf2fa3deed91840	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\2mkhjdl keu\snqviwlif.jpg.jaff	85.35 KB (87400 bytes)	MD5: f63538c77803906e63892dc35f540eea SHA1: 36ba4f23a7527374dca6eb63be2a0d453859dd1d SHA256: 6f4f8f1a491f333c95b81cda2a3ceef13eeba8eac87885f82c9b9878a53c234f	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\2mkhjdl keu\tmrkjv0jtxdgwj.gif.jaff	99.62 KB (102008 bytes)	MD5: 0a873cef72ca191fdfc7f24b65b8740a SHA1: e7388a06ddb72b50562db592204560be7eb3f1ca SHA256: 016342f00c4ef0113bc2bcbc30712212e43a39f12164de53523f95553522c99d	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\2mkhjdl keu\woi0_bd.png.jaff	59.35 KB (60776 bytes)	MD5: 985e777c27653642633d85b7ec253184 SHA1: 9e347ab25dcfcc564c9e712fdbe802a2588c9f7c SHA256: bf0ac03353eb8837d03d797223b211b94d33309e3cd900246e12473cd1c0e0cb	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\8adyb9naera\6x7_r.bmp.jaff	93.09 KB (95320 bytes)	MD5: 77e420ae34a16c1de26b04efacbf378c SHA1: 8a868e2778453d0349fff5e49e21570fdb325396 SHA256: be8078c7a59f114507c12095e0b201dfc72a0e1fe2640683ca7ab96f5662b817	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\8adyb9naera\bq9pbh.bmp.jaff	54.62 KB (55928 bytes)	MD5: 6b77ac508dcfe72a014883b22d4eb0a6 SHA1: 5603fa8fe28766899a45eff4dfc6adca718e5225 SHA256: ef78c6ac03447973173a9b537728e2885f5731552e4c0e2c3c60fee303844d5c	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\8adyb9naera\mniph8-7mlmm.jpg.jaff	87.90 KB (90008 bytes)	MD5: b25b87242319b94b703632027eb60dea SHA1: 98d9d097a8ad2418cf055b039afbbe9d7f1bf24c SHA256: 6e69f3ab2bdd469814ba95db9d0509c18bf047e3364fccf77d56c99df5940ede	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\bov2h2b-6i\j zv-iidfs43.jpg.jaff	45.41 KB (46504 bytes)	MD5: 0946b31dafe5b4923564e432f14d14d9 SHA1: 59b70314f2977cbae5366bdb804b3e3e877e8117 SHA256: 526cfe4479c40ebfc85f09a186007d0f3775f928e29bccab70f86af528a9f4cb	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\bov2h2b-6i\nxk3eyv-dbplwqjpc.png.jaff	7.37 KB (7544 bytes)	MD5: da1329dae79f0ce156c61366055dbc6c SHA1: 33bf33f6314c264925899ebe19b1c968e5c89400 SHA256: c62bbcaba670aaaa6e99bc43f4d79c7c7f2267bcba05cf748833fffa35b55601	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\bov2h2b-6i\w 2u3.gif.jaff	75.48 KB (77288 bytes)	MD5: 596f17e2816e4451746c280a84a9606d SHA1: 846269ffcb014bb32024d2ff7d50677d134e6ce4 SHA256: 6b8388599d5720bc7e995be7a911c65332d7e163963c1de8b42e910d86f5f4cd	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\ftu_sbspp96 gl0-x\2rya.png.jaff	7.34 KB (7512 bytes)	MD5: 176fbfb06afa713bd4ef285ac990f3a1 SHA1: 97023dae05a2c704fe60f304c886182768c4da02 SHA256: 36f85d179a1be5d9a6e69ab68388525f3765cb887f0d453ab163e887715a424c	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\ftu_sbspp96 gl0-x\9c3yehr.png.jaff	7.57 KB (7752 bytes)	MD5: 47906839f6b547be9b952cb72e323e86 SHA1: b0ccb47764dbea16d23dffe34b02dc2cb6dc469e SHA256: dcf2dd38906af873ff325284ec7c8c826c3ffb663f45500350a769ee60572ff6	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\ftu_sbspp96 gl0-x\fe75rpu0lk6mmowrz.gif.jaff	99.27 KB (101656 bytes)	MD5: 2e3ce1c7c35438e449d875ca477e92da SHA1: 791362a70c6206c5931e97fbbc9d1079d79ab8a4 SHA256: ecab622a2a7920241abcd42bf790b0324fd54418125e6265a35901c10c396d7d	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\ftu_sbspp96 gl0-x\i8zakuxkq.bmp.jaff	13.91 KB (14248 bytes)	MD5: 46cd37b547c89c714fe7cb7c813e6fbe SHA1: 44f06f383fbe6df159bff4790c41804171eb3f0b SHA256: 39e74068a14b2ceac4fedb192972b4a8cbc38ae5b7c2bea67893d2bebc258878	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\ftu_sbspp96 gl0-x\tjbtyblnbrqjg.png.jaff	71.52 KB (73240 bytes)	MD5: 6a03bd70de5a9167879bd5e6c232e4dc SHA1: ecd9ece489aadc5be2c261c9c88ece004ac7c366 SHA256: 3df6463b1ff42a815094e36dbc4448159ab14f9530404d7e8991d75ea68f8679	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\ftu_sbspp96 gl0-x\vj9c mv an.png.jaff	77.68 KB (79544 bytes)	MD5: ebb243be858e5c9bd92b4658f3a17cf8 SHA1: 385cc4ab54f70b194e90145ca190aced3044944b SHA256: 9a919b16b3d6f8b900d8088b96f75d9eb1ba482c4db97031976ab79e7a953274	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\td4g0ok7\rj_rhv 7.gif.jaff	58.48 KB (59880 bytes)	MD5: 141bda8a2f5709680da6c7eedc2ee599 SHA1: 2c0c86ca579459aa19ba824b0e88acac471554e1 SHA256: e3a3d79cc18ba781f82b9cb2a499513c87ed695278338eb993a842dcc4cc2009	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\td4g0ok7\viypzec6xey2hls1i.bmp.jaff	26.46 KB (27096 bytes)	MD5: 8d160aa62f8bdffd7ddd67232b437a3a SHA1: f3a6291bc87c8eb729a438a218a55c8beec7d440 SHA256: 32e8467548952fea28dd43983b35fb7dee1ca5305d97ea03d2d65b31b8a3f3a3	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\td4g0ok7\wwegtajlvhlr0ha5.png.jaff	61.34 KB (62808 bytes)	MD5: c550ae1fdf99dd80bd2b5a61d776d8b8 SHA1: 9d0e2d3241861dc82a98ab8f2302e080114d174e SHA256: cd7dcb2fff87ddd519f90946cfd5235c14ee67c6497bd49e7d590641bf1bc5d3	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\gx-vluw9gm4-i.swf.jaff	93.71 KB (95960 bytes)	MD5: e12a2976d18566110d1782251f84ae59 SHA1: 8e3453863f3bf95b11c806e7f8a6d3c7bb42bb8e SHA256: 0756322696079f6922d9f5d6d81d32d6726a57f6631a3fa4e78a38e638f72f3b	File Actions Show Properties Download
c:\users\public\music\sample music\kalimba.mp3.jaff	8.02 MB (8414729 bytes)	MD5: 5cb08b4e32cc332dd82c2081d41b8924 SHA1: 822d3762736d5e1baa3757f2ce20f3a5e851f7a9 SHA256: 8685182ccdf80a0edd4e914b393ece5c3c7a243b134d233d350849171757e39b	File Actions Show Properties Download
c:\users\public\music\sample music\maid with the flaxen hair.mp3.jaff	3.92 MB (4114154 bytes)	MD5: fe2d1838713ab55058ba762b9c3b1ce1 SHA1: 34816356b2fffff055241ed3b4fe138311645ab7 SHA256: fb9490e8bdebc7d89f828e4815777ad71991d3ae1ba518e85815b630bced0e0d	File Actions Show Properties Download
c:\users\public\music\sample music\sleep away.mp3.jaff	4.62 MB (4842865 bytes)	MD5: e3b8444d13a3b0cfc7684bf9c2745e20 SHA1: 71f0b6fbb759bfedfe721e17ecb5788f5e765794 SHA256: 45904a9d1feeb47ae25383529391e43ed6ab7c6bb5058ef15a3c6fc2b3f9d60a	File Actions Show Properties Download
c:\users\public\pictures\sample pictures\chrysanthemum.jpg.jaff	859.06 KB (879674 bytes)	MD5: c7cf4e11ac0002249552bbddc1f45390 SHA1: 8682cf627845ec2d4bf13b1d7193242131c9aa37 SHA256: 0c3f03084e89cd0d3d1fd15a07fefd27d6e944f65c652a276c11d2cf316c7c40	File Actions Show Properties Download
c:\users\public\pictures\sample pictures\desert.jpg.jaff	826.39 KB (846221 bytes)	MD5: bfb14d4dd77339befa7ec80ca804fe26 SHA1: b711199df3e927f112fa554dc57285308fac6a73 SHA256: 2157df602531189b3e70e1073cadefe7934e171e54dfa3ec9bd17afe7d1fa11e	File Actions Show Properties Download
c:\users\public\pictures\sample pictures\hydrangeas.jpg.jaff	581.61 KB (595564 bytes)	MD5: d21e7fcafd4fb618574bb8497ef62a44 SHA1: 1446ad0158b6163de25d0322b9dbae13874bbc8e SHA256: 2eb378aaf89c7e17ebc809c1dacdbdea91d044f3586aabaac3ff40c97388469f	File Actions Show Properties Download
c:\users\public\pictures\sample pictures\jellyfish.jpg.jaff	757.79 KB (775982 bytes)	MD5: 4c236364b18da7e9e0f727179b755fa3 SHA1: 3332213036f9a43b359576e65840735c7ecb9219 SHA256: 91b9bb223702598b08dbbae2fd59e9d9b167ed7b6e371a8460e306a06f6d65c7	File Actions Show Properties Download
c:\users\public\pictures\sample pictures\koala.jpg.jaff	762.80 KB (781111 bytes)	MD5: ecfe128e5f0b745f6a21b64a0b58ab21 SHA1: 9c233ee1a29da7a07d773dc76a8e939a32d113a1 SHA256: dc9825b272aafefe7af16a63f4b970718ed038adbf3190d5e3d7d06ec0eedccb	File Actions Show Properties Download
c:\users\public\pictures\sample pictures\lighthouse.jpg.jaff	548.39 KB (561556 bytes)	MD5: 59afab1a85012ed12a2af9f4e7063fa5 SHA1: 89e4eb6b9d76b5672e549fc94b1fae09f0fefe09 SHA256: 4042f18f17edd521fc5db70fee401d16c1d45bbf2dd0b5e8b2471880b7d6b6ac	File Actions Show Properties Download
c:\users\public\pictures\sample pictures\penguins.jpg.jaff	759.88 KB (778115 bytes)	MD5: 55159c4c771bad7ab2a52043b2bc5239 SHA1: d9c9e069b5d8f63badda9e292b3953d29cccb365 SHA256: 8e1c6967bd01e542aa741a2c76dfcbf4473edad725d09120dfe662619aa70b1a	File Actions Show Properties Download
c:\users\public\pictures\sample pictures\tulips.jpg.jaff	606.61 KB (621168 bytes)	MD5: 9b4b58908ee3fc2c831eea3f0ff49362 SHA1: f559974a2302943b09877a24e8b87dc7e1de6aae SHA256: 002296065ef64d580508e36d8add5b06166bbdd93c2d4a9e41fb60e1b24f6633	File Actions Show Properties Download
c:\users\public\videos\sample videos\wildlife.wmv.jaff	10.00 MB (10485760 bytes)	MD5: 7a619710841cba1fee4202023a1855b4 SHA1: 04de215ab7f3f5c1bf3b68881ade56cdc08b312f SHA256: 80d25f1d96929f654a2761e128cb5c4b99f20f716b9ee4f30bda1df97a71d71f	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\25iwwjy-3pagq.mp3.jaff	24.35 KB (24936 bytes)	MD5: a8caa819147977459438de473f800549 SHA1: 3040953b82d0a6f0f2b87e671934da670397557a SHA256: d029add8c78df1577c1ab6855c58e30442e01f2efd6203ffa2dc89581fd834f0	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\2tury79cghuqus.mp3.jaff	56.32 KB (57672 bytes)	MD5: 01dd977dbdc43c41af8225a5860fed13 SHA1: efcce5d98bf5dad7b5c15daf7fb1366fcff1e1e3 SHA256: 3a54f69abe102bd8373443733d9acb6667bee1ac6f943036fb31c29ee4b97acb	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\7d8gxs3ad4wq9x1f8qsk.pptx.jaff	40.46 KB (41432 bytes)	MD5: 2237ce36a570e5a1dfa0acdaaa20a578 SHA1: 2545afb51a009fdbfbdf5a4ab04fece11b7aba45 SHA256: a2369fb6923307a6334d4b3c3bfabe1d07bef9bad1cb13f34f28776e8bf42fb6	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\807b_g7.m4a.jaff	42.40 KB (43416 bytes)	MD5: f1e96c9cdfc8edad4e2847ac7b33b30e SHA1: d5dea03b1e37e915192ec30f8647c17a87ca0578 SHA256: b105a182462a6ebc1bdd175b494f6fa2712b4f3b866b2f9e52feec12b089e2a7	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\8kvnuq6evnti6f.mp3.jaff	64.66 KB (66216 bytes)	MD5: e2617ffcb421bd59a44695b43cb3d5cf SHA1: f45aabaa028701f91c0c126d98f0596bc87fa0f6 SHA256: a692053f0e04657f72c9997a5f2dd43df4d758e9b01a495acbf18c760b9217d1	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\9qkdqfvi15h.rtf.jaff	60.62 KB (62072 bytes)	MD5: 661c466b50dc81b82cf04c63a400ccf0 SHA1: 1fef71596a70a82d87b3548f214c3ee4a03427e3 SHA256: 4520016f863ae6d3a8332d4d16fb101648c36ecabe69ce33b2cdf080dec5b97e	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\bndpg.png.jaff	55.49 KB (56824 bytes)	MD5: 9b64ce399751cdeddc43db81a977dae2 SHA1: 99a9e44df8b546e5f5e98d5d010f620f86423cfa SHA256: c165b25fc359195990281da38c908ae39fb9e5b8f470499cb22ceffdb99c3e79	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\d1cy8i7mvbma.jpg.jaff	54.59 KB (55896 bytes)	MD5: 23058a983b86b8bd385cd6ba87c914d8 SHA1: fefa011a74d0aeb9e9615850682e3560a174a898 SHA256: 56c7a5bff53d3b65c8d94577ed45738d4e81860cdcb7f90d01749a429d03a112	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\dpwp ff8ps.wav.jaff	73.09 KB (74840 bytes)	MD5: 8c7bf3b6ccbef545b94eb7e5beb4cffd SHA1: a15fb0c291296e2e5ad8edab984fa86ea3914426 SHA256: c895a642acbdf6197f47b7dd249b14b56b604a328fbc2f5c4f24f32bbef743cf	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\d_c_tbg.flv.jaff	3.91 KB (4008 bytes)	MD5: b37952dc61464ac61384d8f28ee22bfc SHA1: 12ec842340b63244b6e361e61b7a3cfb00f6e632 SHA256: 7b848a29dc80cf03cdaa131010f8d2477afba2c4841fa9427a849ad90446327f	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\fy mailsz6jwmoh.mkv.jaff	40.96 KB (41944 bytes)	MD5: e6de886d55e2c461a44a4f126d8a2b4b SHA1: 9cfe5c0c779fa1fb9a2745982b2cadf1337d97c0 SHA256: 534ef3335e3eba12cd21e5b8a7314e5912c9dd67b05ddc2d48b831023b151fda	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\fzwr3hmapyqi9.flv.jaff	75.10 KB (76904 bytes)	MD5: dd040884de2e879a1d9d3363a69445e7 SHA1: c396e0f9be0f5ae86790fa6c1c4988cef20aa3e8 SHA256: 99d0e2fc3f8542d7d1cd2c30ee50c229d869eaf4da1929e7637bcdc549105cf2	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\hqr i62b.mp4.jaff	14.32 KB (14664 bytes)	MD5: eec59a345a1e03c955ac068af71b437b SHA1: dd476fd53aa65e30d0302c25cd0f8072eb0fd291 SHA256: 9f62fd32f189bb83a5e2efd69f1370ac7734b60633a63ed5c7f60af86e8412c1	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\hxm3kfko.mp4.jaff	29.76 KB (30472 bytes)	MD5: ae508041928d5623ca89d4f374966d9d SHA1: c4a160338a01b61558e63937040ef5d9fd72c81a SHA256: e886cc7415de8847ae5f2ce8060fe28b30c2b8521995a57c5d39f70cf9801e4e	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\k3idbcbbuolm5w4jw6wp.mkv.jaff	4.43 KB (4536 bytes)	MD5: f0c8731a0a03987573ec492164d094eb SHA1: 55c36336f700adda07b0e5056b156d4c57b13dfd SHA256: 64e8c87a81cd60c5120c83bd304acc2b1071ce30229d0f3a3115323721a6906c	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\kodyrjmty3iavg pwkl.wav.jaff	18.21 KB (18648 bytes)	MD5: 8ef20a12717fbc3fa8f5684be0b5f24e SHA1: f13482717ef48d7f77014d923aac815006e191fd SHA256: 98b96e67ccf66c871a2b70e921961d8b894fed775526fe43a671e91c4a2c13ff	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\lc6xsjo1jf_f.png.jaff	21.49 KB (22008 bytes)	MD5: 677a970450569684b42f8980503f6071 SHA1: 8d1ad46a79efd648f0340083e8b6fab3b163696c SHA256: af4d201d018a6ece6548e39f144d22795210c1d67e167887abfffb297e795929	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\nlq6xeuusf.gif.jaff	72.35 KB (74088 bytes)	MD5: 3609a31547996381a152ae0fee59cba9 SHA1: 13c06c8aff57c40fed4e0b510d7b7d85f08cb01d SHA256: b1dff06e57fb5da50ce19e1cc8b0ac7b2f1d72e10d3876a07cdb8ba373b21c46	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\qjeku93iilfcdvqq7y3.mp3.jaff	98.77 KB (101144 bytes)	MD5: abeeec9dde5ce0c9fbecf95920fd5d44 SHA1: 1048c63788b8dd1473c651c12bd53fe6c7dce3b5 SHA256: 905ef2db32326214dd94446ab355ff1021e95dd1921168d287c9fab9ae06c6ac	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\rd3mj j0466-aphkk.mp4.jaff	24.60 KB (25192 bytes)	MD5: 6d8290fc41fdd6b8adad00e926d454b6 SHA1: 34ab05d2064d707d7ce82ea8c25c858d2f98ad82 SHA256: 1de7fd897f4d02fc139af4419b5b169a2acf45b8789cb80942cfcec2b612472c	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\s6ol7lcgq.bmp.jaff	68.26 KB (69896 bytes)	MD5: 2aba11739841bccb0e11e76b3706d502 SHA1: 91cacbaf65e0acfa298167ed3882587b3bc578c1 SHA256: b759d6d8155fdd50d903db6f90a0b0b7c4ae336039b0753709793edf7f1118f6	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\tvab6xj.docx.jaff	13.52 KB (13848 bytes)	MD5: f9395c3629aa239be9864c2888bf092b SHA1: 7e5bb83bb141b778fe5c3306a6a1dea52d83fffa SHA256: deab7b2cb5ffc296d8ffc57112f6553c744a4ac59f45a0e92316a0c8905f5a5c	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\twlvlbpiyxa8yemvwrrz.png.jaff	39.49 KB (40440 bytes)	MD5: b455fb8fe2d9d2f966552d39a9190186 SHA1: b3602f13abc604ee053c161f9ab675f75c7344fd SHA256: 4fddfca0466f299a418da2550d81e7684f2068cafb77d6ce138cd3a645e6f540	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\ut6y.mp4.jaff	95.95 KB (98248 bytes)	MD5: 093ef130890791845b12dc470f5ee6c4 SHA1: ecc68991d536a691bcca512c55fb938523bd7ff2 SHA256: 0f853068f1e967c6b429c5b9cc580e4e5a2c832c0115ed3a924c5ced16153fd1	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\wutj.doc.jaff	70.12 KB (71800 bytes)	MD5: 7d962df0bfe07c4b0d58dac4b68e5b18 SHA1: 8e5fe4e1244eac3357fd5603235d0d250073256b SHA256: 4c5b82fe0e017038ce04a1f3e234383b599adc33f74be0388dc9cf98f0bce478	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\wxo7h6yuusm6sl38l_c9.bmp.jaff	68.82 KB (70472 bytes)	MD5: 16870a94167cfbdf13c4818acbe53e26 SHA1: ae66a57bfe32fc4198fdabf72068f893a0db30a6 SHA256: 44acd524d4fd7cf33e73bfdbbde15c1258bb7b5f45c1a92d3a98658125cab8f7	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\ybqodn3vz_m9ztqmdgi.ots.jaff	17.04 KB (17448 bytes)	MD5: 95e87639e25efd7e74029bca5912d344 SHA1: 3f19d72b4b7a2e2d1f38dc39b89c193ffffa5518 SHA256: 5e9e742a0344743c810b3621ebd8c8a902ba468fa00debdeef31231292f5c140	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\ynuw44oysqgo.mp3.jaff	71.30 KB (73016 bytes)	MD5: e4c612afc2ecc8937a838e9898b8a52d SHA1: 5c3f72aa00f61a002b8ff1daee5ace1f758a46e2 SHA256: c835d55c864c0c57730a6f09a9f1e89675f605e3158b899dccad58aab6f0624b	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\_iqur.flv.jaff	89.87 KB (92024 bytes)	MD5: 2d0b02aed4a3b25812692e69b9a4f590 SHA1: 9b4e926f02b85160506d95ad308c2f3bb8f4d534 SHA256: 5f431ba76970c319e8b724363ac8a2f1e8f14af5a4eb9ab175930e1841eb6243	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\2rcu06c8tqgzfa\qn-n7xlpzr\leb4 0xkvub.mkv.jaff	45.20 KB (46280 bytes)	MD5: 98592901c1005cdb7ac17983a1c9d5dd SHA1: 72be9462444e0b51e116d12317c0ddb1daa99453 SHA256: 4751cca0cebe57c9f34382a2d30c1f96cd185008d11c75bbf2f37c8997403284	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\2rcu06c8tqgzfa\qn-n7xlpzr\xf hkejz.wav.jaff	6.38 KB (6536 bytes)	MD5: 43f469f8a569fb6c2e17691812604afc SHA1: 526b5e9b21de1ceba45bf91b0273b631ce6e474b SHA256: 3498d7cf3f290632f95610f0120c61f23d2ec2b43c240bd15df1e38ac0cb9ec5	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\2rcu06c8tqgzfa\qn-n7xlpzr\xmctns.pptx.jaff	92.40 KB (94616 bytes)	MD5: a82bb9cbfefe1eeb6e9f8581054fc515 SHA1: 7a967c389d3b541adbe18b3205ee2bb0a265b44d SHA256: 828b3ace5cca33bd15238615c9975c6a9b2cf765d57524c6a7fdb029cd35e648	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\2rcu06c8tqgzfa\qytqmtfgzlfn2m\-tklwbk4-h.jpg.jaff	54.76 KB (56072 bytes)	MD5: b93e54e89fed36ca8c4a408cfc830d7d SHA1: a6879953c1f1f99699d813e30e85a17836525f10 SHA256: 34a7c14919d67a0f0398e774aebd157fa81d8aacf5bba5cfb2af61ec0166fa75	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\2rcu06c8tqgzfa\qytqmtfgzlfn2m\aotjdpnxi6hv.flv.jaff	82.68 KB (84664 bytes)	MD5: 1501f76203fb1acfde22766c35460cb3 SHA1: adfe493127688067a0de68e07e39014eba558a64 SHA256: 3a956fa84e66677644f56570085ad4d2fa6dc004fe5559b35d3dfc4c7c5cb51e	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\2rcu06c8tqgzfa\qytqmtfgzlfn2m\jvrzqr.mp3.jaff	43.99 KB (45048 bytes)	MD5: d0218ed9b7ada1904a1a01d072670141 SHA1: f27d40475ecc14864d3571e600f5e13519d4795e SHA256: dbd1c78803731ddf7cc2c2b979fab62c7bda6fa8a71bdba634f21a2850f9fcfc	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\2rcu06c8tqgzfa\qytqmtfgzlfn2m\mef7grgoeubfwqqgioo8.png.jaff	35.15 KB (35992 bytes)	MD5: b9a8b4d66e37cf7088dd016b309802e2 SHA1: 2009a16655959ca04bc8c9fcdeac6da01afe61cb SHA256: 4216cfb237518c9f207963126f88fbcc1e430d9973c33e4e8defd357ffbe5b9e	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\2rcu06c8tqgzfa\qytqmtfgzlfn2m\ohrlaeg.wav.jaff	57.85 KB (59240 bytes)	MD5: a7441d41c849066887e3a6151b504ec9 SHA1: b8210e03fd3eb24714b2a606c3fc90cce269c4da SHA256: 6704c960b16affe6dfddf77bd53199eb3a85586f66eabfd3788d3c944eabacb0	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\2rcu06c8tqgzfa\qytqmtfgzlfn2m\ppcw3.xlsx.jaff	98.40 KB (100760 bytes)	MD5: 746b4e26e9d66e091badc0bc94e33415 SHA1: cd615c9bf3e7941ef9b8c60b8a5bb1b3e32d856a SHA256: 214d872356dc21711d811f20e462abbb5d7fe4b94d4d2eea4efef6dba532c94c	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\wrzwpq28zvvbh1\-00nrryq7dt82uusij\7lkjh.mp3.jaff	50.63 KB (51848 bytes)	MD5: ba2c755e05100906008890e41b28cf87 SHA1: 2865a46edf7f2e05e31f7f9fb6b6cfd85f0186c3 SHA256: 9c77768e8edb6e2184e8a6df392396f2fc91eb9fd38da79512a1f77ed33a2787	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\wrzwpq28zvvbh1\-00nrryq7dt82uusij\8m6cau-hac1evfz_8w0t.mp3.jaff	92.98 KB (95208 bytes)	MD5: 367a392bcce73cfc8c633a27660572c9 SHA1: 05be1b3200e5cbfa509478676a4602f3a65d29e1 SHA256: 508bbabf145af9e81a7c0ead6103f238e9a261da1cbab30096db2b257b6c0cc5	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\wrzwpq28zvvbh1\-00nrryq7dt82uusij\bgwnt9h.mp3.jaff	17.30 KB (17720 bytes)	MD5: 419b6e023af20ae39afb4be337995586 SHA1: bfcd3f73c291490e274841c00d12ab964521095e SHA256: 0791afa8142cccb9e2cd69f04a047e5944b76969edcebe8710690670e3c0eb01	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\wrzwpq28zvvbh1\-00nrryq7dt82uusij\ffvie4f7dk0a8xtum6j6.m4a.jaff	71.10 KB (72808 bytes)	MD5: 8387fd557c08e19ec26155c458fdb399 SHA1: 12451eaa9ed2580dd98c4f87703b84321ddbdf1c SHA256: 6340f7687ee414e6b2245a9be3ce71841050cac0f9be29d2e86aa94c9801cb90	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\wrzwpq28zvvbh1\-00nrryq7dt82uusij\n9fo.wav.jaff	100.15 KB (102552 bytes)	MD5: 863b0b80eb3609d6129783f927adb3b4 SHA1: 87255ec386d3774012f7bad8c945d30b9e5993b6 SHA256: e0a6e15668c69a86db9cd8e355a86c4f6eaa0b6be4f56fb96bb2b19306ca13b6	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\wrzwpq28zvvbh1\-00nrryq7dt82uusij\s7dfn_p6llzgtckqheb.m4a.jaff	19.16 KB (19624 bytes)	MD5: ec239866c84241f6f2888adf7d86ad44 SHA1: 7d5cb8ef506d909c0f5761ebd0140b1889672415 SHA256: 374d84c101a0467d6a30636743c6665cc5e70721059d24b983eac0dcece761f7	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\wrzwpq28zvvbh1\fjjg-qwv8\amn-wth1wrb6dfr.mp3.jaff	80.45 KB (82376 bytes)	MD5: 97cb84450262a049eeedce5cda25e888 SHA1: a41c635c9e1bdc70f6546da8156fa0a1be141948 SHA256: 11ec05d6844326e916313f60f8abc475bd04256f12814fa917faa84901c18daf	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\wrzwpq28zvvbh1\fjjg-qwv8\bazxn gxgflw0a1u np.m4a.jaff	57.05 KB (58424 bytes)	MD5: 1edceaa76a0e09eca28d0ba6a4a2d6a9 SHA1: 67600afde7ea04e98521e149a235a88a0b40dd2c SHA256: bcb2e8d458ce0c080ab48278715295b338f71ffbf8e7466f1d4cc8d828556c45	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\wrzwpq28zvvbh1\fjjg-qwv8\ednqhxc21yvjsmfmk.m4a.jaff	5.52 KB (5656 bytes)	MD5: 20ac5d8074922e30b2b71efe38049b75 SHA1: 6ea4d6cbd5eac530aeaa0485b5577c230990a688 SHA256: 01cf53e8a46a3eb97fc51720ff4deb04b9c401e08cde68127a2e91a64bb35e21	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\wrzwpq28zvvbh1\fjjg-qwv8\hmgoybap7aagi1.m4a.jaff	51.18 KB (52408 bytes)	MD5: fe6cf73e76d08cbabaaf92838756614f SHA1: 4375d7f0e3260b6a9c6d83fe20a18bcb8a161073 SHA256: 4b8dbe2cfb21743da14521821e925eb1364beb4fea588978ed7865f3fa206577	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\wrzwpq28zvvbh1\fjjg-qwv8\mjr8y8ic0 m1u_i.wav.jaff	85.54 KB (87592 bytes)	MD5: 1109a8307aa28d3cedfc00a63f8de502 SHA1: 4404a35133027ffe89fed06ed4308bec9dce1b81 SHA256: 789050898f965be92ea1379f6abd21985f366da87e79a2e0e0cd3319931e7b2d	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\wrzwpq28zvvbh1\fjjg-qwv8\mvgutwkq9.mp3.jaff	7.40 KB (7576 bytes)	MD5: 78825331ac09e33c38b125f47d3a16b6 SHA1: c718726a1e7d9d41deebd71fa97bebfc46128dba SHA256: c3cddebdf48c0e4878c4d961a720444f3bf000afd5d9b4399b67f49b43540445	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\wrzwpq28zvvbh1\fjjg-qwv8\qbc4gwz 57qjsfv8q.wav.jaff	92.13 KB (94344 bytes)	MD5: 0d8452b39321ab8b30d5237d10db07f8 SHA1: d98924293f84db1db32eee77c0d77981db82f21b SHA256: 781f631da7090538e2ce5ed1ca2debbb90b240ca51032c5cc09118fba58db955	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\8adyb9naera\mi66i\1xet6x26pu91dvww7.png.jaff	87.55 KB (89656 bytes)	MD5: cb80f55b14fed35e0c5f3757ceab673d SHA1: e6bb26d1bb9c4e253404a10747032258c17950ed SHA256: de2785f4cea3c22758e32d0bdb28ab5fafa4fb1fa4f1c7506f1dbc926aafe1d8	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\8adyb9naera\mi66i\75um7.gif.jaff	75.90 KB (77720 bytes)	MD5: c5305101e31a6b1414b882da676d3361 SHA1: 8f3871ab0af3bcf33d9fbc5bceff4f31de1031f4 SHA256: e2dd02e3b9c9b51a73c6f83673e4d38d3fdc32397a91223af6960c9fafceeba4	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\8adyb9naera\mi66i\cmhjyxt4j.jpg.jaff	51.24 KB (52472 bytes)	MD5: 52b9f0fdc18ba6bee15f6524e83c5968 SHA1: c7c924396c30af52f0721d08a1fb7e8f23be0eaf SHA256: 94ba68d12b8746eb5564e4a58f69241e8e39ade14f257dc85658f763e7be9d49	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\8adyb9naera\mi66i\gmspn3_m.bmp.jaff	7.85 KB (8040 bytes)	MD5: 068f8746fb5518777b28472622f74070 SHA1: 17d25d39d4b1b4cf7ea895d687d2d4e097e7a6af SHA256: 48fdd9be4e29da573aae249b487c5c222b2bdbf174b63f717ec4a13aa8dba939	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\8adyb9naera\mi66i\hu9x.gif.jaff	56.77 KB (58136 bytes)	MD5: 620be654dcd7b5e3a516cb6565473d52 SHA1: ead61181a114a7dd961ce380e253dedb7b599b65 SHA256: ac8ffbdc23ae4eb2be7bc6423c7db0003c197fdc0d054ff2323432cc68451603	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\8adyb9naera\mi66i\pg-hv2okdewmgefa4p7.jpg.jaff	24.91 KB (25512 bytes)	MD5: 7bfa7743ba51b02b5c1110077436b7d0 