Handle v4.

0
Copyright (C) 1997-2014 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
System pid: 4 \<unable to open process>
54: File (R--) D:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
60: File (R--) D:\$Extend\$RmMetadata\$TxfLog\
$TxfLogContainer00000000000000000001
64: File (R--) D:\System Volume Information\EfaSIDat\SYMEFA.DB
68: File (R--) D:\$Extend\$RmMetadata\$TxfLog\
$TxfLogContainer00000000000000000002
6C: File (RWD) \clfs
70: File (RWD) D:\$Extend\$RmMetadata\$Txf
74: File (RWD) \clfs
78: File (RWD) \clfs
7C: File (RWD) C:\Windows\System32\catroot\{127D0A1D-4EF2-11D1-8608-
00C04FC295EE}
80: File (R--) C:\System Volume Information\EfaSIDat\SYMEFA.DB
84: File (R--) C:\Windows\System32\config\TxR\{016888cd-6c6f-11de-8d1d-
001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
88: File (---) C:\System Volume Information\{3394c599-6290-11e8-99cf-
402cf4b8a457}{3808876b-c176-4e48-b7ae-04046e6cc752}
8C: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\IRON\Iron.db
94: File (---) C:\System Volume Information\{6fa2e696-6970-11e8-b9b9-
402cf4b8a457}{3808876b-c176-4e48-b7ae-04046e6cc752}
98: File (---) C:\System Volume Information\{3808876b-c176-4e48-b7ae-
04046e6cc752}
A8: File (RW-) \clfs
AC: File (RWD) \clfs
B0: File (RWD) \clfs
B4: File (RWD) C:\$Extend\$RmMetadata\$Txf
B8: File (R--) C:\$Extend\$RmMetadata\$TxfLog\
$TxfLogContainer00000000000000000004
BC: File (R--) C:\$Extend\$RmMetadata\$TxfLog\
$TxfLogContainer00000000000000000001
C0: File (R--) \clfs
C4: File (R--) C:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
C8: File (R--) C:\System Volume Information\EfaSIDat\SYMEFA.DB
CC: File (---) C:\System Volume Information\{adb730c9-69f5-11e8-9adc-
402cf4b8a457}{3808876b-c176-4e48-b7ae-04046e6cc752}
D0: File (RWD) \clfs
168: File (---) \Device\Mup
170: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\SBSDKGbl.dat
174: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\BASH\SPSettg.dat.log
17C: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Definitions\BASHDefs\20180604.001\bash.dat
180: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Definitions\BASHDefs\20180604.001\bash.dat
188: File (R--) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccSetMgr\ccSettings_12.1.6608.6300.dat.log
190: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccSetMgr\ccSettings_12.1.6608.6300.dat
198: File (RWD) C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-
00C04FC295EE}
 19C: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\IRON\Iron.db
1A0: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccSetMgr\b4f8f831-c2b5-4603-8da2-f22e0e83fd77.dat
1A4: File (R--) \clfs
1A8: File (RW-) \clfs
1BC: File (R--) D:\System Volume Information\EfaSIDat\SYMEFA.DB
1D0: File (RWD) \clfs
1D4: File (R--) \clfs
1DC: File (RWD) \clfs
1E0: File (RWD) \clfs
1E4: File (RW-) \clfs
1F8: File (RWD) \clfs
200: File (---) C:\Windows\System32\config\SYSTEM.LOG1
204: File (---) C:\Windows\System32\config\SYSTEM
210: File (R--) C:\Windows\System32\config\TxR\{016888cd-6c6f-11de-8d1d-
001e0bcde3ec}.TM.blf
214: File (---) C:\Windows\System32\config\SOFTWARE
218: File (---) C:\Windows\System32\config\SOFTWARE.LOG1
21C: File (---) C:\Windows\System32\config\SOFTWARE.LOG2
220: File (R--) C:\Windows\System32\config\TxR\{016888cd-6c6f-11de-8d1d-
001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
228: File (RW-) \clfs
22C: File (---) C:\Windows\System32\config\SYSTEM.LOG2
230: File (---) C:\hiberfil.sys
234: File (---) C:\Windows\System32\config\RegBack\SYSTEM
244: File (---) C:\Windows\System32\config\RegBack\SOFTWARE
24C: File (---) C:\Windows\System32\config\DEFAULT
250: File (---) C:\Windows\System32\config\DEFAULT.LOG2
254: File (---) C:\Windows\System32\config\RegBack\DEFAULT
258: File (R-D) C:\Windows\System32\wdi\LogFiles\WdiContextLog.etl.002
25C: File (---) C:\Windows\System32\config\DEFAULT.LOG1
260: File (R-D) C:\Windows\System32\wfp\wfpdiag.etl
264: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