SHA1: 19e5b7cfd9987abb5714572fe8be76e3450410ec SHA256: c29cb4d27f567a29d4c00d8242cbcec31562ad683bb1da88fbcab0749f0ba47f	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\8adyb9naera\mi66i\qzrpesrwz69yurq.png.jaff	56.96 KB (58328 bytes)	MD5: fcdbf38f1985b77d5ed09d3989b6bba4 SHA1: 9a3584a8b0964fbb3b68623e80c1d679b5d65379 SHA256: ef1f6e3a063ebb500b6481ffc2eae435228e38c28ecb5ca45f3a6fb11efbeea1	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\td4g0ok7\v5gmvnqsuff\hby9cp.gif.jaff	59.68 KB (61112 bytes)	MD5: 649d8f7c7294ff5e175209a25680d8a2 SHA1: 0b42b3a68cf4c57d0b8ae106fa0b573557641b49 SHA256: d6971523155ee1d3dad0de46db0eed6fcccf4cc2e491eabde93a2c04a874aaea	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\td4g0ok7\v5gmvnqsuff\lp8nfkv.gif.jaff	27.49 KB (28152 bytes)	MD5: 25436f2950325978f29cc7fda8ab9d76 SHA1: 002784b3cd4421f731f35c8d12c6a4ee74fa6719 SHA256: d13655837212175ebac203b392774cefe274c919868669426b5d692062c1eb1a	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\td4g0ok7\v5gmvnqsuff\nvo8i.jpg.jaff	26.90 KB (27544 bytes)	MD5: c627ed7cf557621e8e8c39138bf6f9b1 SHA1: 120ad4cd4b91675783b1968913a51d519b42f42b SHA256: 45bf615e0003eddbab838037ba758b6198521cdce830f7d0e45d3564cffa5122	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\td4g0ok7\v5gmvnqsuff\nvouxpy4tvovdpqb.bmp.jaff	17.30 KB (17720 bytes)	MD5: 6069966ccb84ee2573379eaa00150894 SHA1: 850b8466f9de012861aa912709b0d21452c9afe4 SHA256: 215aadc5bfcf5408e971e29963bd985157df3d53e281c448fe594ae092a7adc7	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\td4g0ok7\v5gmvnqsuff\pdet.gif.jaff	41.13 KB (42120 bytes)	MD5: d55e0c2a43b15bb3965e98b3ddb67efb SHA1: 04b4bfe8b3ac43565869b26eb9509fe9d3166929 SHA256: befdd41b86a25adecf8fc873a08e29ca776257739bec99332784eb4858cb2400	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\pictures\td4g0ok7\v5gmvnqsuff\xbei.gif.jaff	24.95 KB (25544 bytes)	MD5: 351c19ba57dd26155d27d8672d03e827 SHA1: d6f2c4acf2e57a202048f136f09d28ced71c3d11 SHA256: 62b6fc18fb8c120e1b84cd33eef0db1314486b852fd7904ff322aa6576e7222b	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\0qdiglfge pdg_2\8mpo5nk79lqh.mp4.jaff	28.80 KB (29496 bytes)	MD5: 42af7b462aaf6597f8f5281947d28a8b SHA1: 629dc60739996944b6375cdaff6b4c6f59b22d9f SHA256: 4dd576508f6691ebcc3195e0744c64b714764cf72c1d68418e022fc0dc3a031e	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\0qdiglfge pdg_2\d3wit0aa7tyhj.mkv.jaff	100.15 KB (102552 bytes)	MD5: 8346a172246687d2ccda946ccefbbdea SHA1: 7c25b5fe7cc016ca9d431b97fdaad87b988ed6e9 SHA256: 045abf6901a62ed6410516254d810d3ceeaadcd9ee3c8ab1de4ddb1fca86b464	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\0qdiglfge pdg_2\njawck.mkv.jaff	72.76 KB (74504 bytes)	MD5: dc550deaff133635061cdae16ea9cd21 SHA1: f03b4eec54acf918d2a820216f808fc6c6264e67 SHA256: 83cf4fe7804eddf9983cf1615ecc186dc4d4560ac97f5f1f3b245236d94f4911	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\0qdiglfge pdg_2\rnelohnsrdedx.mp4.jaff	67.54 KB (69160 bytes)	MD5: 4d500db30e4fe6eb9c00bba32569ea7e SHA1: a2f838756609565012b31b7cfb3d7f44ce7828ee SHA256: 76734db5e87c0d9cd1e20d2d065026084d25c32a2b290d2f7fdf69a494245b69	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\ohlzvqs lugjien\kn2rumq8ey0hdzw.avi.jaff	28.12 KB (28792 bytes)	MD5: 2ba1ff235d2f5e445542809520e02649 SHA1: f5f4b02409512deb22216d9b320e6f9ca1d4d95a SHA256: ee6653be5633c426faa1131554fc54a2354361e77457d0c1aa47e9bfb514da6b	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\ohlzvqs lugjien\x6iqc8ooclad.flv.jaff	50.41 KB (51624 bytes)	MD5: 7b08ecd80e248f985af29bf014b5212a SHA1: a9e1aecc6cf5998367942bfe3c45f177ddee9711 SHA256: 39d2cd2792f54b1de4415ea42e63d5ce3e9dcce124b53c13446f283d80a8fd4c	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\vhmwv\5eqwa.avi.jaff	86.23 KB (88296 bytes)	MD5: 316d30c694b7972079d603f2a6d78a14 SHA1: 2f20994f2d516e0e13b061b0d391ebd4ef009635 SHA256: 885b489f5efc0d9a516fb96ffa2193a62640d36beb16cc5ff6945e583aed3869	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\vhmwv\e_uvzw.avi.jaff	17.52 KB (17944 bytes)	MD5: 70f3356a480a67665cdab8ab7f660e7f SHA1: e4ad9d4c6015913869e0324f16916278ea1d3b26 SHA256: 8c0bb7e65128a2534b1aac4f3d9d6e41fd785e234d7dc3aa421d84a73ab464fb	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\vhmwv\vrvz8o2uc.avi.jaff	21.84 KB (22360 bytes)	MD5: 0886ac6d8b4e5613cf10d6f6feeaef7a SHA1: 34113b2c6bb19f915b06af6b5d8d4e263e89b844 SHA256: e0c3943e3d2eab6a1f695072b0154503d60593ae24d0e81d9c684d0134fd130c	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\vhmwv\xjxddwnnr.mp4.jaff	56.65 KB (58008 bytes)	MD5: c253265278371833f5192a5c6ea0651a SHA1: c5295bd2ac568a0146da605f661a86ad98847ad6 SHA256: d85c0c0e839cdbe5a814d92251a8015e245913e218cedef50718c146f16cb066	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\internet explorer\brndlog.bak.jaff	12.18 KB (12472 bytes)	MD5: c9cb1f7128b43a1aa467e34787209926 SHA1: 9608f879d616cfa93522d6d07119784533469100 SHA256: c01d4dd130efb17750823e1e7d807fd9cb20e2eeb9c540758f3f9f1b4f794039	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\internet explorer\brndlog.txt.jaff	12.18 KB (12472 bytes)	MD5: 9aaa605e4b2ced52424d2714c15116a6 SHA1: 2c2ef9f931115dd73955c281c1c73493323f5341 SHA256: d9d14bfa48033f19a5534ec9a04fe2b970ff6ba5fbaf5495c8a94eddbc0b27ad	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\internet explorer\frameiconcache.dat.jaff	9.10 KB (9320 bytes)	MD5: 3bc7963119326164355250d1d2bc5efa SHA1: dfe16361e8405d60d0b931aa633d51f17539ad0b SHA256: 71cbe02755ee57d24c8362101e7f83090f6c3566ce45e67dc28d0a677fc9038c	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\internet explorer\msimgsiz.dat.jaff	16.27 KB (16664 bytes)	MD5: bfe0b74de3e146375092f909be51ed7d SHA1: 6870a7e1cbd2b1b91f9b9416ac165acc00e408fd SHA256: 213c7edec896043089acc36cbc49db11be468677f437cb79ab974edd7c40b5ba	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\visio\content15.dat.jaff	336.04 KB (344104 bytes)	MD5: e87fb0b6ee76f6d5a3131d8cbad17f4a SHA1: 10185db3f6687c247e2351ff52a8c572a633425e SHA256: 6a485d84fdb52c03cc508c84a6ee51c604d2498ad5116e74f6b07df955bc9087	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows mail\edb.log.jaff	2.00 MB (2097432 bytes)	MD5: bb6f57b22152b8bf242629e5c3f093df SHA1: d7e8f0a8c19dfb9d51bb5abf6450835416b0acf0 SHA256: 596e628db4c8bcf50cc20e925a1b63ff05e2412a811318458ea74c4612b98e7b	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows mail\edb00001.log.jaff	2.00 MB (2097432 bytes)	MD5: f26a5d5869e2b8431b01f73f1b29edbe SHA1: 460cde42fc5b4d3a97b612c5cffeaceaa6c7d5eb SHA256: a3397ba158175f151a917c2f5d370da15c660b4ddebbe34d0bbe12c473257583	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows mail\backup\old\edb00001.log.jaff	2.00 MB (2097432 bytes)	MD5: f26a5d5869e2b8431b01f73f1b29edbe SHA1: 460cde42fc5b4d3a97b612c5cffeaceaa6c7d5eb SHA256: a3397ba158175f151a917c2f5d370da15c660b4ddebbe34d0bbe12c473257583	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows mail\oeold.xml.jaff	0.52 KB (536 bytes)	MD5: 338a56cac371219404ea97bfad5cb6c9 SHA1: b42395989c4dd3608440f047b7191170cf8b7485 SHA256: 93e1c94e703ee1dd5cb88a3e39b08ce73ebd5150fa933bf985af976b5749123e	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows mail\windowsmail.pat.jaff	0.27 KB (280 bytes)	MD5: b40cc81608389c15290165401b25a9da SHA1: 80eadf383ab4af22fdda456877bdcaa472d8aef3 SHA256: 9c22afb831440193af1d02b2cc131c1595ab2f84733155f596080c22034e517e	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\temp\low\javadeployreg.log.jaff	0.45 KB (456 bytes)	MD5: b10f79f6b8a937e2fddf5b63f010cc71 SHA1: 470a61fb7547d968758b9fc24f32fae2be4d2aa5 SHA256: d7f8f7254e45a7de7456b23d7790dcb3cde79925f95e9063cf055b3733f995b4	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\2rcu06c8tqgzfa\qytqmtfgzlfn2m\nmu6klex0kn4\c5wo.flv.jaff	22.99 KB (23544 bytes)	MD5: 9a45b185b8549f7b6ea34c86631d6f05 SHA1: ca77370db9f363276bdd847b4a72cc81732ea96f SHA256: 0f1d79e2b7e1849dab59c408a00b9f4f6bc6f359ec8ada83d5c0b4a8af700dbd	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\2rcu06c8tqgzfa\qytqmtfgzlfn2m\nmu6klex0kn4\dc6m-r2godh.mp3.jaff	61.93 KB (63416 bytes)	MD5: 2fe0e0bcf84765e1c22608ad7994f674 SHA1: 1e422f68b6edd42e0f3e9f53230391a0de2f006d SHA256: c6360f4796ba17f149316696823a5131c8f987ea12a3763f70aed80f285674f9	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\2rcu06c8tqgzfa\qytqmtfgzlfn2m\nmu6klex0kn4\mp8kufzseyfoa.png.jaff	49.99 KB (51192 bytes)	MD5: 4c663caf12e160a1d905d23af1b778ba SHA1: 08e0d54733072c633277bce0a2071553e0ddaebe SHA256: bcb26e7f38a8e5d0c1df94a73fdbc7cd8a50b2d9bc8197e140d86c28f65134c5	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\2rcu06c8tqgzfa\qytqmtfgzlfn2m\nmu6klex0kn4\u_v4i6qq5l8xduglye.csv.jaff	93.77 KB (96024 bytes)	MD5: 010e00c38807a93ebf2557e25fdd1e4d SHA1: b22ad919ed6cd0f31d2a7668ad5f687e5d63c075 SHA256: 8fb25e72e94aedd374ab05cce983b9b63ec833d732a8fd928e80c6190cd39018	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\desktop\2rcu06c8tqgzfa\qytqmtfgzlfn2m\nmu6klex0kn4\wazprte.gif.jaff	48.29 KB (49448 bytes)	MD5: a58bc2423ee14b7d50459d275818618e SHA1: b1949a3b741f3e2cc90a0c767e536d89bb43600a SHA256: b1076697b7df4aa4d9c2aca3063a47570642524997283ed2ae5bc48b5d95afe1	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\wrzwpq28zvvbh1\fjjg-qwv8\c3qss\4eb2v.wav.jaff	98.88 KB (101256 bytes)	MD5: 9b4f98c19a65cd4291634ed05ea6db54 SHA1: 068766a455ce83e4903057d4bfb7ddbb78355d19 SHA256: 39a45d1f934d6cc609e50eacbadb9a99bc096991da1b8625578e95f738019366	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\wrzwpq28zvvbh1\fjjg-qwv8\c3qss\6n8odrbhbjkqnztaod.wav.jaff	19.24 KB (19704 bytes)	MD5: 6dea354b11aac3a36043c80bbfd0e6c1 SHA1: 2fed3c7c872c07d3cb53102f3f2e23da1e5b3461 SHA256: 3c65cc594f3709a2905bc03fca880f230266acafb5bce830f4a20f79eef6f2c7	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\wrzwpq28zvvbh1\fjjg-qwv8\c3qss\9g-hkajesesrj.mp3.jaff	49.54 KB (50728 bytes)	MD5: 92953cbc3a2fa055825b0d7e6aea0bb0 SHA1: a293af9b884dce6c1a3ff2b88453aacc15120d6e SHA256: 1b3fc76d9c2f1bd27b5118aa22522e09ca11a03ec0636341eda86e871e3ff7fc	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\wrzwpq28zvvbh1\fjjg-qwv8\c3qss\ferditpbjojmeuzz86.wav.jaff	32.23 KB (33000 bytes)	MD5: 1ad3919bdd8e31b64c845fab9bc2924a SHA1: 1c775d588ff0ff1a64941e52dcd1ce0dce071bcb SHA256: efc28795bab164004057111cc61973ef366a36179af4fc3b4634f6868cddc00c	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\wrzwpq28zvvbh1\fjjg-qwv8\c3qss\ggjex2sru2.m4a.jaff	56.02 KB (57368 bytes)	MD5: 0d4b796949c5a41b3e4f697c8de5fcbc SHA1: 82922efb4c9edc2ca5f02ea6434231350fa21924 SHA256: 9dcedd95e1f6e25d476ab0eef61fb640680a158d0d7b1526fe34d10109f35c28	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\wrzwpq28zvvbh1\fjjg-qwv8\c3qss\ifnzi0pcukphcd.wav.jaff	68.23 KB (69864 bytes)	MD5: af2597d274998cc685ce2c9e3dd9e514 SHA1: 80e3e4fb8ebcf38878089b1371ac032cce6f7bd4 SHA256: df3f883733dbf5ac9c0dfdfbb1ca98e40ea04938ed2364491af6c3cc6c682aaf	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\music\wrzwpq28zvvbh1\fjjg-qwv8\c3qss\tuhf.mp3.jaff	98.99 KB (101368 bytes)	MD5: 6d68e875c47a82fff9ffac401f411553 SHA1: ae7a5a104838b409cb4439a623ac8a27d85d1c3f SHA256: 43e13a0b5bac2adfc7edaf379d742b4bea5576f1ea51fdab621889f5882cd6fe	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\0qdiglfge pdg_2\fabm32saozqvh111b\g4nyf.avi.jaff	34.54 KB (35368 bytes)	MD5: 0a17e6a6a09ee2f6739f446abb86edaf SHA1: 7cc8122b812239c133dff3132d0cd0201e3e64c2 SHA256: 08fb144dbf260d306f1671f04da5a6d1b533dbe9469bc4d13a856f6e1078f181	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\0qdiglfge pdg_2\fabm32saozqvh111b\mub8zw8ua9gcgehvyplb.swf.jaff	95.99 KB (98296 bytes)	MD5: 6569d5768b09c4c3bcf7862f6777cdcd SHA1: 489dbf46588f4e03645d50eea3f6045d4733c140 SHA256: 4555425a7622e8acb499a47c4540c18eb99464ace5adea5d68abe8c3584f7425	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\0qdiglfge pdg_2\fabm32saozqvh111b\rjvmpjz2czqhvr1mwow.mp4.jaff	7.71 KB (7896 bytes)	MD5: a776fa7fa6532b291c32d2cdf4145822 SHA1: 9db0d0988752dbf43f34b40d9ddf18e2998a106e SHA256: e121bb1e4b898196532390e21e37441b4d1bea286e46e8b630a28bf2f3ef5f67	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\0qdiglfge pdg_2\oz7ikz\eaujap.swf.jaff	42.84 KB (43864 bytes)	MD5: f26c5d024dff2b5eeab182eb9d40c8d8 SHA1: 6549d398327462f695d8a2e472f3e2842a37d8d2 SHA256: c9d89d1d37e28fc4fe0d4381f2432bec3406cd6976b931d606f2b7896f6362a1	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\0qdiglfge pdg_2\oz7ikz\owydm.mp4.jaff	81.34 KB (83288 bytes)	MD5: 620d446753ae1a9380460bf21c2b383e SHA1: cdb6f1473d3618589123887a8bdc57e4304f8d40 SHA256: 76b905810c3794331db0ae954bad6d3d70829a094974b4201dadad53c72e268c	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\0qdiglfge pdg_2\oz7ikz\vlj-a72y.mkv.jaff	90.85 KB (93032 bytes)	MD5: 65412aa102666b724c8c8e60404170d2 SHA1: 3586e62596a2330029afbd7f0de12bbfc6655ce4 SHA256: ad4a86ff8c84aa11243cefc6771677d6b5cd6a166f440d8116a86ad19aa61a27	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\1033\structuredqueryschema.bin.jaff	292.41 KB (299432 bytes)	MD5: 7edfbdef4fdba8fc1d8ad29fc09809b5 SHA1: 01329ab25e4c9e40bafacffed73982ca2a9d7906 SHA256: af3f213edb556a2aa1ed43df1be5a952cb0284fdc54015e6ce3da093820b22c9	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\caches\cversions.1.db.jaff	16.27 KB (16664 bytes)	MD5: 71199f0069392ef256384f7a3fe8bfe4 SHA1: 59d537472079d95dfdc917be397b6b08ec872b15 SHA256: 01aa74269159200c5bdb743ba72646e1712ca2e685ed8d4a0cb55edabf61040b	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\caches\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001e.db.jaff	109.93 KB (112568 bytes)	MD5: 8987774073bf45dc6893ff41b6c73406 SHA1: 75d41e1f9d19724d834991466660e39bc23a1bb5 SHA256: 6038477cd32e6442d9d4e65b890ae787e5ccc57223b5666fcd4668b5b206071e	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\caches\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001f.db.jaff	114.24 KB (116984 bytes)	MD5: 3824a6c1335ce48d75b68025f7205910 SHA1: 9c8bee9451a67b6acd63fb7ebe0ce99bcf17ab42 SHA256: ba3cec2d11b09854b8d17a00ed6ff1b1270962ccc413b5dd5a78ab843a69065a	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\explorer\thumbcache_1024.db.jaff	0.02 KB (24 bytes)	MD5: b623140136560adaf3786e262c01676f SHA1: 7143c103e1d52c99eeaa3b11beb9f02d2c50ca3d SHA256: ee3e1212dbd47e058e30b119a92f853d3962558065fa3065ad5c1d47654c4140	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\explorer\thumbcache_256.db.jaff	3.00 MB (3145728 bytes)	MD5: 72e61cd9323f3150fc493b3fe26af05e SHA1: 7b1b3990728169100e163cfb9a5dcf742e018beb SHA256: 9e34fd8111b3119008e6cc56da578a550f50c43cfe8af38a30eab62daa99dae1	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\explorer\thumbcache_32.db.jaff	1.00 MB (1048576 bytes)	MD5: 0a2c09d5667ea2146af1fc733ef1dac4 SHA1: 2c3225153c9bf326db20ae1a15264a8008b49512 SHA256: 921f75969ebb991e13f85d1b95ffd332ff0c25d34d885fa48bc64061e36283cc	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\explorer\thumbcache_96.db.jaff	2.00 MB (2097152 bytes)	MD5: 7b05ad8a594986c6e5495d884adbd5b1 SHA1: 3ffb888f94371612221607389d1e495a5f4da912 SHA256: bb4342c3e1be818073f62dfdfbee0e5df25a1be186c5c869c5e458d791bb3286	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\explorer\thumbcache_idx.db.jaff	6.34 KB (6488 bytes)	MD5: 322dae690f136f710c25396fb8902c31 SHA1: f87c71a7ab1547fcbab0615980c1245a80d4f46d SHA256: bd83b0ec1c4d9e272be473c890d22a87956d9222c91362efc283b53a0d009c49	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows\explorer\thumbcache_sr.db.jaff	0.02 KB (24 bytes)	MD5: 2034995f0bbaa16db835b462eb78152a SHA1: ce19b1a236f95307067d4979f8dd96c70d69c18a SHA256: 62ce260f5e10fc17bf63faafa39912febf61d20fad51cc11606a295801743799	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows media\12.0\wmsdkns.dtd.jaff	0.76 KB (776 bytes)	MD5: cee887237b6cf809459b7dbba2516ef7 SHA1: 7a85f7349b0acc5262a1d301a8230adcba591a75 SHA256: d57348908e38715d696bd5aa50513cf17564a59d35e1ab400f8d35351abf5324	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows media\12.0\wmsdkns.xml.jaff	10.21 KB (10456 bytes)	MD5: 9d7679087ed0960cb7e75eedc631a964 SHA1: a979639507645f0b206f855f6dacbf5c098f4c2b SHA256: c91108590302044ec6c0314d473e6e1a8e73ba4c3ccef461b5ad57beae5e336d	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\roaming\adobe\acrobat\9.0\usercache.bin.jaff	72.73 KB (74472 bytes)	MD5: 8ae2f4d5adfa424a7d99b00e066f11e5 SHA1: 6866addebebd8f437a906d1bb182d2a1caca9f3e SHA256: 9588b2ac9fb89f176fa2afaf6118dac3d2ed34fc9d42e3e82339faefdf9a5339	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\0qdiglfge pdg_2\fabm32saozqvh111b\c7zuk7zj7\a0z-.avi.jaff	68.46 KB (70104 bytes)	MD5: 9e88aa998acdeecd39efbbb66ca1bc4c SHA1: ecbc5daca4cf20cc54b3f730066ad109380ffc24 SHA256: f3ba129c49fa9a5843a33c5f242a49c1e0bf52fffe79e665525a4acd4535bbaa	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\0qdiglfge pdg_2\fabm32saozqvh111b\c7zuk7zj7\prwmgtigqg4.avi.jaff	38.10 KB (39016 bytes)	MD5: b7d7fb6e2a3705b4aff4a3439fe6e56b SHA1: c1288c7a49d3f9068ab555f485c75f5e4d6d499a SHA256: 922a73fba66008a626433b4ec870591bdc1ef75d6d574f6f9fb83f59ebeb0022	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\0qdiglfge pdg_2\fabm32saozqvh111b\c7zuk7zj7\qypdho7od7xua.flv.jaff	35.13 KB (35976 bytes)	MD5: a96e7f9fd05475b7f3f936eb30000146 SHA1: 1b7dc4186dce3079c1ad43441486d86b1f76fef8 SHA256: faae5b66fef515bcb7fbeb8a0e62ab6bd7802b8f27b1876ca1b4edf42163708f	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\0qdiglfge pdg_2\fabm32saozqvh111b\c7zuk7zj7\sind.swf.jaff	100.20 KB (102600 bytes)	MD5: b131b0d545393357cfda5eecdd100a05 SHA1: dde6c62ae68bad9e2111672f6f7ec46227baf2f5 SHA256: 05f5385183157d2237ae515589ad85b49d021b1fe2a35fccad4f7ad5884ed72e	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\0qdiglfge pdg_2\fabm32saozqvh111b\c7zuk7zj7\vzojy6bhhzxmxbpp3-k9.swf.jaff	98.57 KB (100936 bytes)	MD5: d5a584f0308c81363c9999f123456056 SHA1: 56d03c18a9aabb157a3bd23aaa42556e8abaa161 SHA256: 4c928025cfbeba6c141983f1246913ddcfd25ebd36e5f7c22a06f5cc22455fa4	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\0qdiglfge pdg_2\fabm32saozqvh111b\c7zuk7zj7\ywk_ru.avi.jaff	25.35 KB (25960 bytes)	MD5: fcad6a3fea24c639abd3d5a95678fa61 SHA1: 7c3d7332a18bc11a77308b775a66ec476c61142d SHA256: 9a2552f9f8dd24d8510389184418a72fff4fccd9d852a595289149755fca5418	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\0qdiglfge pdg_2\fabm32saozqvh111b\pposqbwff9 hx_18k9\1xylk.swf.jaff	81.88 KB (83848 bytes)	MD5: c6572bbeb8ce19633fe75cbfc05f6978 SHA1: c87b2b8843ccc7220b138cafca026b2bd19c364f SHA256: 7c054b8bb1bb54eb9e2eec6239089b58ce8984c3fd000133766f37fe4ad1972e	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\0qdiglfge pdg_2\fabm32saozqvh111b\pposqbwff9 hx_18k9\6pkolx_e2zkscmmpsjqj.mp4.jaff	74.84 KB (76632 bytes)	MD5: f81dee4b5d4257ff6facecb35af18170 SHA1: f38eae34ce2bde2ce89a29a6c9a8ed1586f86bf4 SHA256: 4fe6a845009e65cae85142d49abc5581f9793ba48399e673231167291f07ff27	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\0qdiglfge pdg_2\fabm32saozqvh111b\pposqbwff9 hx_18k9\dmrwnvh3p_den.avi.jaff	86.12 KB (88184 bytes)	MD5: a1b5c5bcbca2e9a8d43dde91f2d0d990 SHA1: 82e013a9526b7cf75356487ba31a2d38c3e7c554 SHA256: ba7b1840558813bd647bd21fb7c655cc24e476fa353247975ed3e1b5046e124b	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\0qdiglfge pdg_2\fabm32saozqvh111b\pposqbwff9 hx_18k9\hmjnf3vpg4njkp2r-zn.mkv.jaff	99.49 KB (101880 bytes)	MD5: fc2b1e8fd4f7100b496623e9fa5ef7d3 SHA1: 00cfb9a319f86274f40caf5c52c57556643a87fe SHA256: 1844710f0f61f3db1d6601ecf6b1ec4f81fea94bbee7639a5602d7a294441703	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\0qdiglfge pdg_2\fabm32saozqvh111b\pposqbwff9 hx_18k9\unnmvyr_fiyhd2_dw.avi.jaff	43.98 KB (45032 bytes)	MD5: f0561ebcbd089f3f9c7060cb9245b960 SHA1: 621563463b7d97476917ddb24d00299d32f80125 SHA256: 262f06382c34a2e21a7d8a22d1226b38afd5fe869ef2fa28cd1bf010cdf38879	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\0qdiglfge pdg_2\oz7ikz\k-gipj\dxpue9w-p2ua.avi.jaff	88.27 KB (90392 bytes)	MD5: f03fae69450f99ca2efa40258ac8ec7d SHA1: 5317dc25f5413cf34c4dfc7846920f76e527fcc3 SHA256: 3b3a4e4542b8673f67797a0daedbf22b531e00cbe62bc239f39cf841dc6a231f	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\0qdiglfge pdg_2\oz7ikz\k-gipj\eurjei.flv.jaff	46.15 KB (47256 bytes)	MD5: 4ff4ef0b147702afb14656a6e4c6d2ff SHA1: 94d5c7beb02b92e5e8a6a69c15ed05d9637994ee SHA256: 3c9961c8d4a7b48fdb869d42eba33dc2e74418f6db7238966c2cb4da8b319b34	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\0qdiglfge pdg_2\oz7ikz\k-gipj\moelio.swf.jaff	86.66 KB (88744 bytes)	MD5: 218ec5b64f1ebf936f0a5ea9d661f82a SHA1: c7b8bd63300bd2a4400b61b24f323063030f1a4f SHA256: 2383fe065a2a144a618e51a6207f0f70e4bee3fc2586762aee810dcd4b5f18cd	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\videos\apbtr5g-zxofz\0qdiglfge pdg_2\oz7ikz\k-gipj\wn3busqqbb_p_ht.flv.jaff	28.05 KB (28728 bytes)	MD5: 5325cff38d1e8c8cf39309860df7bdfc SHA1: a3b5392ef8c8f21917889e24d7a289fa7785c2f2 SHA256: 62e6762a9bbf45920cf4e93733a6d655ef0286c6a083746eb250b9af45627bef	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\infopath\formcache4\e6d95501.9e0\_scver.dat.jaff	0.27 KB (280 bytes)	MD5: 55423a1f19e451ab3ff61679aca636b6 SHA1: a93792546e09bb5b82470352b67f6d7ad4cb58a6 SHA256: f923769567715fd86bf762d7cd13784c9184c9a28f3ed786a773e3f2fb922545	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\internet explorer\recovery\last active\recoverystore.{0e6e1005-75c5-11e6-a873-0016cfde4bf1}.dat.jaff	3.77 KB (3864 bytes)	MD5: 95b2bda1c63d9abb1ad0b67dbfd19e88 SHA1: 518857bb9070d8ac59a6fe37d3709f765663cc01 SHA256: 3ddd9b17469e71ec16824ef2f9a3f53aa248cfc0c3b110bbc4cc771e531fc2e5	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\internet explorer\recovery\last active\{6ba58160-3b07-11e7-8b06-0009cf77a196}.dat.jaff	6.27 KB (6424 bytes)	MD5: cfb17bc073fa3dc3cea837558ff95d1c SHA1: 5e4013470a1b119d0298ffd6a5df74d6a60542dd SHA256: e82dd340e67ff12dd68408e3c2643f0da0e0311b0450d44880885f563f0a5fc3	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\windows mail\backup\old\windowsmail.pat.jaff	16.27 KB (16664 bytes)	MD5: 5385100e7d7aac98dc32996c56ee4740 SHA1: 7eeb60d1e9e1f7e57b3ff2805463af2c44a95021 SHA256: f93302423c611b2d9ef9bf7e1fe5fe4ae9e8155c1fc1f524e915c8d0bd2be0bb	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\virtualstore\program files\nginx\logs\access.log.jaff	1.49 KB (1523 bytes)	MD5: a38ea92429d60bcf283a0902ec787db7 SHA1: adb69fcf97dcccc1589ec8c33f9454d845894aa6 SHA256: 76aaa3de9ebaedb80cefb14e21d9af8eb587e5c6e50b59dbd56983eac8872522	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\virtualstore\program files\nginx\logs\error.log.jaff	0.48 KB (494 bytes)	MD5: 7cdab4389d49713603e9ccc02524a681 SHA1: 44468db4847a4ab2d2fdb2c342dd85fc7460cfd3 SHA256: 5a1f96793ed4ee65bfb5cb71281f930e29e909cb1704e0d0b905f059535488a8	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\office\15.0\lync\tracing\lync-15.0.4420.1017-office-x64ship-u.etl.bak.jaff	256.27 KB (262424 bytes)	MD5: 6c2a07658545ddaa2e9f8ce768873630 SHA1: 5897340610f9cc47c7a37c5218b172249d4808df SHA256: afa4c362e6a122b3e3d3bf2895c2705151f5375c20cda9b30d01d86956bf2ccf	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\office\15.0\lync\tracing\lync-appsharingmediaprovider-0.appsharingmediaproviderlog.bak.jaff	0.87 KB (888 bytes)	MD5: e01e99bed33f33b4cd59b277e3e8a581 SHA1: 68cb0dec78a8af5f14e8f3da0207ff5ea00ecc78 SHA256: 0400989558d396678253727197abc638ab4738569eb460dc0672990b53e33b21	File Actions Show Properties Download
c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\office\15.0\lync\tracing\lync-uccapi-0.uccapilog.bak.jaff	7.24 KB (7416 bytes)	MD5: 9ed92e6948a431cb02768290dbee0369 SHA1: 68fc2f9235fc6d255ba1f534220d6b9f361d900e SHA256: 5709e66218164aee33ddf59e2380a7987cfbd5fd1f63aa79488345f2e0473fa0	File Actions Show Properties Download

Threads

Thread 0xa68

(Host: 140, Network: 6)

Category	Operation	Information	Count	Logfile
MOD	GET_HANDLE	module_name = c:\users\hjrd1koky ds8lujv\appdata\local\temp\pitupi20.exe, base_address = 0x400000	1	Fn
MOD	LOAD	module_name = msvcrt.dll, base_address = 0x77190000	1	Fn
MOD	LOAD	module_name = m&vcrt.dll, base_address = 0x0	1	Fn
MOD	GET_HANDLE	module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x77780000	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = WriteTapemark, address = 0x7781d2d2	1	Fn
MOD	GET_HANDLE	module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x77780000	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = SMapLS, address = 0x0	1	Fn
MOD	UNMAP	process_name = c:\users\hjrd1koky ds8lujv\appdata\local\temp\pitupi20.exe, os_pid = 0xa64, base_address = 0x400000	1	Fn
MOD	LOAD	module_name = SHLWAPI.dll, base_address = 0x75cc0000	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\shlwapi.dll, function = StrCmpIW, address = 0x75cda147	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindExtensionW, address = 0x75cda1b9	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\shlwapi.dll, function = StrCmpW, address = 0x75cd8277	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\shlwapi.dll, function = StrToIntA, address = 0x75cecd65	1	Fn
MOD	LOAD	module_name = MPR.dll, base_address = 0x72410000	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\mpr.dll, function = WNetOpenEnumW, address = 0x72412f06	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\mpr.dll, function = WNetEnumResourceW, address = 0x72413058	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\mpr.dll, function = WNetCloseEnum, address = 0x72412dd6	1	Fn
MOD	LOAD	module_name = WININET.dll, base_address = 0x75d80000	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\wininet.dll, function = InternetCloseHandle, address = 0x75d9ab49	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenA, address = 0x75daf18e	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenUrlW, address = 0x75dfbe5c	1	Fn
MOD	LOAD	module_name = SHELL32.dll, base_address = 0x76490000	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address = 0x76515708	1	Fn
MOD	LOAD	module_name = KERNEL32.dll, base_address = 0x77780000	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = GlobalAlloc, address = 0x7779588e	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address = 0x77791700	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyW, address = 0x777b3102	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address = 0x77791400	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = PostQueuedCompletionStatus, address = 0x777aef29	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = GlobalFree, address = 0x77795558	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address = 0x777934b0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = FindResourceW, address = 0x77795971	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = LoadResource, address = 0x7779594c	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = LockResource, address = 0x77795959	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = SizeofResource, address = 0x77795ac9	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = FreeResource, address = 0x777ad3db	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemInfo, address = 0x777949ca	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = CreateIoCompletionPort, address = 0x777aeef2	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSection, address = 0x77d72c42	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventW, address = 0x7779183e	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address = 0x77791410	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address = 0x777914c9	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDrives, address = 0x77795371	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeW, address = 0x7779418b	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = WaitForMultipleObjects, address = 0x77794220	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address = 0x77791136	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address = 0x77d745f5	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatW, address = 0x777b828e	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryW, address = 0x77794259	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address = 0x77793f5c	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address = 0x77791282	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = MoveFileExW, address = 0x777a9b2d	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSize, address = 0x7779196e	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address = 0x77793ed3	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address = 0x777917d1	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = GetQueuedCompletionStatus, address = 0x777ad3c3	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address = 0x77794435	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address = 0x777954ee	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address = 0x77795a4b	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = SetEvent, address = 0x777916c5	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedDecrement, address = 0x777913f0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = MulDiv, address = 0x77791b80	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyA, address = 0x777b2a9d	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x777910ff	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpW, address = 0x77795929	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address = 0x7779110c	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address = 0x77794950	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address = 0x7779103d	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address = 0x77797a10	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemPowerStatus, address = 0x777af680	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDefaultLangID, address = 0x777bd346	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLangID, address = 0x777ad5fd	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultUILanguage, address = 0x777944ab	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address = 0x777914e9	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address = 0x77d6e026	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address = 0x777911c0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address = 0x777934d5	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address = 0x77794442	1	Fn
MOD	LOAD	module_name = USER32.dll, base_address = 0x75900000	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\user32.dll, function = wsprintfW, address = 0x7593e061	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\user32.dll, function = FillRect, address = 0x75920eb6	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\user32.dll, function = SetRect, address = 0x75920e1b	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\user32.dll, function = ReleaseDC, address = 0x75917446	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\user32.dll, function = GetDC, address = 0x759172c4	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\user32.dll, function = SystemParametersInfoW, address = 0x759190d3	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\user32.dll, function = IsCharAlphaNumericA, address = 0x75926867	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\user32.dll, function = wsprintfA, address = 0x7592ae5f	1	Fn
MOD	LOAD	module_name = GDI32.dll, base_address = 0x75e80000	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\gdi32.dll, function = GetDeviceCaps, address = 0x75e94de0	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\gdi32.dll, function = CreateDCW, address = 0x75e9e743	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleDC, address = 0x75e954f4	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\gdi32.dll, function = DeleteDC, address = 0x75e958b3	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\gdi32.dll, function = CreateDIBSection, address = 0x75e9ac46	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\gdi32.dll, function = SelectObject, address = 0x75e94f70	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\gdi32.dll, function = GetDIBColorTable, address = 0x75e973b3	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\gdi32.dll, function = CreateSolidBrush, address = 0x75e94f17	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\gdi32.dll, function = DeleteObject, address = 0x75e95689	1	Fn
MOD	LOAD	module_name = ADVAPI32.dll, base_address = 0x77890000	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\advapi32.dll, function = CryptExportKey, address = 0x778991ea	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address = 0x778b779b	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address = 0x7789e124	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address = 0x7789df14	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenKey, address = 0x77898ee9	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyKey, address = 0x7789c51a	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\advapi32.dll, function = CryptGetUserKey, address = 0x778d3228	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\advapi32.dll, function = CryptImportKey, address = 0x7789c532	1	Fn
MOD	LOAD	module_name = ole32.dll, base_address = 0x772c0000	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\ole32.dll, function = CoInitializeEx, address = 0x773009ad	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstance, address = 0x77309d0b	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\ole32.dll, function = OleDraw, address = 0x77340286	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\ole32.dll, function = CreateStreamOnHGlobal, address = 0x772e363b	1	Fn
MOD	LOAD	module_name = OLEAUT32.dll, base_address = 0x75bb0000	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\oleaut32.dll, function = 6, address = 0x75bb3e59	1	Fn
MOD	LOAD	module_name = ntdll.dll, base_address = 0x77d40000	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\ntdll.dll, function = memset, address = 0x77d6df20	1	Fn
SYS	GET_INFO	type = Hardware Information	1	Fn
MOD	GET_HANDLE	module_name = c:\users\hjrd1koky ds8lujv\appdata\local\temp\pitupi20.exe, base_address = 0x400000	3	Fn
COM	CREATE	class_name = HTMLDocument, interface = IHTMLDocument2, cls_context = CLSCTX_INPROC_SERVER	1	Fn
COM	QUERY	class_name = HTMLDocument, interface = IHTMLDocument2, new_interface = IPersistStreamInit,	1	Fn
COM	METHOD	class_name = HTMLDocument, interface = IPersistStreamInit, method = InitNew	1	Fn
COM	METHOD	class_name = HTMLDocument, interface = IPersistStreamInit, method = Load	1	Fn
SYS	SLEEP	duration = 10 milliseconds (0.010 seconds)	1	Fn
COM	METHOD	class_name = HTMLDocument, interface = IHTMLDocument2, method = get_readyState	1	Fn
SYS	SLEEP	duration = 10 milliseconds (0.010 seconds)	1	Fn
COM	METHOD	class_name = HTMLDocument, interface = IHTMLDocument2, method = get_readyState	1	Fn
SYS	SLEEP	duration = 10 milliseconds (0.010 seconds)	1	Fn
COM	METHOD	class_name = HTMLDocument, interface = IHTMLDocument2, method = get_readyState	1	Fn
COM	QUERY	class_name = HTMLDocument, interface = IHTMLDocument2, new_interface = IOleObject,	1	Fn
COM	METHOD	class_name = HTMLDocument, interface = IOleObject, method = SetExtent	1	Fn
MOD	GET_HANDLE	module_name = c:\users\hjrd1koky ds8lujv\appdata\local\temp\pitupi20.exe, base_address = 0x400000	1	Fn
SHARE	ENUMERATE_CONNECTIONS		2	Fn
SHARE	ENUMERATE_CONNECTIONS		2	Fn
SYS	SLEEP	duration = -1 (infinite)	1	Fn
INET	OPEN_CONNECTION		1	Fn
INET	OPEN_URL		1	Fn
FILE	CREATE_DIR	file_name = c:\programdata\rondo	1	Fn
FILE	CREATE	file_name = c:\programdata\rondo\backup.om, desired_access = GENERIC_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	WRITE	size = 2	1	Fn Data
FILE	CREATE	file_name = c:\programdata\rondo\wallpaper.bmp, desired_access = GENERIC_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	WRITE	size = 5185078	1	Fn
MOD	GET_FILENAME	module_name = m&vcrt.dll, file_name = C:\Users\hJrD1KOKY DS8lUjv\AppData\Local\Temp\pitupi20.exe	1	Fn
PROC	CREATE	process_name = cmd.exe \C del \Q \F "C:\Users\hJrD1KOKY DS8lUjv\AppData\Local\Temp\pitupi20.exe", os_tid = 0xb0, os_pid = 0xa94, creation_flags = CREATE_NEW_CONSOLE, CREATE_IDLE_PRIORITY_CLASS, show_window = SW_HIDE	1	Fn

Thread 0xaac

(Host: 8324, Network: 0)