270: File (R--) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\
EPERSIST.DAT
298: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
2A0: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-
Application.etl
2A4: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-
Security.etl
2A8: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-
System.etl
2E4: File (R-D) C:\Windows\System32\winevt\Logs\DebugChannel.etl
314: File (R-D) C:\Windows\System32\winevt\Logs\Microsoft-RMS-MSIPC%4Debug.etl
318: File (R--) C:\Users\altharto5605\NTUSER.DAT{6dbf2c48-5e7c-11e8-aeba-
402cf4b8a457}.TMContainer00000000000000000001.regtrans-ms
320: File (---) C:\Windows\bootstat.dat
324: Section \Win32kCrossSessionGlobals
330: File (-W-) C:\pagefile.sys
354: File (R-D) C:\Windows\ehome\WTVGOTHIC-S.ttc
35C: File (R-D) C:\Windows\System32\en-US\win32k.sys.mui
364: File (R-D) C:\Windows\ehome\malgunmc.ttf
378: File (R-D) C:\Windows\ehome\WTVGOTHIC-S.ttc
384: File (R-D) C:\Windows\ehome\malgunmc.ttf
38C: File (---) C:\Windows\System32\config\SECURITY
39C: File (---) C:\Windows\System32\config\RegBack\SECURITY
3A4: File (---) C:\Windows\System32\config\SECURITY.LOG1
3A8: File (---) C:\Windows\System32\config\SECURITY.LOG2
 3AC: File (R-D) C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\
MTEXTRA.TTF
3B0: File (R-D) C:\Program Files (x86)\Adobe\Acrobat DC\Resource\Font\
AdobeDevanagari-Regular.otf
3B4: File (R-D) C:\Program Files (x86)\Adobe\Acrobat DC\Resource\Font\
AdobeDevanagari-BoldItalic.otf
3B8: File (R-D) C:\Program Files (x86)\Adobe\Acrobat DC\Resource\Font\
AdobeDevanagari-Bold.otf
3BC: File (R-D) C:\Program Files (x86)\Adobe\Acrobat DC\Resource\Font\
AdobeDevanagari-Italic.otf
3CC: File (---) C:\Windows\System32\config\RegBack\SAM
3D0: File (---) C:\Windows\System32\config\SAM
3D4: File (---) C:\Windows\System32\config\SAM.LOG1
3D8: File (---) C:\Windows\System32\config\SAM.LOG2
428: File (---) C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
42C: File (R--) C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{016888bd-
6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
434: File (---) C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1
438: File (---) C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2
43C: File (R--) C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{016888bd-
6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
440: File (R--) C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{016888bd-
6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
448: File (RWD) \clfs
44C: File (RW-) \clfs
46C: File (R--) C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{016888bd-
6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
470: File (---) C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
474: File (---) C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1
478: File (---) C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2
480: File (R--) C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{016888bd-
6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
484: File (R--) C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{016888bd-
6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
48C: File (RWD) \clfs
490: File (RW-) \clfs
4BC: File (RW-) C:\Windows\CSC
4C0: File (RW-) C:\Windows\CSC\v2.0.6
4C4: File (RWD) C:\Windows\CSC\v2.0.6\temp
4C8: File (RWD) C:\Windows\CSC\v2.0.6\pq
4D0: File (RW-) C:\Windows\CSC\v2.0.6\namespace
4E8: File (R-D) C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl
4F0: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMuroc System
Trace.etl
524: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Definitions\VirusDefs\20180609.001\VIRSCAN5.DAT
548: File (R-D) C:\Program Files (x86)\Adobe\Acrobat DC\Resource\Font\
AdobeDevanagari-BoldItalic.otf
550: File (R-D) C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\
MTEXTRA.TTF
554: File (R-D) C:\Program Files (x86)\Adobe\Acrobat DC\Resource\Font\
AdobeDevanagari-Regular.otf