Category	Operation	Information	Count	Logfile
FILE	FIND	file_name = C:\.	1	Fn
FILE	FIND	file_name = C:\*	1	Fn
FILE	FIND	file_name = C:\MSOCache\.	1	Fn
FILE	FIND	file_name = C:\MSOCache\*	1	Fn
FILE	FIND	file_name = C:\PerfLogs\.	1	Fn
FILE	FIND	file_name = C:\PerfLogs\*	1	Fn
FILE	FIND	file_name = C:\Program Files\.	1	Fn
FILE	FIND	file_name = C:\Program Files\*	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\.	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\*	1	Fn
FILE	FIND	file_name = C:\ProgramData\.	1	Fn
FILE	FIND	file_name = C:\ProgramData\*	1	Fn
FILE	FIND	file_name = C:\Users\.	1	Fn
FILE	FIND	file_name = C:\Users\*	1	Fn
FILE	FIND	file_name = C:\Windows\.	1	Fn
FILE	MOVE	destination_file_name = c:\windows\dtcinstall.log.jaff, source_file_name = c:\windows\dtcinstall.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\mib.bin.jaff, source_file_name = c:\windows\mib.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\pfro.log.jaff, source_file_name = c:\windows\pfro.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\professional.xml.jaff, source_file_name = c:\windows\professional.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\setupact.log.jaff, source_file_name = c:\windows\setupact.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\setuperr.log.jaff, source_file_name = c:\windows\setuperr.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\starter.xml.jaff, source_file_name = c:\windows\starter.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\tssysprep.log.jaff, source_file_name = c:\windows\tssysprep.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\windowsupdate.log.jaff, source_file_name = c:\windows\windowsupdate.log	1	Fn
FILE	CREATE	file_name = c:\windows\readme.bmp, desired_access = GENERIC_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	CREATE	file_name = c:\windows\readme.html, desired_access = GENERIC_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	CREATE	file_name = c:\windows\readme.txt, desired_access = GENERIC_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	FIND	file_name = C:\Windows\*	1	Fn
FILE	FIND	file_name = C:\Program Files\Common Files\.	1	Fn
FILE	FIND	file_name = C:\Program Files\Common Files\*	1	Fn
FILE	FIND	file_name = C:\Program Files\DVD Maker\.	1	Fn
FILE	FIND	file_name = C:\Program Files\DVD Maker\*	1	Fn
FILE	FIND	file_name = C:\Program Files\Internet Explorer\.	1	Fn
FILE	FIND	file_name = C:\Program Files\Internet Explorer\*	1	Fn
FILE	FIND	file_name = C:\Program Files\Microsoft Analysis Services\.	1	Fn
FILE	FIND	file_name = C:\Program Files\Microsoft Analysis Services\*	1	Fn
FILE	FIND	file_name = C:\Program Files\Microsoft Office\.	1	Fn
FILE	FIND	file_name = C:\Program Files\Microsoft Office\*	1	Fn
FILE	FIND	file_name = C:\Program Files\Microsoft SQL Server\.	1	Fn
FILE	FIND	file_name = C:\Program Files\Microsoft SQL Server\*	1	Fn
FILE	FIND	file_name = C:\Program Files\Microsoft.NET\.	1	Fn
FILE	FIND	file_name = C:\Program Files\Microsoft.NET\*	1	Fn
FILE	FIND	file_name = C:\Program Files\MSBuild\.	1	Fn
FILE	FIND	file_name = C:\Program Files\MSBuild\*	1	Fn
FILE	FIND	file_name = C:\Program Files\nginx\.	1	Fn
FILE	FIND	file_name = C:\Program Files\nginx\*	1	Fn
FILE	FIND	file_name = C:\Program Files\Reference Assemblies\.	1	Fn
FILE	FIND	file_name = C:\Program Files\Reference Assemblies\*	1	Fn
FILE	FIND	file_name = C:\Program Files\Uninstall Information\.	1	Fn
FILE	FIND	file_name = C:\Program Files\Uninstall Information\*	1	Fn
FILE	FIND	file_name = C:\Program Files\Windows Defender\.	1	Fn
FILE	FIND	file_name = C:\Program Files\Windows Defender\*	1	Fn
FILE	FIND	file_name = C:\Program Files\Windows Journal\.	1	Fn
FILE	FIND	file_name = C:\Program Files\Windows Journal\*	1	Fn
FILE	FIND	file_name = C:\Program Files\Windows Mail\.	1	Fn
FILE	FIND	file_name = C:\Program Files\Windows Mail\*	1	Fn
FILE	FIND	file_name = C:\Program Files\Windows Media Player\.	1	Fn
FILE	FIND	file_name = C:\Program Files\Windows Media Player\*	1	Fn
FILE	FIND	file_name = C:\Program Files\Windows NT\.	1	Fn
FILE	FIND	file_name = C:\Program Files\Windows NT\*	1	Fn
FILE	FIND	file_name = C:\Program Files\Windows Photo Viewer\.	1	Fn
FILE	FIND	file_name = C:\Program Files\Windows Photo Viewer\*	1	Fn
FILE	FIND	file_name = C:\Program Files\Windows Portable Devices\.	1	Fn
FILE	FIND	file_name = C:\Program Files\Windows Portable Devices\*	1	Fn
FILE	FIND	file_name = C:\Program Files\Windows Sidebar\.	1	Fn
FILE	FIND	file_name = C:\Program Files\Windows Sidebar\*	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Adobe\.	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Adobe\*	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Common Files\.	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Common Files\*	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Google\.	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Google\*	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Internet Explorer\.	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Internet Explorer\*	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Java\.	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Java\*	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Microsoft Analysis Services\.	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Microsoft Analysis Services\*	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Microsoft Office\.	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Microsoft Office\*	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Microsoft SQL Server\.	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Microsoft SQL Server\*	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Microsoft.NET\.	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Microsoft.NET\*	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Mozilla Firefox\.	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\mozilla firefox\install.log.jaff, source_file_name = c:\program files (x86)\mozilla firefox\install.log	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\mozilla firefox\mozilla.cfg.jaff, source_file_name = c:\program files (x86)\mozilla firefox\mozilla.cfg	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\mozilla firefox\voucher.bin.jaff, source_file_name = c:\program files (x86)\mozilla firefox\voucher.bin	1	Fn
FILE	CREATE	file_name = c:\program files (x86)\mozilla firefox\readme.bmp, desired_access = GENERIC_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	CREATE	file_name = c:\program files (x86)\mozilla firefox\readme.html, desired_access = GENERIC_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	CREATE	file_name = c:\program files (x86)\mozilla firefox\readme.txt, desired_access = GENERIC_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Mozilla Firefox\*	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Mozilla Maintenance Service\.	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Mozilla Maintenance Service\*	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\MSBuild\.	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\MSBuild\*	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Reference Assemblies\.	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Reference Assemblies\*	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Uninstall Information\.	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Uninstall Information\*	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Windows Defender\.	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Windows Defender\*	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Windows Mail\.	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Windows Mail\*	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Windows Media Player\.	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Windows Media Player\*	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Windows NT\.	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Windows NT\*	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Windows Photo Viewer\.	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Windows Photo Viewer\*	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Windows Portable Devices\.	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Windows Portable Devices\*	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Windows Sidebar\.	1	Fn
FILE	FIND	file_name = C:\Program Files (x86)\Windows Sidebar\*	1	Fn
FILE	FIND	file_name = C:\ProgramData\Adobe\.	1	Fn
FILE	FIND	file_name = C:\ProgramData\Adobe\*	1	Fn
FILE	FIND	file_name = C:\ProgramData\Microsoft Help\.	1	Fn
FILE	FIND	file_name = C:\ProgramData\Microsoft Help\*	1	Fn
FILE	FIND	file_name = C:\ProgramData\Mozilla\.	1	Fn
FILE	FIND	file_name = C:\ProgramData\Mozilla\*	1	Fn
FILE	FIND	file_name = C:\ProgramData\Oracle\.	1	Fn
FILE	FIND	file_name = C:\ProgramData\Oracle\*	1	Fn
FILE	FIND	file_name = C:\ProgramData\Package Cache\.	1	Fn
FILE	FIND	file_name = C:\ProgramData\Package Cache\*	1	Fn
FILE	FIND	file_name = C:\ProgramData\regid.1991-06.com.microsoft\.	1	Fn
FILE	FIND	file_name = C:\ProgramData\regid.1991-06.com.microsoft\*	1	Fn
FILE	FIND	file_name = C:\Users\Default\.	1	Fn
FILE	MOVE	destination_file_name = c:\users\default\ntuser.dat.log.jaff, source_file_name = c:\users\default\ntuser.dat.log	1	Fn
FILE	CREATE	file_name = c:\users\default\readme.bmp, desired_access = GENERIC_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	CREATE	file_name = c:\users\default\readme.html, desired_access = GENERIC_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	CREATE	file_name = c:\users\default\readme.txt, desired_access = GENERIC_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	FIND	file_name = C:\Users\Default\*	1	Fn
FILE	FIND	file_name = C:\Users\hJrD1KOKY DS8lUjv\.	1	Fn
FILE	FIND	file_name = C:\Users\hJrD1KOKY DS8lUjv\*	1	Fn
FILE	FIND	file_name = C:\Users\Public\.	1	Fn
FILE	FIND	file_name = C:\Users\Public\*	1	Fn
FILE	FIND	file_name = C:\Windows\addins\.	1	Fn
FILE	FIND	file_name = C:\Windows\addins\*	1	Fn
FILE	FIND	file_name = C:\Windows\AppCompat\.	1	Fn
FILE	FIND	file_name = C:\Windows\AppCompat\*	1	Fn
FILE	FIND	file_name = C:\Windows\AppPatch\.	1	Fn
FILE	FIND	file_name = C:\Windows\AppPatch\*	1	Fn
FILE	FIND	file_name = C:\Windows\Boot\.	1	Fn
FILE	FIND	file_name = C:\Windows\Boot\*	1	Fn
FILE	FIND	file_name = C:\Windows\Branding\.	1	Fn
FILE	FIND	file_name = C:\Windows\Branding\*	1	Fn
FILE	FIND	file_name = C:\Windows\CSC\.	1	Fn
FILE	FIND	file_name = C:\Windows\CSC\*	1	Fn
FILE	FIND	file_name = C:\Windows\Cursors\.	1	Fn
FILE	FIND	file_name = C:\Windows\Cursors\*	1	Fn
FILE	FIND	file_name = C:\Windows\debug\.	1	Fn
FILE	MOVE	destination_file_name = c:\windows\debug\passwd.log.jaff, source_file_name = c:\windows\debug\passwd.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\debug\sammui.log.jaff, source_file_name = c:\windows\debug\sammui.log	1	Fn
FILE	CREATE	file_name = c:\windows\debug\readme.bmp, desired_access = GENERIC_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	CREATE	file_name = c:\windows\debug\readme.html, desired_access = GENERIC_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	CREATE	file_name = c:\windows\debug\readme.txt, desired_access = GENERIC_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	FIND	file_name = C:\Windows\debug\*	1	Fn
FILE	FIND	file_name = C:\Windows\diagnostics\.	1	Fn
FILE	FIND	file_name = C:\Windows\diagnostics\*	1	Fn
FILE	FIND	file_name = C:\Windows\DigitalLocker\.	1	Fn
FILE	FIND	file_name = C:\Windows\DigitalLocker\*	1	Fn
FILE	FIND	file_name = C:\Windows\Downloaded Program Files\.	1	Fn
FILE	FIND	file_name = C:\Windows\Downloaded Program Files\*	1	Fn
FILE	FIND	file_name = C:\Windows\ehome\.	1	Fn
FILE	MOVE	destination_file_name = c:\windows\ehome\ehexthost.exe.config.jaff, source_file_name = c:\windows\ehome\ehexthost.exe.config	1	Fn
FILE	MOVE	destination_file_name = c:\windows\ehome\ehrec.exe.config.jaff, source_file_name = c:\windows\ehome\ehrec.exe.config	1	Fn
FILE	MOVE	destination_file_name = c:\windows\ehome\ehrecvr.exe.config.jaff, source_file_name = c:\windows\ehome\ehrecvr.exe.config	1	Fn
FILE	MOVE	destination_file_name = c:\windows\ehome\ehsched.exe.config.jaff, source_file_name = c:\windows\ehome\ehsched.exe.config	1	Fn
FILE	MOVE	destination_file_name = c:\windows\ehome\ehshell.exe.config.jaff, source_file_name = c:\windows\ehome\ehshell.exe.config	1	Fn
FILE	MOVE	destination_file_name = c:\windows\ehome\mcetuningoverrides.xml.jaff, source_file_name = c:\windows\ehome\mcetuningoverrides.xml	1	Fn
FILE	CREATE	file_name = c:\windows\ehome\readme.bmp, desired_access = GENERIC_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	CREATE	file_name = c:\windows\ehome\readme.html, desired_access = GENERIC_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	CREATE	file_name = c:\windows\ehome\readme.txt, desired_access = GENERIC_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	FIND	file_name = C:\Windows\ehome\*	1	Fn
FILE	FIND	file_name = C:\Windows\en-US\.	1	Fn
FILE	MOVE	destination_file_name = c:\windows\en-us\bootfix.bin.jaff, source_file_name = c:\windows\en-us\bootfix.bin	1	Fn
FILE	CREATE	file_name = c:\windows\en-us\readme.bmp, desired_access = GENERIC_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	CREATE	file_name = c:\windows\en-us\readme.html, desired_access = GENERIC_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	CREATE	file_name = c:\windows\en-us\readme.txt, desired_access = GENERIC_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	FIND	file_name = C:\Windows\en-US\*	1	Fn
FILE	FIND	file_name = C:\Windows\Globalization\.	1	Fn
FILE	FIND	file_name = C:\Windows\Globalization\*	1	Fn
FILE	FIND	file_name = C:\Windows\Help\.	1	Fn
FILE	FIND	file_name = C:\Windows\Help\*	1	Fn
FILE	FIND	file_name = C:\Windows\IME\.	1	Fn
FILE	FIND	file_name = C:\Windows\IME\*	1	Fn
FILE	FIND	file_name = C:\Windows\inf\.	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\setupapi.app.log.jaff, source_file_name = c:\windows\inf\setupapi.app.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\setupapi.dev.log.jaff, source_file_name = c:\windows\inf\setupapi.dev.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\setupapi.offline.log.jaff, source_file_name = c:\windows\inf\setupapi.offline.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\panther\cbs.log.jaff, source_file_name = c:\windows\panther\cbs.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\panther\cbs_unattend.log.jaff, source_file_name = c:\windows\panther\cbs_unattend.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\panther\ddaclsys.log.jaff, source_file_name = c:\windows\panther\ddaclsys.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\panther\diagerr.xml.jaff, source_file_name = c:\windows\panther\diagerr.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\panther\diagwrn.xml.jaff, source_file_name = c:\windows\panther\diagwrn.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\panther\setupact.log.jaff, source_file_name = c:\windows\panther\setupact.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\panther\setuperr.log.jaff, source_file_name = c:\windows\panther\setuperr.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\panther\unattend.xml.jaff, source_file_name = c:\windows\panther\unattend.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\shellnew\excel12.xlsx.jaff, source_file_name = c:\windows\shellnew\excel12.xlsx	1	Fn
FILE	MOVE	destination_file_name = c:\windows\shellnew\journal.jnt.jaff, source_file_name = c:\windows\shellnew\journal.jnt	1	Fn
FILE	MOVE	destination_file_name = c:\windows\shellnew\mspub.pub.jaff, source_file_name = c:\windows\shellnew\mspub.pub	1	Fn
FILE	MOVE	destination_file_name = c:\windows\softwaredistribution\reportingevents.log.jaff, source_file_name = c:\windows\softwaredistribution\reportingevents.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\dssec.dat.jaff, source_file_name = c:\windows\system32\dssec.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\icrav03.rat.jaff, source_file_name = c:\windows\system32\icrav03.rat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\ieapfltr.dat.jaff, source_file_name = c:\windows\system32\ieapfltr.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\license.rtf.jaff, source_file_name = c:\windows\system32\license.rtf	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\locationnotificationsview.xml.jaff, source_file_name = c:\windows\system32\locationnotificationsview.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\mlang.dat.jaff, source_file_name = c:\windows\system32\mlang.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\ndfeventview.xml.jaff, source_file_name = c:\windows\system32\ndfeventview.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\noise.dat.jaff, source_file_name = c:\windows\system32\noise.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\perfcentercpl.ico.jaff, source_file_name = c:\windows\system32\perfcentercpl.ico	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\racrules.xml.jaff, source_file_name = c:\windows\system32\racrules.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\rasctrnm.h.jaff, source_file_name = c:\windows\system32\rasctrnm.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\tcpbidi.xml.jaff, source_file_name = c:\windows\system32\tcpbidi.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\ticrf.rat.jaff, source_file_name = c:\windows\system32\ticrf.rat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\wsmanconfig_schema.xml.jaff, source_file_name = c:\windows\system32\wsmanconfig_schema.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\xpsrchvw.xml.jaff, source_file_name = c:\windows\system32\xpsrchvw.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\xwizard.dtd.jaff, source_file_name = c:\windows\system32\xwizard.dtd	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\dssec.dat.jaff, source_file_name = c:\windows\syswow64\dssec.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\icrav03.rat.jaff, source_file_name = c:\windows\syswow64\icrav03.rat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\ieapfltr.dat.jaff, source_file_name = c:\windows\syswow64\ieapfltr.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\license.rtf.jaff, source_file_name = c:\windows\syswow64\license.rtf	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\locationnotificationsview.xml.jaff, source_file_name = c:\windows\syswow64\locationnotificationsview.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\mlang.dat.jaff, source_file_name = c:\windows\syswow64\mlang.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\ndfeventview.xml.jaff, source_file_name = c:\windows\syswow64\ndfeventview.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\noise.dat.jaff, source_file_name = c:\windows\syswow64\noise.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\perfcentercpl.ico.jaff, source_file_name = c:\windows\syswow64\perfcentercpl.ico	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\racrules.xml.jaff, source_file_name = c:\windows\syswow64\racrules.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\rasctrnm.h.jaff, source_file_name = c:\windows\syswow64\rasctrnm.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\tcpbidi.xml.jaff, source_file_name = c:\windows\syswow64\tcpbidi.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\ticrf.rat.jaff, source_file_name = c:\windows\syswow64\ticrf.rat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\wsmanconfig_schema.xml.jaff, source_file_name = c:\windows\syswow64\wsmanconfig_schema.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\xpsrchvw.xml.jaff, source_file_name = c:\windows\syswow64\xpsrchvw.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\xwizard.dtd.jaff, source_file_name = c:\windows\syswow64\xwizard.dtd	1	Fn
FILE	MOVE	destination_file_name = c:\windows\tasks\sa.dat.jaff, source_file_name = c:\windows\tasks\sa.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\tasks\schedlgu.txt.jaff, source_file_name = c:\windows\tasks\schedlgu.txt	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\poqexec.log.jaff, source_file_name = c:\windows\winsxs\poqexec.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\reboot.xml.jaff, source_file_name = c:\windows\winsxs\reboot.xml	1	Fn
FILE	MOVE	destination_file_name = c:\program files\common files\services\verisign.bmp.jaff, source_file_name = c:\program files\common files\services\verisign.bmp	1	Fn
FILE	MOVE	destination_file_name = c:\program files\dvd maker\shared\dissolveanother.png.jaff, source_file_name = c:\program files\dvd maker\shared\dissolveanother.png	1	Fn
FILE	MOVE	destination_file_name = c:\program files\dvd maker\shared\dissolvenoise.png.jaff, source_file_name = c:\program files\dvd maker\shared\dissolvenoise.png	1	Fn
FILE	MOVE	destination_file_name = c:\program files\dvd maker\shared\filters.xml.jaff, source_file_name = c:\program files\dvd maker\shared\filters.xml	1	Fn
FILE	MOVE	destination_file_name = c:\program files\microsoft office\office10\engdic.dat.jaff, source_file_name = c:\program files\microsoft office\office10\engdic.dat	1	Fn
FILE	MOVE	destination_file_name = c:\program files\microsoft office\office10\engidx.dat.jaff, source_file_name = c:\program files\microsoft office\office10\engidx.dat	1	Fn
FILE	MOVE	destination_file_name = c:\program files\microsoft office\office10\graph.ico.jaff, source_file_name = c:\program files\microsoft office\office10\graph.ico	1	Fn
FILE	MOVE	destination_file_name = c:\program files\microsoft office\office10\jfont.dat.jaff, source_file_name = c:\program files\microsoft office\office10\jfont.dat	1	Fn
FILE	MOVE	destination_file_name = c:\program files\microsoft office\office10\lookup.dat.jaff, source_file_name = c:\program files\microsoft office\office10\lookup.dat	1	Fn
FILE	MOVE	destination_file_name = c:\program files\microsoft office\office10\lync.ico.jaff, source_file_name = c:\program files\microsoft office\office10\lync.ico	1	Fn
FILE	MOVE	destination_file_name = c:\program files\microsoft office\office10\manifest.xml.jaff, source_file_name = c:\program files\microsoft office\office10\manifest.xml	1	Fn
FILE	MOVE	destination_file_name = c:\program files\microsoft office\office10\microsoft.lync.model.zip.jaff, source_file_name = c:\program files\microsoft office\office10\microsoft.lync.model.zip	1	Fn
FILE	MOVE	destination_file_name = c:\program files\microsoft office\office10\microsoft.lync.utilities.controls.zip.jaff, source_file_name = c:\program files\microsoft office\office10\microsoft.lync.utilities.controls.zip	1	Fn
FILE	MOVE	destination_file_name = c:\program files\microsoft office\office10\microsoft.lync.utilities.zip.jaff, source_file_name = c:\program files\microsoft office\office10\microsoft.lync.utilities.zip	1	Fn
FILE	MOVE	destination_file_name = c:\program files\microsoft office\office10\microsoft.office.interop.infopath.semitrust.xml.jaff, source_file_name = c:\program files\microsoft office\office10\microsoft.office.interop.infopath.semitrust.xml	1	Fn
FILE	MOVE	destination_file_name = c:\program files\microsoft office\office10\microsoft.office.interop.infopath.xml.xml.jaff, source_file_name = c:\program files\microsoft office\office10\microsoft.office.interop.infopath.xml.xml	1	Fn
FILE	MOVE	destination_file_name = c:\program files\microsoft office\office10\mysl.ico.jaff, source_file_name = c:\program files\microsoft office\office10\mysl.ico	1	Fn
FILE	MOVE	destination_file_name = c:\program files\microsoft office\office10\ocomprivate.zip.jaff, source_file_name = c:\program files\microsoft office\office10\ocomprivate.zip	1	Fn
FILE	MOVE	destination_file_name = c:\program files\microsoft office\office10\ocrhc.dat.jaff, source_file_name = c:\program files\microsoft office\office10\ocrhc.dat	1	Fn
FILE	MOVE	destination_file_name = c:\program files\microsoft office\office10\ocrvc.dat.jaff, source_file_name = c:\program files\microsoft office\office10\ocrvc.dat	1	Fn
FILE	MOVE	destination_file_name = c:\program files\microsoft office\office10\ospp.htm.jaff, source_file_name = c:\program files\microsoft office\office10\ospp.htm	1	Fn
FILE	MOVE	destination_file_name = c:\program files\microsoft office\office10\outlfltr.dat.jaff, source_file_name = c:\program files\microsoft office\office10\outlfltr.dat	1	Fn
FILE	MOVE	destination_file_name = c:\program files\microsoft office\office10\reminder.wav.jaff, source_file_name = c:\program files\microsoft office\office10\reminder.wav	1	Fn
FILE	MOVE	destination_file_name = c:\program files\microsoft office\office10\slerror.xml.jaff, source_file_name = c:\program files\microsoft office\office10\slerror.xml	1	Fn
FILE	MOVE	destination_file_name = c:\program files\microsoft office\office10\system.windows.controls.theming.toolkit.zip.jaff, source_file_name = c:\program files\microsoft office\office10\system.windows.controls.theming.toolkit.zip	1	Fn
FILE	MOVE	destination_file_name = c:\program files\nginx\contrib\geo2nginx.pl.jaff, source_file_name = c:\program files\nginx\contrib\geo2nginx.pl	1	Fn
FILE	MOVE	destination_file_name = c:\program files\nginx\html\index.html.jaff, source_file_name = c:\program files\nginx\html\index.html	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows media player\media renderer\avtransport.xml.jaff, source_file_name = c:\program files\windows media player\media renderer\avtransport.xml	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows media player\media renderer\connectionmanager_dmr.xml.jaff, source_file_name = c:\program files\windows media player\media renderer\connectionmanager_dmr.xml	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows media player\media renderer\dmr_120.jpg.jaff, source_file_name = c:\program files\windows media player\media renderer\dmr_120.jpg	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows media player\media renderer\dmr_120.png.jaff, source_file_name = c:\program files\windows media player\media renderer\dmr_120.png	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows media player\media renderer\dmr_48.jpg.jaff, source_file_name = c:\program files\windows media player\media renderer\dmr_48.jpg	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows media player\media renderer\dmr_48.png.jaff, source_file_name = c:\program files\windows media player\media renderer\dmr_48.png	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows media player\media renderer\renderingcontrol.xml.jaff, source_file_name = c:\program files\windows media player\media renderer\renderingcontrol.xml	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows media player\network sharing\connectionmanager.xml.jaff, source_file_name = c:\program files\windows media player\network sharing\connectionmanager.xml	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows media player\network sharing\contentdirectory.xml.jaff, source_file_name = c:\program files\windows media player\network sharing\contentdirectory.xml	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows media player\network sharing\mediareceiverregistrar.xml.jaff, source_file_name = c:\program files\windows media player\network sharing\mediareceiverregistrar.xml	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows media player\network sharing\wmpnss_bw120.jpg.jaff, source_file_name = c:\program files\windows media player\network sharing\wmpnss_bw120.jpg	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows media player\network sharing\wmpnss_bw120.png.jaff, source_file_name = c:\program files\windows media player\network sharing\wmpnss_bw120.png	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows media player\network sharing\wmpnss_bw32.bmp.jaff, source_file_name = c:\program files\windows media player\network sharing\wmpnss_bw32.bmp	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows media player\network sharing\wmpnss_bw32.jpg.jaff, source_file_name = c:\program files\windows media player\network sharing\wmpnss_bw32.jpg	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows media player\network sharing\wmpnss_bw48.bmp.jaff, source_file_name = c:\program files\windows media player\network sharing\wmpnss_bw48.bmp	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows media player\network sharing\wmpnss_bw48.jpg.jaff, source_file_name = c:\program files\windows media player\network sharing\wmpnss_bw48.jpg	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows media player\network sharing\wmpnss_bw48.png.jaff, source_file_name = c:\program files\windows media player\network sharing\wmpnss_bw48.png	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows media player\network sharing\wmpnss_color120.jpg.jaff, source_file_name = c:\program files\windows media player\network sharing\wmpnss_color120.jpg	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows media player\network sharing\wmpnss_color120.png.jaff, source_file_name = c:\program files\windows media player\network sharing\wmpnss_color120.png	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows media player\network sharing\wmpnss_color32.bmp.jaff, source_file_name = c:\program files\windows media player\network sharing\wmpnss_color32.bmp	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows media player\network sharing\wmpnss_color32.jpg.jaff, source_file_name = c:\program files\windows media player\network sharing\wmpnss_color32.jpg	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows media player\network sharing\wmpnss_color48.bmp.jaff, source_file_name = c:\program files\windows media player\network sharing\wmpnss_color48.bmp	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows media player\network sharing\wmpnss_color48.jpg.jaff, source_file_name = c:\program files\windows media player\network sharing\wmpnss_color48.jpg	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows media player\network sharing\wmpnss_color48.png.jaff, source_file_name = c:\program files\windows media player\network sharing\wmpnss_color48.png	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows nt\tabletextservice\tabletextserviceamharic.txt.jaff, source_file_name = c:\program files\windows nt\tabletextservice\tabletextserviceamharic.txt	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows nt\tabletextservice\tabletextservicearray.txt.jaff, source_file_name = c:\program files\windows nt\tabletextservice\tabletextservicearray.txt	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows nt\tabletextservice\tabletextservicedayi.txt.jaff, source_file_name = c:\program files\windows nt\tabletextservice\tabletextservicedayi.txt	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows nt\tabletextservice\tabletextservicesimplifiedquanpin.txt.jaff, source_file_name = c:\program files\windows nt\tabletextservice\tabletextservicesimplifiedquanpin.txt	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows nt\tabletextservice\tabletextservicesimplifiedshuangpin.txt.jaff, source_file_name = c:\program files\windows nt\tabletextservice\tabletextservicesimplifiedshuangpin.txt	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows nt\tabletextservice\tabletextservicesimplifiedzhengma.txt.jaff, source_file_name = c:\program files\windows nt\tabletextservice\tabletextservicesimplifiedzhengma.txt	1	Fn
FILE	MOVE	destination_file_name = c:\program files\windows nt\tabletextservice\tabletextserviceyi.txt.jaff, source_file_name = c:\program files\windows nt\tabletextservice\tabletextserviceyi.txt	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\adobe\reader 9.1.0\readme.htm.jaff, source_file_name = c:\program files (x86)\adobe\reader 9.1.0\readme.htm	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\common files\services\verisign.bmp.jaff, source_file_name = c:\program files (x86)\common files\services\verisign.bmp	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\java\jre1.8.0_101\readme.txt.jaff, source_file_name = c:\program files (x86)\java\jre1.8.0_101\readme.txt	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\java\jre1.8.0_101\thirdpartylicensereadme-javafx.txt.jaff, source_file_name = c:\program files (x86)\java\jre1.8.0_101\thirdpartylicensereadme-javafx.txt	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\java\jre1.8.0_101\thirdpartylicensereadme.txt.jaff, source_file_name = c:\program files (x86)\java\jre1.8.0_101\thirdpartylicensereadme.txt	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\java\jre1.8.0_101\welcome.html.jaff, source_file_name = c:\program files (x86)\java\jre1.8.0_101\welcome.html	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\microsoft.net\redistlist\assemblylist_4_client.xml.jaff, source_file_name = c:\program files (x86)\microsoft.net\redistlist\assemblylist_4_client.xml	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\microsoft.net\redistlist\assemblylist_4_extended.xml.jaff, source_file_name = c:\program files (x86)\microsoft.net\redistlist\assemblylist_4_extended.xml	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\mozilla firefox\browser\blocklist.xml.jaff, source_file_name = c:\program files (x86)\mozilla firefox\browser\blocklist.xml	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\mozilla firefox\uninstall\uninstall.log.jaff, source_file_name = c:\program files (x86)\mozilla firefox\uninstall\uninstall.log	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\windows media player\media renderer\avtransport.xml.jaff, source_file_name = c:\program files (x86)\windows media player\media renderer\avtransport.xml	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\windows media player\media renderer\connectionmanager_dmr.xml.jaff, source_file_name = c:\program files (x86)\windows media player\media renderer\connectionmanager_dmr.xml	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\windows media player\media renderer\dmr_120.jpg.jaff, source_file_name = c:\program files (x86)\windows media player\media renderer\dmr_120.jpg	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\windows media player\media renderer\dmr_120.png.jaff, source_file_name = c:\program files (x86)\windows media player\media renderer\dmr_120.png	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\windows media player\media renderer\dmr_48.jpg.jaff, source_file_name = c:\program files (x86)\windows media player\media renderer\dmr_48.jpg	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\windows media player\media renderer\dmr_48.png.jaff, source_file_name = c:\program files (x86)\windows media player\media renderer\dmr_48.png	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\windows media player\media renderer\renderingcontrol.xml.jaff, source_file_name = c:\program files (x86)\windows media player\media renderer\renderingcontrol.xml	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\windows nt\tabletextservice\tabletextserviceamharic.txt.jaff, source_file_name = c:\program files (x86)\windows nt\tabletextservice\tabletextserviceamharic.txt	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\windows nt\tabletextservice\tabletextservicearray.txt.jaff, source_file_name = c:\program files (x86)\windows nt\tabletextservice\tabletextservicearray.txt	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\windows nt\tabletextservice\tabletextservicedayi.txt.jaff, source_file_name = c:\program files (x86)\windows nt\tabletextservice\tabletextservicedayi.txt	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\windows nt\tabletextservice\tabletextservicesimplifiedquanpin.txt.jaff, source_file_name = c:\program files (x86)\windows nt\tabletextservice\tabletextservicesimplifiedquanpin.txt	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\windows nt\tabletextservice\tabletextservicesimplifiedshuangpin.txt.jaff, source_file_name = c:\program files (x86)\windows nt\tabletextservice\tabletextservicesimplifiedshuangpin.txt	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\windows nt\tabletextservice\tabletextservicesimplifiedzhengma.txt.jaff, source_file_name = c:\program files (x86)\windows nt\tabletextservice\tabletextservicesimplifiedzhengma.txt	1	Fn
FILE	MOVE	destination_file_name = c:\program files (x86)\windows nt\tabletextservice\tabletextserviceyi.txt.jaff, source_file_name = c:\program files (x86)\windows nt\tabletextservice\tabletextserviceyi.txt	1	Fn
FILE	MOVE	destination_file_name = c:\programdata\adobe\updater6\adobeesdglobalapps.xml.jaff, source_file_name = c:\programdata\adobe\updater6\adobeesdglobalapps.xml	1	Fn
FILE	MOVE	destination_file_name = c:\programdata\mozilla\logs\maintenanceservice-install.log.jaff, source_file_name = c:\programdata\mozilla\logs\maintenanceservice-install.log	1	Fn
FILE	MOVE	destination_file_name = c:\users\default\contacts\administrator.contact.jaff, source_file_name = c:\users\default\contacts\administrator.contact	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\contacts\administrator.contact.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\contacts\administrator.contact	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\contacts\administrator.contact.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\20id.avi.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\20id.avi	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\20id.avi.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\ajzw-epo.avi.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\ajzw-epo.avi	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\ajzw-epo.avi.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\axc6so2re.m4a.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\axc6so2re.m4a	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\axc6so2re.m4a.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\b20d9bq9wak1y.jpg.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\b20d9bq9wak1y.jpg	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\b20d9bq9wak1y.jpg.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\fstg.swf.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\fstg.swf	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\fstg.swf.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\gd1baaokx xqll8mg9oh.pps.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\gd1baaokx xqll8mg9oh.pps	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\gd1baaokx xqll8mg9oh.pps.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\gnxh5.m4a.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\gnxh5.m4a	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\gnxh5.m4a.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\gyaslu.gif.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\gyaslu.gif	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\gyaslu.gif.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\hzvj8a65k_2lv70dc8w.wav.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\hzvj8a65k_2lv70dc8w.wav	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\hzvj8a65k_2lv70dc8w.wav.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\jjhy52i5bspk80_.pptx.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\jjhy52i5bspk80_.pptx	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\jjhy52i5bspk80_.pptx.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\jltxy3syjrqo.odp.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\jltxy3syjrqo.odp	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\jltxy3syjrqo.odp.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\jsf2w.wav.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\jsf2w.wav	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\jsf2w.wav.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\mhecdzcb5d2tf.mkv.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\mhecdzcb5d2tf.mkv	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\mhecdzcb5d2tf.mkv.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\mub.png.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\mub.png	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\mub.png.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\nm.pdf.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\nm.pdf	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\opnqerfem nc.wav.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\opnqerfem nc.wav	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\opnqerfem nc.wav.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\pegixilxpev.odp.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\pegixilxpev.odp	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\pegixilxpev.odp.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\qbfxmud0saassf3v.swf.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\qbfxmud0saassf3v.swf	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\qbfxmud0saassf3v.swf.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\rv6gp_.swf.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\rv6gp_.swf	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\rv6gp_.swf.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\sbfcf-kainxodnh rra.png.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\sbfcf-kainxodnh rra.png	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\sbfcf-kainxodnh rra.png.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\sr-qxg8.avi.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\sr-qxg8.avi	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\sr-qxg8.avi.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\sshjbstfshohobuncds.mp4.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\sshjbstfshohobuncds.mp4	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\sshjbstfshohobuncds.mp4.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\u1mukqe.png.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\u1mukqe.png	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\u1mukqe.png.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\v4ghb.bmp.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\v4ghb.bmp	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\v4ghb.bmp.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\w0q0xltr.m4a.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\w0q0xltr.m4a	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\w0q0xltr.m4a.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\wk5bz4o9q1fwf.mp4.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\wk5bz4o9q1fwf.mp4	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\wk5bz4o9q1fwf.mp4.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\desktop\zjzspmnf.png.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\desktop\zjzspmnf.png	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\desktop\zjzspmnf.png.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\documents\-7v4vzrmt9tgdmf.xlsx.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\documents\-7v4vzrmt9tgdmf.xlsx	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\documents\-7v4vzrmt9tgdmf.xlsx.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\documents\2l2ya0ad.pptx.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\documents\2l2ya0ad.pptx	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\documents\2l2ya0ad.pptx.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\documents\6_vyndtfmhcw.pdf.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\documents\6_vyndtfmhcw.pdf	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\documents\6_vyndtfmhcw.pdf.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\documents\blzyu-zzcvrj_pwn3.pptx.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\documents\blzyu-zzcvrj_pwn3.pptx	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\documents\blzyu-zzcvrj_pwn3.pptx.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\documents\byqw_q-g67.pptx.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\documents\byqw_q-g67.pptx	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\documents\byqw_q-g67.pptx.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\documents\crfcnex6l.xlsx.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\documents\crfcnex6l.xlsx	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\documents\crfcnex6l.xlsx.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\documents\frl8ns.ppt.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\documents\frl8ns.ppt	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\documents\frl8ns.ppt.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\documents\gh8gmygh9o7.docx.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\documents\gh8gmygh9o7.docx	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\documents\gh8gmygh9o7.docx.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\documents\k7fdk6f.docx.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\documents\k7fdk6f.docx	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\documents\k7fdk6f.docx.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\documents\k9npofkvnc.pps.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\documents\k9npofkvnc.pps	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\documents\k9npofkvnc.pps.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\documents\lkvfi.docx.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\documents\lkvfi.docx	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\documents\lkvfi.docx.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\documents\niy3fhj.pps.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\documents\niy3fhj.pps	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\documents\niy3fhj.pps.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\documents\nxc7tbz5yr1kbup.docx.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\documents\nxc7tbz5yr1kbup.docx	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\documents\nxc7tbz5yr1kbup.docx.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\documents\omwvs1ixczu4j4nno.csv.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\documents\omwvs1ixczu4j4nno.csv	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\documents\omwvs1ixczu4j4nno.csv.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\documents\p1j0_ef.pptx.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\documents\p1j0_ef.pptx	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\documents\p1j0_ef.pptx.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\documents\rbyfqly3xxqa3zf r0.docx.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\documents\rbyfqly3xxqa3zf r0.docx	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\documents\rbyfqly3xxqa3zf r0.docx.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\documents\rzu t0gzsb2nzwyha.pptx.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\documents\rzu t0gzsb2nzwyha.pptx	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\documents\rzu t0gzsb2nzwyha.pptx.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\documents\tuy7k1x.pps.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\documents\tuy7k1x.pps	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\documents\tuy7k1x.pps.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\documents\u4dvje.xlsx.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\documents\u4dvje.xlsx	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\documents\u4dvje.xlsx.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\documents\v9k _9k.pptx.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\documents\v9k _9k.pptx	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\documents\v9k _9k.pptx.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\documents\vk2uoq7lerjl.xlsx.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\documents\vk2uoq7lerjl.xlsx	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\documents\vk2uoq7lerjl.xlsx.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\documents\ypvwhtkfqb1uj.csv.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\documents\ypvwhtkfqb1uj.csv	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\documents\ypvwhtkfqb1uj.csv.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\documents\z vcpzp0j wc6_lb.docx.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\documents\z vcpzp0j wc6_lb.docx	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\documents\z vcpzp0j wc6_lb.docx.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\documents\zspkl7ggi_oif7hjt.xlsx.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\documents\zspkl7ggi_oif7hjt.xlsx	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\documents\zspkl7ggi_oif7hjt.xlsx.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\music\-qgo7tjmvpc2fq.wav.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\music\-qgo7tjmvpc2fq.wav	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\music\-qgo7tjmvpc2fq.wav.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\music\e677hz.m4a.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\music\e677hz.m4a	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\music\e677hz.m4a.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\music\g5t48aobb9.wav.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\music\g5t48aobb9.wav	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\music\g5t48aobb9.wav.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\music\lxkf1x6u.wav.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\music\lxkf1x6u.wav	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\music\lxkf1x6u.wav.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\music\rgkb8kxarwqg.mp3.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\music\rgkb8kxarwqg.mp3	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\music\rgkb8kxarwqg.mp3.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\music\ri9hgrgjctfu19.mp3.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\music\ri9hgrgjctfu19.mp3	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\music\ri9hgrgjctfu19.mp3.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\music\s0p75.wav.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\music\s0p75.wav	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\music\s0p75.wav.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\pictures\2mcajc.jpg.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\pictures\2mcajc.jpg	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\pictures\2mcajc.jpg.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\pictures\bxkj.bmp.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\pictures\bxkj.bmp	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\pictures\bxkj.bmp.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\pictures\fkpvxol9c7u.bmp.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\pictures\fkpvxol9c7u.bmp	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\pictures\fkpvxol9c7u.bmp.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\pictures\n8_t6skpqfnfeok9k.png.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\pictures\n8_t6skpqfnfeok9k.png	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\pictures\n8_t6skpqfnfeok9k.png.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\pictures\rubuq1kl0y6.bmp.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\pictures\rubuq1kl0y6.bmp	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\pictures\rubuq1kl0y6.bmp.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\videos\-bjtnqujsdkd0.avi.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\videos\-bjtnqujsdkd0.avi	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\videos\-bjtnqujsdkd0.avi.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\videos\1xar.flv.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\videos\1xar.flv	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\videos\1xar.flv.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\users\hjrd1koky ds8lujv\videos\wwmf0-vjk.avi.jaff, source_file_name = c:\users\hjrd1koky ds8lujv\videos\wwmf0-vjk.avi	1	Fn
FILE	CREATE	file_name = c:\users\hjrd1koky ds8lujv\videos\wwmf0-vjk.avi.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\windows\debug\wia\wiatrace.log.jaff, source_file_name = c:\windows\debug\wia\wiatrace.log	1	Fn
FILE	CREATE	file_name = c:\windows\debug\wia\wiatrace.log.jaff, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
FILE	MOVE	destination_file_name = c:\windows\diagnostics\index\aerodiagnostic.xml.jaff, source_file_name = c:\windows\diagnostics\index\aerodiagnostic.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\diagnostics\index\audioplaybackdiagnostic.xml.jaff, source_file_name = c:\windows\diagnostics\index\audioplaybackdiagnostic.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\diagnostics\index\audiorecordingdiagnostic.xml.jaff, source_file_name = c:\windows\diagnostics\index\audiorecordingdiagnostic.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\diagnostics\index\devicecenterdiagnostic.xml.jaff, source_file_name = c:\windows\diagnostics\index\devicecenterdiagnostic.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\diagnostics\index\devicediagnostic.xml.jaff, source_file_name = c:\windows\diagnostics\index\devicediagnostic.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\diagnostics\index\iebrowsewebdiagnostic.xml.jaff, source_file_name = c:\windows\diagnostics\index\iebrowsewebdiagnostic.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\diagnostics\index\iesecuritydiagnostic.xml.jaff, source_file_name = c:\windows\diagnostics\index\iesecuritydiagnostic.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\diagnostics\index\maintenancediagnostic.xml.jaff, source_file_name = c:\windows\diagnostics\index\maintenancediagnostic.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\diagnostics\index\networkdiagnostics_1_web.xml.jaff, source_file_name = c:\windows\diagnostics\index\networkdiagnostics_1_web.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\diagnostics\index\networkdiagnostics_2_fileshare.xml.jaff, source_file_name = c:\windows\diagnostics\index\networkdiagnostics_2_fileshare.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\diagnostics\index\networkdiagnostics_3_homegroup.xml.jaff, source_file_name = c:\windows\diagnostics\index\networkdiagnostics_3_homegroup.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\diagnostics\index\networkdiagnostics_4_networkadapter.xml.jaff, source_file_name = c:\windows\diagnostics\index\networkdiagnostics_4_networkadapter.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\diagnostics\index\networkdiagnostics_5_inbound.xml.jaff, source_file_name = c:\windows\diagnostics\index\networkdiagnostics_5_inbound.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\diagnostics\index\pcwdiagnostic.xml.jaff, source_file_name = c:\windows\diagnostics\index\pcwdiagnostic.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\diagnostics\index\performancediagnostic.xml.jaff, source_file_name = c:\windows\diagnostics\index\performancediagnostic.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\diagnostics\index\powerdiagnostic.xml.jaff, source_file_name = c:\windows\diagnostics\index\powerdiagnostic.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\diagnostics\index\printerdiagnostic.xml.jaff, source_file_name = c:\windows\diagnostics\index\printerdiagnostic.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\diagnostics\index\searchdiagnostic.xml.jaff, source_file_name = c:\windows\diagnostics\index\searchdiagnostic.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\diagnostics\index\windowsmediaplayerconfiguration.xml.jaff, source_file_name = c:\windows\diagnostics\index\windowsmediaplayerconfiguration.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\diagnostics\index\windowsmediaplayermedialibrary.xml.jaff, source_file_name = c:\windows\diagnostics\index\windowsmediaplayermedialibrary.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\diagnostics\index\windowsmediaplayerplaydvd.xml.jaff, source_file_name = c:\windows\diagnostics\index\windowsmediaplayerplaydvd.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\diagnostics\index\windowsupdatediagnostic.xml.jaff, source_file_name = c:\windows\diagnostics\index\windowsupdatediagnostic.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\ehome\createdisc\sonic.xml.jaff, source_file_name = c:\windows\ehome\createdisc\sonic.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\ehome\createdisc\sonicmceburnengineicon.png.jaff, source_file_name = c:\windows\ehome\createdisc\sonicmceburnengineicon.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\ehome\en-us\epgtos.txt.jaff, source_file_name = c:\windows\ehome\en-us\epgtos.txt	1	Fn
FILE	MOVE	destination_file_name = c:\windows\ehome\en-us\playready_eula.txt.jaff, source_file_name = c:\windows\ehome\en-us\playready_eula.txt	1	Fn
FILE	MOVE	destination_file_name = c:\windows\ehome\en-us\playready_eula_oem.txt.jaff, source_file_name = c:\windows\ehome\en-us\playready_eula_oem.txt	1	Fn
FILE	MOVE	destination_file_name = c:\windows\ehome\mediarenderer\mediacenter.digitalmediarenderer.avtransport.xml.jaff, source_file_name = c:\windows\ehome\mediarenderer\mediacenter.digitalmediarenderer.avtransport.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\ehome\mediarenderer\mediacenter.digitalmediarenderer.connectionmanager.xml.jaff, source_file_name = c:\windows\ehome\mediarenderer\mediacenter.digitalmediarenderer.connectionmanager.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\ehome\mediarenderer\mediacenter.digitalmediarenderer.renderingcontrol.xml.jaff, source_file_name = c:\windows\ehome\mediarenderer\mediacenter.digitalmediarenderer.renderingcontrol.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\ehome\mediarenderer\mediacenter.digitalmediarenderer.renderingcontrolnomute.xml.jaff, source_file_name = c:\windows\ehome\mediarenderer\mediacenter.digitalmediarenderer.renderingcontrolnomute.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\ehome\wow\ehexthost32.exe.config.jaff, source_file_name = c:\windows\ehome\wow\ehexthost32.exe.config	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\.net clr data\_dataperfcounters.h.jaff, source_file_name = c:\windows\inf\.net clr data\_dataperfcounters.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\.net clr networking\_networkingperfcounters.h.jaff, source_file_name = c:\windows\inf\.net clr networking\_networkingperfcounters.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\.net clr networking 4.0.0.0\_networkingperfcounters.h.jaff, source_file_name = c:\windows\inf\.net clr networking 4.0.0.0\_networkingperfcounters.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\.net data provider for oracle\_dataoracleclientperfcounters_shared12_neutral.h.jaff, source_file_name = c:\windows\inf\.net data provider for oracle\_dataoracleclientperfcounters_shared12_neutral.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\.net data provider for sqlserver\_dataperfcounters_shared12_neutral.h.jaff, source_file_name = c:\windows\inf\.net data provider for sqlserver\_dataperfcounters_shared12_neutral.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\.net memory cache 4.0\netmemorycache.h.jaff, source_file_name = c:\windows\inf\.net memory cache 4.0\netmemorycache.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\.netframework\corperfmonsymbols.h.jaff, source_file_name = c:\windows\inf\.netframework\corperfmonsymbols.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\asp.net\aspnet_perf.h.jaff, source_file_name = c:\windows\inf\asp.net\aspnet_perf.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\asp.net_4.0.30319\aspnet_perf.h.jaff, source_file_name = c:\windows\inf\asp.net_4.0.30319\aspnet_perf.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\aspnet_state\aspnet_state_perf.h.jaff, source_file_name = c:\windows\inf\aspnet_state\aspnet_state_perf.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\bits\bitsctr.h.jaff, source_file_name = c:\windows\inf\bits\bitsctr.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\msdtc\msdtcprf.h.jaff, source_file_name = c:\windows\inf\msdtc\msdtcprf.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\msdtc bridge 3.0.0.0\_transactionbridgeperfcounters.h.jaff, source_file_name = c:\windows\inf\msdtc bridge 3.0.0.0\_transactionbridgeperfcounters.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\msdtc bridge 4.0.0.0\_transactionbridgeperfcounters.h.jaff, source_file_name = c:\windows\inf\msdtc bridge 4.0.0.0\_transactionbridgeperfcounters.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\rdyboost\readyboostperfcounters.h.jaff, source_file_name = c:\windows\inf\rdyboost\readyboostperfcounters.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\remoteaccess\rasctrnm.h.jaff, source_file_name = c:\windows\inf\remoteaccess\rasctrnm.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\servicemodelendpoint 3.0.0.0\_servicemodelendpointperfcounters.h.jaff, source_file_name = c:\windows\inf\servicemodelendpoint 3.0.0.0\_servicemodelendpointperfcounters.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\servicemodeloperation 3.0.0.0\_servicemodeloperationperfcounters.h.jaff, source_file_name = c:\windows\inf\servicemodeloperation 3.0.0.0\_servicemodeloperationperfcounters.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\servicemodelservice 3.0.0.0\_servicemodelserviceperfcounters.h.jaff, source_file_name = c:\windows\inf\servicemodelservice 3.0.0.0\_servicemodelserviceperfcounters.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\smsvchost 3.0.0.0\_smsvchostperfcounters.h.jaff, source_file_name = c:\windows\inf\smsvchost 3.0.0.0\_smsvchostperfcounters.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\smsvchost 4.0.0.0\_smsvchostperfcounters.h.jaff, source_file_name = c:\windows\inf\smsvchost 4.0.0.0\_smsvchostperfcounters.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\tapisrv\perfctr.h.jaff, source_file_name = c:\windows\inf\tapisrv\perfctr.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\termservice\tslabels.h.jaff, source_file_name = c:\windows\inf\termservice\tslabels.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\ugatherer\gsrvctr.h.jaff, source_file_name = c:\windows\inf\ugatherer\gsrvctr.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\ugthrsvc\gthrctr.h.jaff, source_file_name = c:\windows\inf\ugthrsvc\gthrctr.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\usbhub\usbperfsym.h.jaff, source_file_name = c:\windows\inf\usbhub\usbperfsym.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\windows workflow foundation 3.0.0.0\perfcounters.h.jaff, source_file_name = c:\windows\inf\windows workflow foundation 3.0.0.0\perfcounters.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\windows workflow foundation 4.0.0.0\perfcounters.h.jaff, source_file_name = c:\windows\inf\windows workflow foundation 4.0.0.0\perfcounters.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\wmiaprpl\wmiaprpl.h.jaff, source_file_name = c:\windows\inf\wmiaprpl\wmiaprpl.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\inf\wsearchidxpi\idxcntrs.h.jaff, source_file_name = c:\windows\inf\wsearchidxpi\idxcntrs.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\logs\cbs\cbs.log.jaff, source_file_name = c:\windows\logs\cbs\cbs.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\logs\dpx\setupact.log.jaff, source_file_name = c:\windows\logs\dpx\setupact.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\logs\dpx\setuperr.log.jaff, source_file_name = c:\windows\logs\dpx\setuperr.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\panther\unattendgc\diagerr.xml.jaff, source_file_name = c:\windows\panther\unattendgc\diagerr.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\panther\unattendgc\diagwrn.xml.jaff, source_file_name = c:\windows\panther\unattendgc\diagwrn.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\panther\unattendgc\setupact.log.jaff, source_file_name = c:\windows\panther\unattendgc\setupact.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\panther\unattendgc\setuperr.log.jaff, source_file_name = c:\windows\panther\unattendgc\setuperr.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\performance\winsat\clip_1080_5sec_10mbps_h264.mp4.jaff, source_file_name = c:\windows\performance\winsat\clip_1080_5sec_10mbps_h264.mp4	1	Fn
FILE	MOVE	destination_file_name = c:\windows\performance\winsat\clip_1080_5sec_mpeg2_hd_15mbps.mpg.jaff, source_file_name = c:\windows\performance\winsat\clip_1080_5sec_mpeg2_hd_15mbps.mpg	1	Fn
FILE	MOVE	destination_file_name = c:\windows\performance\winsat\clip_1080_5sec_vc1_15mbps.wmv.jaff, source_file_name = c:\windows\performance\winsat\clip_1080_5sec_vc1_15mbps.wmv	1	Fn
FILE	MOVE	destination_file_name = c:\windows\performance\winsat\clip_480i_5sec_6mbps_new.mpg.jaff, source_file_name = c:\windows\performance\winsat\clip_480i_5sec_6mbps_new.mpg	1	Fn
FILE	MOVE	destination_file_name = c:\windows\performance\winsat\clip_480p_5sec_6mbps_new.mpg.jaff, source_file_name = c:\windows\performance\winsat\clip_480p_5sec_6mbps_new.mpg	1	Fn
FILE	MOVE	destination_file_name = c:\windows\performance\winsat\clip_480_5sec_6mbps_h264.mp4.jaff, source_file_name = c:\windows\performance\winsat\clip_480_5sec_6mbps_h264.mp4	1	Fn
FILE	MOVE	destination_file_name = c:\windows\performance\winsat\winsat.log.jaff, source_file_name = c:\windows\performance\winsat\winsat.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\performance\winsat\winsat.wmv.jaff, source_file_name = c:\windows\performance\winsat\winsat.wmv	1	Fn
FILE	MOVE	destination_file_name = c:\windows\performance\winsat\winsatencode.wmv.jaff, source_file_name = c:\windows\performance\winsat\winsatencode.wmv	1	Fn