558: File (R-D) C:\Program Files (x86)\Adobe\Acrobat DC\Resource\Font\
AdobeDevanagari-Bold.otf
560: File (R-D) C:\Program Files (x86)\Adobe\Acrobat DC\Resource\Font\
AdobeDevanagari-Italic.otf
5D8: File (---) \Device\Mup
5DC: File (---) \Device\Mup
608: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\IRON\Iron.db
618: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagtrack-
Listener.etl
6D8: File (R--) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccJobMgr\JobMgr.dat.log
6E0: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccJobMgr\JobMgr.dat
6E4: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccJobMgr\JobMgr.dat.log
6EC: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccJobMgr\JobMgr.dat
6F0: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccGLog\ccGenericLog.dat
6F4: File (R--) C:\Users\slamet001900\NTUSER.DAT{28906241-6295-11e8-a99a-
402cf4b8a457}.TMContainer00000000000000000002.regtrans-ms
6F8: File (---) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Bin\service.dat
704: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccGEvt\Global\LM2.dat
728: File (---) C:\Users\sborazyi0360\NTUSER.DAT
73C: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccSetMgr\ccSettings_12.1.6608.6300.dat
744: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Config\ATP.dat.log
75C: File (---) C:\System Volume Information\EfaSIDat\
sdmys_83D6D02D3F519398B1555F39
778: File (R--) C:\Users\slamet001900\AppData\Local\Microsoft\Windows\
UsrClass.dat{28906245-6295-11e8-a99a-
402cf4b8a457}.TMContainer00000000000000000001.regtrans-ms
7A4: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccSetMgr\9f1f4de8-54b7-4317-975d-cb73dc37f02c.dat
7C0: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccSetMgr\ec1de6a4-5ab8-4c3d-8e21-ee42e1fe3f2a.dat
7C8: File (R--) C:\Windows\System32\config\TxR\{016888cc-6c6f-11de-8d1d-
001e0bcde3ec}.TxR.blf
7DC: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccSetMgr\9f1f4de8-54b7-4317-975d-cb73dc37f02c.dat
804: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
UsrClass.dat{7db85d07-ff37-11e7-8370-
60d819bbd95a}.TMContainer00000000000000000001.regtrans-ms
810: File (---) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
UsrClass.dat.LOG2
84C: File (---) C:\Users\slamet001900\AppData\Local\Microsoft\Windows\
UsrClass.dat.LOG2
854: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccSetMgr\33cf98d4-5904-40f7-bbff-0f9587b57807.dat
884: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\BASH\ShdSettg.dat.log
8B0: File (RW-) \clfs
8E4: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Definitions\VirusDefs\20180609.001\HF.DAT
900: File (---) C:\System Volume Information\Syscache.hve.LOG1
930: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\SRTSP\SrtspSet.dat
938: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\SBSDKEng.dat
93C: File (---) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
UsrClass.dat
940: File (---) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
UsrClass.dat.LOG1
944: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
UsrClass.dat{7db85d07-ff37-11e7-8370-60d819bbd95a}.TM.blf
950: File (RW-) \clfs
954: File (RWD) \clfs
95C: File (R--) C:\Users\sborazyi0360\NTUSER.DAT{016888bd-6c6f-11de-8d1d-
001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
960: File (R--) C:\Users\sborazyi0360\NTUSER.DAT{016888bd-6c6f-11de-8d1d-
001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
968: File (---) C:\Users\sborazyi0360\ntuser.dat.LOG2
96C: File (---) C:\Users\sborazyi0360\ntuser.dat.LOG1
970: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccSetMgr\33cf98d4-5904-40f7-bbff-0f9587b57807.dat
978: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Config\ATP.dat
980: File (R--) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\SRTSP\SrtETmp\172F98AA.TMP
984: File (R--) C:\Users\sborazyi0360\NTUSER.DAT{016888bd-6c6f-11de-8d1d-
001e0bcde3ec}.TM.blf
988: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\SRTSP\SrtETmp
98C: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\BASH\SPSettg.dat