FILE	MOVE	destination_file_name = c:\windows\pla\system\system diagnostics.xml.jaff, source_file_name = c:\windows\pla\system\system diagnostics.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\pla\system\system performance.xml.jaff, source_file_name = c:\windows\pla\system\system performance.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\security\logs\scesetup.log.jaff, source_file_name = c:\windows\security\logs\scesetup.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\editions\editionmatrix.xml.jaff, source_file_name = c:\windows\servicing\editions\editionmatrix.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\editions\enterpriseedition.xml.jaff, source_file_name = c:\windows\servicing\editions\enterpriseedition.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\editions\homebasicedition.xml.jaff, source_file_name = c:\windows\servicing\editions\homebasicedition.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\editions\homepremiumedition.xml.jaff, source_file_name = c:\windows\servicing\editions\homepremiumedition.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\editions\professionaledition.xml.jaff, source_file_name = c:\windows\servicing\editions\professionaledition.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\editions\starteredition.xml.jaff, source_file_name = c:\windows\servicing\editions\starteredition.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\editions\ultimateedition.xml.jaff, source_file_name = c:\windows\servicing\editions\ultimateedition.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\1556_2012250.back.xml.jaff, source_file_name = c:\windows\servicing\sessions\1556_2012250.back.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\1556_2012250.xml.jaff, source_file_name = c:\windows\servicing\sessions\1556_2012250.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\2032_720937.back.xml.jaff, source_file_name = c:\windows\servicing\sessions\2032_720937.back.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\2032_720937.xml.jaff, source_file_name = c:\windows\servicing\sessions\2032_720937.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\2128_1255531.back.xml.jaff, source_file_name = c:\windows\servicing\sessions\2128_1255531.back.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\2128_1255531.xml.jaff, source_file_name = c:\windows\servicing\sessions\2128_1255531.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\2156_1990234.back.xml.jaff, source_file_name = c:\windows\servicing\sessions\2156_1990234.back.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\2156_1990234.xml.jaff, source_file_name = c:\windows\servicing\sessions\2156_1990234.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\2256_1770484.back.xml.jaff, source_file_name = c:\windows\servicing\sessions\2256_1770484.back.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\2256_1770484.xml.jaff, source_file_name = c:\windows\servicing\sessions\2256_1770484.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\2836_1076453.back.xml.jaff, source_file_name = c:\windows\servicing\sessions\2836_1076453.back.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\2836_1076453.xml.jaff, source_file_name = c:\windows\servicing\sessions\2836_1076453.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\2872_2054171.back.xml.jaff, source_file_name = c:\windows\servicing\sessions\2872_2054171.back.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\2872_2054171.xml.jaff, source_file_name = c:\windows\servicing\sessions\2872_2054171.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\2888_2033296.back.xml.jaff, source_file_name = c:\windows\servicing\sessions\2888_2033296.back.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\2888_2033296.xml.jaff, source_file_name = c:\windows\servicing\sessions\2888_2033296.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\2992_1101203.back.xml.jaff, source_file_name = c:\windows\servicing\sessions\2992_1101203.back.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\2992_1101203.xml.jaff, source_file_name = c:\windows\servicing\sessions\2992_1101203.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\30116136_1276892225.back.xml.jaff, source_file_name = c:\windows\servicing\sessions\30116136_1276892225.back.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\30116136_1276892225.xml.jaff, source_file_name = c:\windows\servicing\sessions\30116136_1276892225.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\30116137_1235105040.back.xml.jaff, source_file_name = c:\windows\servicing\sessions\30116137_1235105040.back.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\30116137_1235105040.xml.jaff, source_file_name = c:\windows\servicing\sessions\30116137_1235105040.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\30116137_1235105040_exe.xml.jaff, source_file_name = c:\windows\servicing\sessions\30116137_1235105040_exe.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\30477672_847313088.back.xml.jaff, source_file_name = c:\windows\servicing\sessions\30477672_847313088.back.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\30477672_847313088.xml.jaff, source_file_name = c:\windows\servicing\sessions\30477672_847313088.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\30477689_1566533056.back.xml.jaff, source_file_name = c:\windows\servicing\sessions\30477689_1566533056.back.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\30477689_1566533056.xml.jaff, source_file_name = c:\windows\servicing\sessions\30477689_1566533056.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\388_935906.back.xml.jaff, source_file_name = c:\windows\servicing\sessions\388_935906.back.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\388_935906.xml.jaff, source_file_name = c:\windows\servicing\sessions\388_935906.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\516_1965281.back.xml.jaff, source_file_name = c:\windows\servicing\sessions\516_1965281.back.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\516_1965281.xml.jaff, source_file_name = c:\windows\servicing\sessions\516_1965281.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\sessions.back.xml.jaff, source_file_name = c:\windows\servicing\sessions\sessions.back.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\servicing\sessions\sessions.xml.jaff, source_file_name = c:\windows\servicing\sessions\sessions.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\softwaredistribution\datastore\datastore.edb.jaff, source_file_name = c:\windows\softwaredistribution\datastore\datastore.edb	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\catroot2\dberr.txt.jaff, source_file_name = c:\windows\system32\catroot2\dberr.txt	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\catroot2\edb.log.jaff, source_file_name = c:\windows\system32\catroot2\edb.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\catroot2\edb00437.log.jaff, source_file_name = c:\windows\system32\catroot2\edb00437.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\com\comempty.dat.jaff, source_file_name = c:\windows\system32\com\comempty.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\drivers\gmreadme.txt.jaff, source_file_name = c:\windows\system32\drivers\gmreadme.txt	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\driverstore\drvindex.dat.jaff, source_file_name = c:\windows\system32\driverstore\drvindex.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\driverstore\infpub.dat.jaff, source_file_name = c:\windows\system32\driverstore\infpub.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\driverstore\infstor.dat.jaff, source_file_name = c:\windows\system32\driverstore\infstor.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\driverstore\infstrng.dat.jaff, source_file_name = c:\windows\system32\driverstore\infstrng.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\en-us\erofflps.txt.jaff, source_file_name = c:\windows\system32\en-us\erofflps.txt	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\en-us\lipeula.rtf.jaff, source_file_name = c:\windows\system32\en-us\lipeula.rtf	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\en-us\lpeula.rtf.jaff, source_file_name = c:\windows\system32\en-us\lpeula.rtf	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\icsxml\cmnicfg.xml.jaff, source_file_name = c:\windows\system32\icsxml\cmnicfg.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\icsxml\ipcfg.xml.jaff, source_file_name = c:\windows\system32\icsxml\ipcfg.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\icsxml\osinfo.xml.jaff, source_file_name = c:\windows\system32\icsxml\osinfo.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\icsxml\potscfg.xml.jaff, source_file_name = c:\windows\system32\icsxml\potscfg.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\icsxml\pppcfg.xml.jaff, source_file_name = c:\windows\system32\icsxml\pppcfg.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\migwiz\migapp.xml.jaff, source_file_name = c:\windows\system32\migwiz\migapp.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\migwiz\migfiles.dat.jaff, source_file_name = c:\windows\system32\migwiz\migfiles.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\migwiz\sfcn.dat.jaff, source_file_name = c:\windows\system32\migwiz\sfcn.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\migwiz\sflcid.dat.jaff, source_file_name = c:\windows\system32\migwiz\sflcid.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\migwiz\sflistlh.dat.jaff, source_file_name = c:\windows\system32\migwiz\sflistlh.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\migwiz\sflistw7.dat.jaff, source_file_name = c:\windows\system32\migwiz\sflistw7.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\migwiz\sflistxp.dat.jaff, source_file_name = c:\windows\system32\migwiz\sflistxp.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\oobe\background.bmp.jaff, source_file_name = c:\windows\system32\oobe\background.bmp	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\recovery\reagent.xml.jaff, source_file_name = c:\windows\system32\recovery\reagent.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\system32\wbem\xsl-mappings.xml.jaff, source_file_name = c:\windows\system32\wbem\xsl-mappings.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\com\comempty.dat.jaff, source_file_name = c:\windows\syswow64\com\comempty.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\drivers\gmreadme.txt.jaff, source_file_name = c:\windows\syswow64\drivers\gmreadme.txt	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\en-us\erofflps.txt.jaff, source_file_name = c:\windows\syswow64\en-us\erofflps.txt	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\en-us\lipeula.rtf.jaff, source_file_name = c:\windows\syswow64\en-us\lipeula.rtf	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\en-us\lpeula.rtf.jaff, source_file_name = c:\windows\syswow64\en-us\lpeula.rtf	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\icsxml\cmnicfg.xml.jaff, source_file_name = c:\windows\syswow64\icsxml\cmnicfg.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\icsxml\ipcfg.xml.jaff, source_file_name = c:\windows\syswow64\icsxml\ipcfg.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\icsxml\osinfo.xml.jaff, source_file_name = c:\windows\syswow64\icsxml\osinfo.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\icsxml\potscfg.xml.jaff, source_file_name = c:\windows\syswow64\icsxml\potscfg.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\icsxml\pppcfg.xml.jaff, source_file_name = c:\windows\syswow64\icsxml\pppcfg.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\migwiz\migapp.xml.jaff, source_file_name = c:\windows\syswow64\migwiz\migapp.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\migwiz\migfiles.dat.jaff, source_file_name = c:\windows\syswow64\migwiz\migfiles.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\migwiz\sfcn.dat.jaff, source_file_name = c:\windows\syswow64\migwiz\sfcn.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\migwiz\sflcid.dat.jaff, source_file_name = c:\windows\syswow64\migwiz\sflcid.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\migwiz\sflistlh.dat.jaff, source_file_name = c:\windows\syswow64\migwiz\sflistlh.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\migwiz\sflistw7.dat.jaff, source_file_name = c:\windows\syswow64\migwiz\sflistw7.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\migwiz\sflistxp.dat.jaff, source_file_name = c:\windows\syswow64\migwiz\sflistxp.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\oobe\background.bmp.jaff, source_file_name = c:\windows\syswow64\oobe\background.bmp	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\recovery\reagent.xml.jaff, source_file_name = c:\windows\syswow64\recovery\reagent.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\syswow64\wbem\xsl-mappings.xml.jaff, source_file_name = c:\windows\syswow64\wbem\xsl-mappings.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_addinprocess32_b77a5c561934e089_6.1.7601.17514_none_df35b5ac03866e22\addinprocess32.exe.config.jaff, source_file_name = c:\windows\winsxs\amd64_addinprocess32_b77a5c561934e089_6.1.7601.17514_none_df35b5ac03866e22\addinprocess32.exe.config	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_avmx64c.inf_31bf3856ad364e35_6.1.7600.16385_none_1b289ccdd9a4634d\c2.bin.jaff, source_file_name = c:\windows\winsxs\amd64_avmx64c.inf_31bf3856ad364e35_6.1.7600.16385_none_1b289ccdd9a4634d\c2.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_avmx64c.inf_31bf3856ad364e35_6.1.7600.16385_none_1b289ccdd9a4634d\c4.bin.jaff, source_file_name = c:\windows\winsxs\amd64_avmx64c.inf_31bf3856ad364e35_6.1.7600.16385_none_1b289ccdd9a4634d\c4.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsi01.bin.jaff, source_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsi01.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsi02.bin.jaff, source_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsi02.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsi02f.bin.jaff, source_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsi02f.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsi03.bin.jaff, source_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsi03.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsi03f.bin.jaff, source_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsi03f.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsi04.bin.jaff, source_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsi04.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsi04f.bin.jaff, source_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsi04f.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsi05f.bin.jaff, source_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsi05f.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsi06.bin.jaff, source_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsi06.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsi06f.bin.jaff, source_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsi06f.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsl01.bin.jaff, source_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsl01.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsl01f.bin.jaff, source_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsl01f.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsl02.bin.jaff, source_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsl02.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsl03.bin.jaff, source_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsl03.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsl04.bin.jaff, source_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsl04.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsl05.bin.jaff, source_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsl05.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsl05f.bin.jaff, source_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsl05f.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsl06.bin.jaff, source_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsl06.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsl06f.bin.jaff, source_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsl06f.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsl07.bin.jaff, source_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsl07.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsl07f.bin.jaff, source_file_name = c:\windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsl07f.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_caspol_b03f5f7f11d50a3a_6.1.7601.17514_none_f885d1129806720d\caspol.exe.config.jaff, source_file_name = c:\windows\winsxs\amd64_caspol_b03f5f7f11d50a3a_6.1.7601.17514_none_f885d1129806720d\caspol.exe.config	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_divacx64.inf_31bf3856ad364e35_6.1.7600.16385_none_cf37cc4c5bc25dc7\dspcli.bin.jaff, source_file_name = c:\windows\winsxs\amd64_divacx64.inf_31bf3856ad364e35_6.1.7600.16385_none_cf37cc4c5bc25dc7\dspcli.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_igdlh.inf_31bf3856ad364e35_6.1.7600.16385_none_f3e7064ea3c09a9a\igcompkrng500.bin.jaff, source_file_name = c:\windows\winsxs\amd64_igdlh.inf_31bf3856ad364e35_6.1.7600.16385_none_f3e7064ea3c09a9a\igcompkrng500.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_igdlh.inf_31bf3856ad364e35_6.1.7600.16385_none_f3e7064ea3c09a9a\igfcg500.bin.jaff, source_file_name = c:\windows\winsxs\amd64_igdlh.inf_31bf3856ad364e35_6.1.7600.16385_none_f3e7064ea3c09a9a\igfcg500.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_igdlh.inf_31bf3856ad364e35_6.1.7600.16385_none_f3e7064ea3c09a9a\igfcg500m.bin.jaff, source_file_name = c:\windows\winsxs\amd64_igdlh.inf_31bf3856ad364e35_6.1.7600.16385_none_f3e7064ea3c09a9a\igfcg500m.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_igdlh.inf_31bf3856ad364e35_6.1.7600.16385_none_f3e7064ea3c09a9a\igkrng400.bin.jaff, source_file_name = c:\windows\winsxs\amd64_igdlh.inf_31bf3856ad364e35_6.1.7600.16385_none_f3e7064ea3c09a9a\igkrng400.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_igdlh.inf_31bf3856ad364e35_6.1.7600.16385_none_f3e7064ea3c09a9a\igkrng500.bin.jaff, source_file_name = c:\windows\winsxs\amd64_igdlh.inf_31bf3856ad364e35_6.1.7600.16385_none_f3e7064ea3c09a9a\igkrng500.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-aerodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_4734ae48c8e465f5\aerodiagnostic.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-aerodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_4734ae48c8e465f5\aerodiagnostic.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_e8f2b9ab2a40e84d\gmreadme.txt.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_e8f2b9ab2a40e84d\gmreadme.txt	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06\audioplaybackdiagnostic.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06\audioplaybackdiagnostic.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06\audiorecordingdiagnostic.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06\audiorecordingdiagnostic.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-b..ironment-dvd-efisys_31bf3856ad364e35_6.1.7601.17514_none_c0c6eceaf97c4827\efisys.bin.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-b..ironment-dvd-efisys_31bf3856ad364e35_6.1.7601.17514_none_c0c6eceaf97c4827\efisys.bin	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-bits-perf_31bf3856ad364e35_6.1.7601.17514_none_914aa0fa1749a409\bitsctr.h.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-bits-perf_31bf3856ad364e35_6.1.7601.17514_none_914aa0fa1749a409\bitsctr.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-c..gement-perfcounters_31bf3856ad364e35_6.1.7600.16385_none_814c249ec2a32783\msdtcprf.h.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-c..gement-perfcounters_31bf3856ad364e35_6.1.7600.16385_none_814c249ec2a32783\msdtcprf.h	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-client-editions-matrix_31bf3856ad364e35_6.1.7601.17514_none_b158027114088d14\editionmatrix.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-client-editions-matrix_31bf3856ad364e35_6.1.7601.17514_none_b158027114088d14\editionmatrix.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-clipsinthelibrary_31bf3856ad364e35_6.1.7601.17514_none_9c24039fbeb72625\filters.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-clipsinthelibrary_31bf3856ad364e35_6.1.7601.17514_none_9c24039fbeb72625\filters.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_6.1.7601.17514_none_fe9df6ad1b5f6e87\driver.stl.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_6.1.7601.17514_none_fe9df6ad1b5f6e87\driver.stl	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.1.7600.16385_none_b5bfb0b8ee629431\comempty.dat.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.1.7600.16385_none_b5bfb0b8ee629431\comempty.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.1.7600.16385_none_7547f48c79b40229\msdtc.log.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.1.7600.16385_none_7547f48c79b40229\msdtc.log	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-d..characterlistapplet_31bf3856ad364e35_6.1.7600.16385_none_dd67cfae8586b8c8\imjpclst.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-d..characterlistapplet_31bf3856ad364e35_6.1.7600.16385_none_dd67cfae8586b8c8\imjpclst.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-d..t-services-unattend_31bf3856ad364e35_6.1.7600.16385_none_25104b6dbe690465\wdsunattendtemplate.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-d..t-services-unattend_31bf3856ad364e35_6.1.7600.16385_none_25104b6dbe690465\wdsunattendtemplate.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-devicecenterdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_68ab4bc1ef499c45\devicecenterdiagnostic.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-devicecenterdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_68ab4bc1ef499c45\devicecenterdiagnostic.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-devicediagnostic_31bf3856ad364e35_6.1.7600.16385_none_451a033a54709874\devicediagnostic.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-devicediagnostic_31bf3856ad364e35_6.1.7600.16385_none_451a033a54709874\devicediagnostic.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-dot3svc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_630d9bc151625afa\report.system.netdiagframework.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-dot3svc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_630d9bc151625afa\report.system.netdiagframework.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-dot3svc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_630d9bc151625afa\report.system.wired.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-dot3svc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_630d9bc151625afa\report.system.wired.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-dot3svc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_630d9bc151625afa\rules.system.netdiagframework.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-dot3svc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_630d9bc151625afa\rules.system.netdiagframework.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-dot3svc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_630d9bc151625afa\rules.system.wired.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-dot3svc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_630d9bc151625afa\rules.system.wired.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-dot3svc_31bf3856ad364e35_6.1.7601.17514_none_c99214378a23d63b\report.system.netdiagframework.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-dot3svc_31bf3856ad364e35_6.1.7601.17514_none_c99214378a23d63b\report.system.netdiagframework.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-dot3svc_31bf3856ad364e35_6.1.7601.17514_none_c99214378a23d63b\report.system.wired.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-dot3svc_31bf3856ad364e35_6.1.7601.17514_none_c99214378a23d63b\report.system.wired.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-dot3svc_31bf3856ad364e35_6.1.7601.17514_none_c99214378a23d63b\rules.system.netdiagframework.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-dot3svc_31bf3856ad364e35_6.1.7601.17514_none_c99214378a23d63b\rules.system.netdiagframework.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-dot3svc_31bf3856ad364e35_6.1.7601.17514_none_c99214378a23d63b\rules.system.wired.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-dot3svc_31bf3856ad364e35_6.1.7601.17514_none_c99214378a23d63b\rules.system.wired.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-dssec_31bf3856ad364e35_6.1.7600.16385_none_b65ac92a1638d945\dssec.dat.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-dssec_31bf3856ad364e35_6.1.7600.16385_none_b65ac92a1638d945\dssec.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\background.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\background.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\behavior.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\behavior.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\folder.ico.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\folder.ico	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\netfol.ico.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\netfol.ico	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\pictures.ico.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\pictures.ico	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\resource.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\resource.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\ringtones.ico.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\ringtones.ico	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\settings.ico.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\settings.ico	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\sync.ico.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\sync.ico	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\tasks.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\tasks.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\watermark.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\watermark.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\wmp.ico.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\wmp.ico	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..-mcetuningoverrides_31bf3856ad364e35_6.1.7600.16385_none_2b64302bc8dc3b49\mcetuningoverrides.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..-mcetuningoverrides_31bf3856ad364e35_6.1.7600.16385_none_2b64302bc8dc3b49\mcetuningoverrides.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..eady_eula.resources_31bf3856ad364e35_6.1.7600.16385_en-us_95d36ad13a0d3d1e\playready_eula.txt.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..eady_eula.resources_31bf3856ad364e35_6.1.7600.16385_en-us_95d36ad13a0d3d1e\playready_eula.txt	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..eady_eula.resources_31bf3856ad364e35_6.1.7600.16385_en-us_95d36ad13a0d3d1e\playready_eula_oem.txt.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..eady_eula.resources_31bf3856ad364e35_6.1.7600.16385_en-us_95d36ad13a0d3d1e\playready_eula_oem.txt	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_left_mousedown.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_left_mousedown.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_left_mouseout.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_left_mouseout.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_left_mouseover.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_left_mouseover.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_mcelogo_mousedown.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_mcelogo_mousedown.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_mcelogo_mouseout.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_mcelogo_mouseout.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_mcelogo_mouseover.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_mcelogo_mouseover.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_play.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_play.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_right_mousedown.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_right_mousedown.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_right_mouseout.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_right_mouseout.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_right_mouseover.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_right_mouseover.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\default_thumb.jpg.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\default_thumb.jpg	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\ehshelllogo.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\ehshelllogo.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\flyout.css.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\flyout.css	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\flyout.html.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\flyout.html	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\flyout_background.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\flyout_background.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\gadget_flyout_thumbnail_shadow.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\gadget_flyout_thumbnail_shadow.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\gadget_main_background_loading.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\gadget_main_background_loading.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\gadget_main_background_quicklaunch.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\gadget_main_background_quicklaunch.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\gadget_main_gradient.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\gadget_main_gradient.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\gadget_star_empty.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\gadget_star_empty.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\gadget_star_full.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\gadget_star_full.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\gadget_star_half.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\gadget_star_half.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\gadget_waitcursor.gif.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\gadget_waitcursor.gif	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\gadget_wmc_logotext.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\gadget_wmc_logotext.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\logo.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\logo.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\main.css.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\main.css	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\main.html.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\main.html	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\main.js.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\main.js	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\main_background.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\main_background.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\settings.css.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\settings.css	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\settings.html.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\settings.html	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\settings.js.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\settings.js	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..gadgetxml.resources_31bf3856ad364e35_6.1.7600.16385_en-us_904fd67a29ac3806\gadget.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..gadgetxml.resources_31bf3856ad364e35_6.1.7600.16385_en-us_904fd67a29ac3806\gadget.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5f087cbd507d8e79\erofflps.txt.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5f087cbd507d8e79\erofflps.txt	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-editions-client_31bf3856ad364e35_6.1.7600.16385_none_bc037fbe81d7b074\enterpriseedition.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-editions-client_31bf3856ad364e35_6.1.7600.16385_none_bc037fbe81d7b074\enterpriseedition.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-editions-client_31bf3856ad364e35_6.1.7600.16385_none_bc037fbe81d7b074\homebasicedition.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-editions-client_31bf3856ad364e35_6.1.7600.16385_none_bc037fbe81d7b074\homebasicedition.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-editions-client_31bf3856ad364e35_6.1.7600.16385_none_bc037fbe81d7b074\homepremiumedition.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-editions-client_31bf3856ad364e35_6.1.7600.16385_none_bc037fbe81d7b074\homepremiumedition.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-editions-client_31bf3856ad364e35_6.1.7600.16385_none_bc037fbe81d7b074\professionaledition.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-editions-client_31bf3856ad364e35_6.1.7600.16385_none_bc037fbe81d7b074\professionaledition.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-editions-client_31bf3856ad364e35_6.1.7600.16385_none_bc037fbe81d7b074\starteredition.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-editions-client_31bf3856ad364e35_6.1.7600.16385_none_bc037fbe81d7b074\starteredition.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-editions-client_31bf3856ad364e35_6.1.7600.16385_none_bc037fbe81d7b074\ultimateedition.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-editions-client_31bf3856ad364e35_6.1.7600.16385_none_bc037fbe81d7b074\ultimateedition.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-ehome-devices-dmrxml_31bf3856ad364e35_6.1.7600.16385_none_9d23d74d960a8256\mediacenter.digitalmediarenderer.avtransport.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-ehome-devices-dmrxml_31bf3856ad364e35_6.1.7600.16385_none_9d23d74d960a8256\mediacenter.digitalmediarenderer.avtransport.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-ehome-devices-dmrxml_31bf3856ad364e35_6.1.7600.16385_none_9d23d74d960a8256\mediacenter.digitalmediarenderer.connectionmanager.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-ehome-devices-dmrxml_31bf3856ad364e35_6.1.7600.16385_none_9d23d74d960a8256\mediacenter.digitalmediarenderer.connectionmanager.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-ehome-devices-dmrxml_31bf3856ad364e35_6.1.7600.16385_none_9d23d74d960a8256\mediacenter.digitalmediarenderer.renderingcontrol.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-ehome-devices-dmrxml_31bf3856ad364e35_6.1.7600.16385_none_9d23d74d960a8256\mediacenter.digitalmediarenderer.renderingcontrol.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-ehome-devices-dmrxml_31bf3856ad364e35_6.1.7600.16385_none_9d23d74d960a8256\mediacenter.digitalmediarenderer.renderingcontrolnomute.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-ehome-devices-dmrxml_31bf3856ad364e35_6.1.7600.16385_none_9d23d74d960a8256\mediacenter.digitalmediarenderer.renderingcontrolnomute.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-ehome-ehrec_31bf3856ad364e35_6.1.7600.16385_none_a6e882bc6eb8ea53\ehrec.exe.config.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-ehome-ehrec_31bf3856ad364e35_6.1.7600.16385_none_a6e882bc6eb8ea53\ehrec.exe.config	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-ehome-ehshell_31bf3856ad364e35_6.1.7600.16385_none_95955bd51390781b\ehshell.exe.config.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-ehome-ehshell_31bf3856ad364e35_6.1.7600.16385_none_95955bd51390781b\ehshell.exe.config	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-ehome-epgtos.resources_31bf3856ad364e35_6.1.7600.16385_en-us_29b70e81faa66c43\epgtos.txt.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-ehome-epgtos.resources_31bf3856ad364e35_6.1.7600.16385_en-us_29b70e81faa66c43\epgtos.txt	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7601.17514_none_1b8f8373383de46a\ehrecvr.exe.config.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7601.17514_none_1b8f8373383de46a\ehrecvr.exe.config	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-ehome-services-ehsched_31bf3856ad364e35_6.1.7600.16385_none_0167f08155bf1c81\ehsched.exe.config.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-ehome-services-ehsched_31bf3856ad364e35_6.1.7600.16385_none_0167f08155bf1c81\ehsched.exe.config	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-fax-common_31bf3856ad364e35_6.1.7601.17514_none_6a2ab458674011dc\welcomescan.jpg.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-fax-common_31bf3856ad364e35_6.1.7601.17514_none_6a2ab458674011dc\welcomescan.jpg	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-font-fms_31bf3856ad364e35_6.1.7601.17514_none_a5f8bb0ccaefbe07\fms_metadata.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-font-fms_31bf3856ad364e35_6.1.7601.17514_none_a5f8bb0ccaefbe07\fms_metadata.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-font-staticcache_31bf3856ad364e35_6.1.7600.16385_none_3fd354fc52b76f63\staticcache.dat.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-font-staticcache_31bf3856ad364e35_6.1.7600.16385_none_3fd354fc52b76f63\staticcache.dat	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..-calendar.resources_31bf3856ad364e35_6.1.7600.16385_en-us_39b468a7491888f2\calendar.css.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..-calendar.resources_31bf3856ad364e35_6.1.7600.16385_en-us_39b468a7491888f2\calendar.css	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..-calendar.resources_31bf3856ad364e35_6.1.7600.16385_en-us_39b468a7491888f2\calendar.html.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..-calendar.resources_31bf3856ad364e35_6.1.7600.16385_en-us_39b468a7491888f2\calendar.html	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..-calendar.resources_31bf3856ad364e35_6.1.7600.16385_en-us_39b468a7491888f2\calendar.js.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..-calendar.resources_31bf3856ad364e35_6.1.7600.16385_en-us_39b468a7491888f2\calendar.js	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..-calendar.resources_31bf3856ad364e35_6.1.7600.16385_en-us_39b468a7491888f2\gadget.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..-calendar.resources_31bf3856ad364e35_6.1.7600.16385_en-us_39b468a7491888f2\gadget.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2d7749943fcc6ea3\currency.css.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2d7749943fcc6ea3\currency.css	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2d7749943fcc6ea3\currency.html.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2d7749943fcc6ea3\currency.html	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2d7749943fcc6ea3\currency.js.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2d7749943fcc6ea3\currency.js	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2d7749943fcc6ea3\gadget.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2d7749943fcc6ea3\gadget.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2d7749943fcc6ea3\init.js.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2d7749943fcc6ea3\init.js	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2d7749943fcc6ea3\library.js.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2d7749943fcc6ea3\library.js	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2d7749943fcc6ea3\localizedstrings.js.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2d7749943fcc6ea3\localizedstrings.js	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2d7749943fcc6ea3\service.js.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2d7749943fcc6ea3\service.js	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\flyout.css.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\flyout.css	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\flyout.html.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\flyout.html	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\gadget.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\gadget.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\rssfeeds.css.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\rssfeeds.css	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\rssfeeds.html.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\rssfeeds.html	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\rssfeeds.js.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\rssfeeds.js	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\settings.css.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\settings.css	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\settings.html.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\settings.html	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\settings.js.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\settings.js	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dbfc68edd3137610\clock.css.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dbfc68edd3137610\clock.css	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dbfc68edd3137610\clock.html.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dbfc68edd3137610\clock.html	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dbfc68edd3137610\clock.js.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dbfc68edd3137610\clock.js	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dbfc68edd3137610\gadget.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dbfc68edd3137610\gadget.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dbfc68edd3137610\settings.css.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dbfc68edd3137610\settings.css	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dbfc68edd3137610\settings.html.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dbfc68edd3137610\settings.html	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dbfc68edd3137610\settings.js.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dbfc68edd3137610\settings.js	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dbfc68edd3137610\timezones.js.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dbfc68edd3137610\timezones.js	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\blank.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\blank.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\drag.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\drag.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\icon.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\icon.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\logo.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\logo.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\next_down.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\next_down.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\next_hov.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\next_hov.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\next_rest.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\next_rest.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\pause_down.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\pause_down.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\pause_hov.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\pause_hov.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\pause_rest.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\pause_rest.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\play_down.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\play_down.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\play_hov.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\play_hov.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\play_rest.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\play_rest.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\prev_down.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\prev_down.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\prev_hov.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\prev_hov.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\prev_rest.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\prev_rest.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\reveal_down.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\reveal_down.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\reveal_hov.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\reveal_hov.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\reveal_rest.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\reveal_rest.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\tulip.jpg.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\tulip.jpg	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..howgadget-insidebar_31bf3856ad364e35_6.1.7600.16385_none_04ef2896fc362397\bg_sidebar.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..howgadget-insidebar_31bf3856ad364e35_6.1.7600.16385_none_04ef2896fc362397\bg_sidebar.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..howgadget-insidebar_31bf3856ad364e35_6.1.7600.16385_none_04ef2896fc362397\slideshow_glass_frame.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..howgadget-insidebar_31bf3856ad364e35_6.1.7600.16385_none_04ef2896fc362397\slideshow_glass_frame.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..howgadget-ondesktop_31bf3856ad364e35_6.1.7600.16385_none_0790637f4328e8f9\slideshow_glass_frame.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..howgadget-ondesktop_31bf3856ad364e35_6.1.7600.16385_none_0790637f4328e8f9\slideshow_glass_frame.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c99bfc6ddd1bf1d2\gadget.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c99bfc6ddd1bf1d2\gadget.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c99bfc6ddd1bf1d2\settings.css.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c99bfc6ddd1bf1d2\settings.css	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c99bfc6ddd1bf1d2\settings.html.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c99bfc6ddd1bf1d2\settings.html	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c99bfc6ddd1bf1d2\slideshow.css.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c99bfc6ddd1bf1d2\slideshow.css	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c99bfc6ddd1bf1d2\slideshow.html.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c99bfc6ddd1bf1d2\slideshow.html	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c99bfc6ddd1bf1d2\slideshow.js.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c99bfc6ddd1bf1d2\slideshow.js	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\0.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\0.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\1.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\1.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\10.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\10.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\11.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\11.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\2.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\2.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\3.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\3.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\4.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\4.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\5.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\5.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\6.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\6.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\7.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\7.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\8.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\8.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\9.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\9.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\background.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\background.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\daisies.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\daisies.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\drag.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\drag.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\glow.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\glow.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\hint_down.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\hint_down.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\hint_over.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\hint_over.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\hint_up.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\hint_up.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\icon.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\icon.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\logo.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\logo.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_box_bottom.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_box_bottom.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_box_divider_left.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_box_divider_left.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_box_divider_right.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_box_divider_right.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_box_left.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_box_left.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_box_right.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_box_right.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_box_top.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_box_top.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_corner_bottom_left.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_corner_bottom_left.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_corner_bottom_right.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_corner_bottom_right.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_corner_top_left.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_corner_top_left.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_corner_top_right.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_corner_top_right.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_divider.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_divider.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_divider_left.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_divider_left.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_divider_right.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_divider_right.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_left_disabled.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_left_disabled.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_left_hover.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_left_hover.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_left_pressed.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_left_pressed.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_left_rest.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_left_rest.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_right_disabled.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_right_disabled.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_right_hover.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_right_hover.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_right_pressed.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_right_pressed.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_right_rest.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_right_rest.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\setting_back.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\setting_back.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\shuffle_down.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\shuffle_down.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\shuffle_over.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\shuffle_over.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\shuffle_up.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\shuffle_up.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\tile16.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\tile16.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\tile_bezel.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\tile_bezel.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\tile_drop_shadow.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\tile_drop_shadow.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\timer_down.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\timer_down.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\timer_over.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\timer_over.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\timer_up.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\timer_up.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\gadget.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\gadget.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\highdpiimageswap.js.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\highdpiimageswap.js	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\library.js.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\library.js	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\localizedsettings.css.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\localizedsettings.css	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\localizedstrings.js.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\localizedstrings.js	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\settings.css.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\settings.css	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\settings.html.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\settings.html	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\settings.js.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\settings.js	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\weather.css.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\weather.css	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\weather.html.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\weather.html	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\weather.js.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\weather.js	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0246f6465cb859ba\gadget.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0246f6465cb859ba\gadget.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0246f6465cb859ba\picturepuzzle.css.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0246f6465cb859ba\picturepuzzle.css	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0246f6465cb859ba\picturepuzzle.html.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0246f6465cb859ba\picturepuzzle.html	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0246f6465cb859ba\picturepuzzle.js.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0246f6465cb859ba\picturepuzzle.js	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0246f6465cb859ba\settings.css.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0246f6465cb859ba\settings.css	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0246f6465cb859ba\settings.html.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0246f6465cb859ba\settings.html	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0246f6465cb859ba\settings.js.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0246f6465cb859ba\settings.js	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bg-desk.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bg-desk.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bg-dock.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bg-dock.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bg-today.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bg-today.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bnext-disable.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bnext-disable.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bnext-down.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bnext-down.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bnext-hot.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bnext-hot.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bnext.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bnext.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bprev-disable.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bprev-disable.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bprev-down.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bprev-down.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bprev-hot.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bprev-hot.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bprev.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bprev.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\calendar_double.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\calendar_double.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\calendar_double_bkg.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\calendar_double_bkg.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\calendar_double_orange.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\calendar_double_orange.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\calendar_ring_docked.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\calendar_ring_docked.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\calendar_single.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\calendar_single.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\calendar_single_bkg.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\calendar_single_bkg.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\calendar_single_bkg_orange.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\calendar_single_bkg_orange.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\calendar_single_orange.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\calendar_single_orange.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\corner.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\corner.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\curl-hot.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\curl-hot.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\curl.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\curl.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\drag.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\drag.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\icon.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\icon.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\logo.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\logo.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\month.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\month.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\rings-desk.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\rings-desk.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\rings-dock.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\rings-dock.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\cronometer.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\cronometer.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\cronometer_dot.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\cronometer_dot.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\cronometer_h.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\cronometer_h.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\cronometer_m.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\cronometer_m.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\cronometer_s.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\cronometer_s.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\cronometer_settings.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\cronometer_settings.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\diner.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\diner.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\diner_dot.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\diner_dot.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\diner_h.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\diner_h.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\diner_m.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\diner_m.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\diner_s.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\diner_s.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\diner_settings.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\diner_settings.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\drag.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\drag.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\flower.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\flower.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\flower_dot.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\flower_dot.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\flower_h.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\flower_h.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\flower_m.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\flower_m.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\flower_s.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\flower_s.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\flower_settings.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\flower_settings.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\icon.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\icon.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\logo.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\logo.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\modern.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\modern.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\modern_dot.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\modern_dot.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\modern_h.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\modern_h.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\modern_m.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\modern_m.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\modern_s.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\modern_s.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\modern_settings.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\modern_settings.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\novelty.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\novelty.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\novelty_dot.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\novelty_dot.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\novelty_h.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\novelty_h.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\novelty_m.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\novelty_m.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\novelty_s.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\novelty_s.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\novelty_settings.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\novelty_settings.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_box_bottom.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_box_bottom.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_box_divider_left.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_box_divider_left.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_box_divider_right.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_box_divider_right.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_box_left.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_box_left.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_box_right.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_box_right.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_box_top.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_box_top.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_corner_bottom_left.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_corner_bottom_left.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_corner_bottom_right.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_corner_bottom_right.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_corner_top_left.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_corner_top_left.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_corner_top_right.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_corner_top_right.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_divider.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_divider.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_divider_left.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_divider_left.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_divider_right.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_divider_right.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_left_disabled.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_left_disabled.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_left_hover.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_left_hover.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_left_pressed.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_left_pressed.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_left_rest.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_left_rest.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_right_disabled.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_right_disabled.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_right_hover.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_right_hover.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_right_pressed.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_right_pressed.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_right_rest.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\settings_right_rest.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\spacer_highlights.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\spacer_highlights.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\square.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\square.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\square_dot.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\square_dot.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\square_h.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\square_h.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\square_m.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\square_m.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\square_s.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\square_s.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\square_settings.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\square_settings.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\system.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\system.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\system_dot.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\system_dot.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\system_h.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\system_h.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\system_m.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\system_m.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\system_s.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\system_s.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\system_settings.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\system_settings.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\trad.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\trad.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\trad_dot.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\trad_dot.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\trad_h.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\trad_h.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\trad_m.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\trad_m.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\trad_s.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\trad_s.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\trad_settings.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\trad_settings.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a9893e83c110fe46\cpu.css.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a9893e83c110fe46\cpu.css	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a9893e83c110fe46\cpu.html.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a9893e83c110fe46\cpu.html	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a9893e83c110fe46\cpu.js.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a9893e83c110fe46\cpu.js	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a9893e83c110fe46\gadget.xml.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a9893e83c110fe46\gadget.xml	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\back.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\back.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\back_lrg.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\back_lrg.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\dial.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\dial.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\dialdot.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\dialdot.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\dialdot_lrg.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\dialdot_lrg.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\dial_lrg.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\dial_lrg.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\dial_lrg_sml.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\dial_lrg_sml.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\dial_sml.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\dial_sml.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\drag.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\drag.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\glass.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\glass.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\glass_lrg.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\glass_lrg.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\icon.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\icon.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\logo.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\logo.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_c3b9072b536514f6\activity16v.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_c3b9072b536514f6\activity16v.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_c3b9072b536514f6\add_down.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_c3b9072b536514f6\add_down.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_c3b9072b536514f6\add_over.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_c3b9072b536514f6\add_over.png	1	Fn
FILE	MOVE	destination_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_c3b9072b536514f6\add_up.png.jaff, source_file_name = c:\windows\winsxs\amd64_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_c3b9072b536514f6\add_up.png	1	Fn
For performance reasons, the remaining 7324 entries are omitted. The remaining entries can be found in glog.xml.