9AC: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Definitions\VirusDefs\20180609.001\TCDEFS.DAT
9B0: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccSetMgr\Volatile.dat.log
9B4: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccSetMgr\Volatile.dat
9CC: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccSetMgr\Volatile.dat
9DC: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\BASH\ShdSettg.dat
9E0: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Config\ProfileManagement.dat
9E4: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Config\ProfileManagement.dat.log
9EC: File (R--) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Config\ProfileManagement.dat.log
9F0: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Config\ProfileManagement.dat
9F4: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Config\symresolver.dat
9F8: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
UsrClass.dat{7db85d07-ff37-11e7-8370-
60d819bbd95a}.TMContainer00000000000000000002.regtrans-ms
A00: File (RWD) \clfs
A04: File (RW-) \clfs
A10: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Config\TrayPluginRegistration.dat
A48: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccSetMgr\ccSettings_12.1.6608.6300.dat.log
A8C: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Lue\LueDyn.dat.log
AA8: File (R--) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Lue\LueDyn.dat.log
ABC: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccSetMgr\33cf98d4-5904-40f7-bbff-
0f9587b57807.dat.log
 ADC: File (R--) C:\Users\altharto5605\AppData\Local\Microsoft\Windows\
UsrClass.dat{669bc2b0-25c7-11e8-a640-
402cf4b8a457}.TMContainer00000000000000000002.regtrans-ms
AE0: File (RW-) \clfs
B04: File (R--) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Config\ATP.dat.log
B18: File (---) C:\Users\altharto5605\ntuser.dat.LOG2
B1C: File (R--) C:\Users\altharto5605\NTUSER.DAT{6dbf2c48-5e7c-11e8-aeba-
402cf4b8a457}.TM.blf
B74: File (---) C:\Users\altharto5605\AppData\Local\Microsoft\Windows\
UsrClass.dat.LOG2
B80: File (RWD) \clfs
BC8: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Config\EimLoaderData.dat
C10: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\BASH\ShdSettg.dat
C14: File (---) C:\Users\altharto5605\ntuser.dat.LOG1
C1C: File (R--) C:\Users\altharto5605\AppData\Local\Microsoft\Windows\
UsrClass.dat{669bc2b0-25c7-11e8-a640-402cf4b8a457}.TM.blf
C20: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccSetMgr\dca36940-c62e-4227-8947-2a3b95d66643.dat
C30: File (RW-) C:\ProgramData\SymEFASI\Temp
C48: File (---) C:\Users\slamet001900\AppData\Local\Microsoft\Windows\
UsrClass.dat.LOG1
C4C: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccSetMgr\dca36940-c62e-4227-8947-
2a3b95d66643.dat.log
C70: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\BASH\SPSettg.dat
C88: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Config\Connections.dat
C98: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Lue\LueDyn.dat
CA0: File (---) C:\Users\altharto5605\AppData\Local\Microsoft\Windows\
UsrClass.dat
CA4: File (---) C:\Users\altharto5605\AppData\Local\Microsoft\Windows\
UsrClass.dat.LOG1
CA8: File (---) C:\Users\altharto5605\NTUSER.DAT
CB8: File (R--) C:\Users\altharto5605\AppData\Local\Microsoft\Windows\
UsrClass.dat{669bc2b0-25c7-11e8-a640-
402cf4b8a457}.TMContainer00000000000000000001.regtrans-ms
CC4: File (RW-) \clfs
CEC: File (RWD) \clfs
D00: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Lue\LueDyn.dat
D04: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Config\content.dat
D08: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Config\ATP.dat
D18: File (R--) C:\Users\altharto5605\NTUSER.DAT{6dbf2c48-5e7c-11e8-aeba-
402cf4b8a457}.TMContainer00000000000000000002.regtrans-ms
E14: File (R--) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Definitions\BASHDefs\20180604.001\BPEMeta.dat
E18: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Definitions\VirusDefs\20180609.001\TCSCAN7.DAT
E3C: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccSetMgr\ec1de6a4-5ab8-4c3d-8e21-ee42e1fe3f2a.dat
1118: File (R--) C:\Users\slamet001900\AppData\Local\Microsoft\Windows\
UsrClass.dat{28906245-6295-11e8-a99a-
402cf4b8a457}.TMContainer00000000000000000002.regtrans-ms
12E4: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\BASH\BASHV4.DB
1344: File (---) C:\Users\slamet001900\ntuser.dat.LOG2
1354: File (R--) C:\Users\slamet001900\AppData\Local\Microsoft\Windows\
UsrClass.dat{28906245-6295-11e8-a99a-402cf4b8a457}.TM.blf
1454: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccSetMgr\9f1f4de8-54b7-4317-975d-
cb73dc37f02c.dat.log
1458: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Definitions\VirusDefs\20180609.001\VIRSCAN7.DAT
1464: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\SRTSP\SrtspSet.dat.log
1480: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccSetMgr\ec1de6a4-5ab8-4c3d-8e21-
ee42e1fe3f2a.dat.log
1484: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\BASH\BHREG.DB
148C: File (---) \clfs
1490: File (R--) C:\Windows\System32\config\TxR\{016888cc-6c6f-11de-8d1d-
001e0bcde3ec}.TxR.5.regtrans-ms
1494: File (R--) C:\Windows\System32\config\TxR\{016888cc-6c6f-11de-8d1d-
001e0bcde3ec}.TxR.4.regtrans-ms
1498: File (R--) C:\Windows\System32\config\TxR\{016888cc-6c6f-11de-8d1d-
001e0bcde3ec}.TxR.3.regtrans-ms
149C: File (R--) C:\Windows\System32\config\TxR\{016888cc-6c6f-11de-8d1d-
001e0bcde3ec}.TxR.2.regtrans-ms
14A0: File (R--) C:\Windows\System32\config\TxR\{016888cc-6c6f-11de-8d1d-
001e0bcde3ec}.TxR.1.regtrans-ms
14A4: File (R--) C:\Windows\System32\config\TxR\{016888cc-6c6f-11de-8d1d-
001e0bcde3ec}.TxR.0.regtrans-ms
14A8: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Definitions\VirusDefs\20180609.001\HP.DAT
14B0: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\BASH\BHREG.DB
14C0: File (---) C:\Users\slamet001900\NTUSER.DAT
14D0: File (R--) C:\Users\slamet001900\NTUSER.DAT{28906241-6295-11e8-a99a-
402cf4b8a457}.TMContainer00000000000000000001.regtrans-ms
14F4: File (RWD) \clfs
1510: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccSetMgr\17a53f07-85a3-4d51-b02b-90813f628164.dat
1530: File (---) C:\System Volume Information\EfaSIDat\
sdmys_E97F52FD5C8C5CF0E87D968B
1564: File (---) C:\System Volume Information\Syscache.hve.LOG2
1624: File (---) C:\System Volume Information\Syscache.hve
16B0: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\SRTSP\SrtspSet.dat
17D0: File (---) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\CmnClnt\ccSetMgr\dca36940-c62e-4227-8947-2a3b95d66643.dat
17F4: File (RWD) \clfs
1BEC: File (R-D) C:\Windows\System32\drivers\en-US\pci.sys.mui
1D64: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\BASH\BHREG.DB
1F54: File (RW-) \clfs
21E4: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Definitions\VirusDefs\20180609.001\TCSCAN7.DAT
2238: File (R-D) C:\Handle64.exe
227C: File (---) C:\Users\slamet001900\AppData\Local\Microsoft\Windows\
UsrClass.dat
 22E8: File (---) C:\Users\slamet001900\ntuser.dat.LOG1
26C4: File (R--) C:\Users\slamet001900\NTUSER.DAT{28906241-6295-11e8-a99a-
402cf4b8a457}.TM.blf
387C: File (RWD) C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-
00C04FC295EE}
3B38: File (RWD) C:\Windows\System32\catroot\{127D0A1D-4EF2-11D1-8608-
00C04FC295EE}
------------------------------------------------------------------------------
smss.exe pid: 296 NT AUTHORITY\SYSTEM
4: File (RW-) C:\Windows
------------------------------------------------------------------------------
csrss.exe pid: 484 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
2C: Section \Windows\SharedSection
DBC: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
F10: File (R-D) C:\Windows\System32\en-US\ntdll.dll.mui
------------------------------------------------------------------------------
wininit.exe pid: 596 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
88: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