Process #5: cmd.exe

(Host: 46, Network: 0)

Information	Value
ID	#5
File Name	c:\windows\syswow64\cmd.exe
Command Line	cmd.exe /C del /Q /F "C:\Users\hJrD1KOKY DS8lUjv\AppData\Local\Temp\pitupi20.exe"
Initial Working Directory	C:\Users\HJRD1K~1\AppData\Local\Temp\A9R3F80.tmp
Monitor	Start Time: 00:03:50, Reason: Child Process
Unmonitor	End Time: 00:03:51, Reason: Terminated
Monitor Duration	00:00:01

OS Process Information

Information	Value
PID	0xa94
Parent PID	0xa64 (c:\users\hjrd1koky ds8lujv\appdata\local\temp\pitupi20.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	1R6PFH\hJrD1KOKY DS8lUjv
Groups	1R6PFH\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) BUILTIN\Administrators (USE_FOR_DENY_ONLY) BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Logon Session 00000000:0000e8a6 (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID) LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x B0

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000020000	0x00020000	0x0002ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000030000	0x00030000	0x00036fff	Pagefile Backed Memory	Readable	Region Actions
apisetschema.dll	0x00040000	0x00040fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x0000000000050000	0x00050000	0x00053fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000060000	0x00060000	0x00060fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000070000	0x00070000	0x00071fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000080000	0x00080000	0x000bffff	Private Memory	Readable, Writable	Region Actions
locale.nls	0x000c0000	0x00126fff	Memory Mapped File	Readable	Region Actions
private_0x0000000000130000	0x00130000	0x00130fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000140000	0x00140000	0x00140fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000150000	0x00150000	0x0024ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000340000	0x00340000	0x0034ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000440000	0x00440000	0x004bffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x00000000004c0000	0x004c0000	0x00647fff	Pagefile Backed Memory	Readable	Region Actions
private_0x00000000006b0000	0x006b0000	0x007affff	Private Memory	Readable, Writable	Region Actions
pagefile_0x00000000007b0000	0x007b0000	0x00930fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000940000	0x00940000	0x01d3ffff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000001d40000	0x01d40000	0x02082fff	Pagefile Backed Memory	Readable	Region Actions
cmd.exe	0x4a310000	0x4a35bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
winbrand.dll	0x72570000	0x72576fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64win.dll	0x755f0000	0x7564bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64.dll	0x75650000	0x7568efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64cpu.dll	0x756c0000	0x756c7fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptbase.dll	0x75890000	0x7589bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sspicli.dll	0x758a0000	0x758fffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
user32.dll	0x75900000	0x759fffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
imm32.dll	0x75c60000	0x75cbffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
gdi32.dll	0x75e80000	0x75f0ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernelbase.dll	0x76300000	0x76345fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
usp10.dll	0x770e0000	0x7717cfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvcrt.dll	0x77190000	0x7723bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msctf.dll	0x77560000	0x7762bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sechost.dll	0x77660000	0x77678fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrt4.dll	0x77690000	0x7777ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernel32.dll	0x77780000	0x7788ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
advapi32.dll	0x77890000	0x7792ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
lpk.dll	0x77930000	0x77939fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000077940000	0x77940000	0x77a39fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000077a40000	0x77a40000	0x77b5efff	Private Memory	Readable, Writable, Executable	Region Actions
ntdll.dll	0x77b60000	0x77d08fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntdll.dll	0x77d40000	0x77ebffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x000000007efb0000	0x7efb0000	0x7efd2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007efdb000	0x7efdb000	0x7efddfff	Private Memory	Readable, Writable	Region Actions
private_0x000000007efde000	0x7efde000	0x7efdefff	Private Memory	Readable, Writable	Region Actions
private_0x000000007efdf000	0x7efdf000	0x7efdffff	Private Memory	Readable, Writable	Region Actions
private_0x000000007efe0000	0x7efe0000	0x7ffdffff	Private Memory	Readable	Region Actions
pagefile_0x000000007efe0000	0x7efe0000	0x7f0dffff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007f0e0000	0x7f0e0000	0x7ffdffff	Private Memory	Readable	Region Actions
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	Region Actions
private_0x000000007fff0000	0x7fff0000	0x7fffffeffff	Private Memory	Readable	Region Actions

Threads

Thread 0xb0

(Host: 46, Network: 0)

Category	Operation	Information	Count	Logfile
MOD	GET_HANDLE	module_name = c:\windows\syswow64\cmd.exe, base_address = 0x4a310000	1	Fn
MOD	GET_HANDLE	module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x77780000	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address = 0x777aa84f	1	Fn
REG	OPEN_KEY	reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System	1	Fn
FILE	OPEN	file_name = STD_OUTPUT_HANDLE	3	Fn
FILE	OPEN	file_name = STD_INPUT_HANDLE	2	Fn
REG	OPEN_KEY	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	1	Fn
REG	READ_VALUE	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data_ident_out = 0	1	Fn
REG	READ_VALUE	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data_ident_out = 1	1	Fn
REG	READ_VALUE	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data_ident_out = 1	1	Fn
REG	READ_VALUE	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data_ident_out = 0	1	Fn
REG	READ_VALUE	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data_ident_out = 64	1	Fn
REG	READ_VALUE	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data_ident_out = 64	1	Fn
REG	READ_VALUE	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data_ident_out = 64	1	Fn
REG	OPEN_KEY	reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor	1	Fn
REG	READ_VALUE	reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data_ident_out = 64	1	Fn
REG	READ_VALUE	reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data_ident_out = 1	1	Fn
REG	READ_VALUE	reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data_ident_out = 1	1	Fn
REG	READ_VALUE	reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data_ident_out = 0	1	Fn
REG	READ_VALUE	reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data_ident_out = 9	1	Fn
REG	READ_VALUE	reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data_ident_out = 9	1	Fn
REG	READ_VALUE	reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data_ident_out = 9	1	Fn
MOD	GET_FILENAME	file_name = C:\Windows\SysWOW64\cmd.exe	1	Fn
FILE	FIND	file_name = C:\Users\HJRD1K~1\AppData\Local\Temp\A9R3F80.tmp	1	Fn
FILE	FIND	file_name = C:\Users	1	Fn
FILE	FIND	file_name = C:\Users\HJRD1K~1	1	Fn
FILE	FIND	file_name = C:\Users\HJRD1K~1\AppData	1	Fn
FILE	FIND	file_name = C:\Users\HJRD1K~1\AppData\Local	1	Fn
FILE	FIND	file_name = C:\Users\HJRD1K~1\AppData\Local\Temp	1	Fn
FILE	FIND	file_name = C:\Users\HJRD1K~1\AppData\Local\Temp\A9R3F80.tmp	2	Fn
PROC	SET_CURDIR	process_name = c:\windows\syswow64\cmd.exe, os_pid = 0xa94, new_path_name = c:\users\hjrd1k~1\appdata\local\temp\a9r3f80.tmp	1	Fn
MOD	GET_HANDLE	module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x77780000	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address = 0x777b3b92	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x77794a5d	1	Fn
MOD	GET_PROC_ADDRESS	module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address = 0x777aa79d	1	Fn
FILE	FIND	file_name = C:\Users\hJrD1KOKY DS8lUjv\AppData\Local\Temp\pitupi20.exe	1	Fn
FILE	FIND	file_name = C:\Users\hJrD1KOKY DS8lUjv\AppData\Local\Temp	1	Fn
FILE	FIND	file_name = C:\Users\hJrD1KOKY DS8lUjv\AppData\Local\Temp\pitupi20.exe	1	Fn
FILE	DELETE	file_name = c:\users\hjrd1koky ds8lujv\appdata\local\temp\pitupi20.exe	1	Fn
FILE	OPEN	file_name = STD_OUTPUT_HANDLE	2	Fn
FILE	OPEN	file_name = STD_INPUT_HANDLE	1	Fn