------------------------------------------------------------------------------
csrss.exe pid: 616 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
2C: Section \Sessions\1\Windows\SharedSection
1F4: File (R-D) C:\Windows\Fonts\StaticCache.dat
------------------------------------------------------------------------------
services.exe pid: 652 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
5AC: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
------------------------------------------------------------------------------
lsass.exe pid: 676 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
6C: Section \BaseNamedObjects\Debug.Memory.v2.2a4
98: Section \LsaPerformance
1D8: Section \BaseNamedObjects\Debug.Trace.Memory.2a4
2CC: File (RW-) C:\Windows\debug\PASSWD.LOG
3BC: File (RWD) C:\Users\slamet001900\AppData\Local\Microsoft\Credentials
6E8: File (RW-) C:\Windows\debug\netlogon.log
78C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Credentials
A78: File (RWD) C:\Windows\System32\config\systemprofile\AppData\Roaming\
Microsoft\SystemCertificates\My
BE4: File (RWD) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Credentials
E8C: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
F14: File (RWD) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\
SystemCertificates\My
10F0: File (RWD) C:\Users\altharto5605\AppData\Roaming\Microsoft\Credentials
10F4: File (RWD) C:\Users\altharto5605\AppData\Local\Microsoft\Credentials
11F0: File (R-D) C:\Windows\System32\en-US\kernel32.dll.mui
1210: File (RWD) C:\Users\slamet001900\AppData\Roaming\Microsoft\Credentials
------------------------------------------------------------------------------
lsm.exe pid: 684 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
------------------------------------------------------------------------------
svchost.exe pid: 800 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
44C: Section \BaseNamedObjects\__ComCatalogCache__
484: Section \BaseNamedObjects\RotHintTable
490: Section \BaseNamedObjects\{A64C7F33-DA35-459b-96CA-63B51FB0CDB9}
49C: Section \BaseNamedObjects\__ComCatalogCache__
 4AC: Section \BaseNamedObjects\__ComCatalogCache__
55C: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
winlogon.exe pid: 860 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
1BC: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
------------------------------------------------------------------------------
ibmpmsvc.exe pid: 904 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
------------------------------------------------------------------------------
svchost.exe pid: 976 NT AUTHORITY\NETWORK SERVICE
C: File (RW-) C:\Windows\System32
214: Section \BaseNamedObjects\__ComCatalogCache__
244: Section \BaseNamedObjects\__ComCatalogCache__
614: Section \BaseNamedObjects\RotHintTable
------------------------------------------------------------------------------
svchost.exe pid: 108 NT AUTHORITY\LOCAL SERVICE
C: File (RW-) C:\Windows\System32
7C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-
Exhaustion-Detector%4Operational.evtx
C8: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-
Performance%4Operational.evtx
D4: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-OfflineFiles
%4Operational.evtx
108: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA
%4Errors.evtx
144: File (---) C:\Windows\ServiceProfiles\LocalService\AppData\Local\
lastalive1.dat
148: File (---) C:\Windows\ServiceProfiles\LocalService\AppData\Local\
lastalive0.dat
1C0: File (R--) C:\Windows\System32\winevt\Logs\System.evtx
224: Section \BaseNamedObjects\__ComCatalogCache__
22C: Section \BaseNamedObjects\__ComCatalogCache__
25C: File (R--) C:\Windows\System32\winevt\Logs\Application.evtx
2A4: Section \BaseNamedObjects\mmGlobalPnpInfo
2C0: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile
Service%4Operational.evtx
2EC: File (R--) C:\Windows\System32\winevt\Logs\Security.evtx
2F4: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-
TerminalServices-LocalSessionManager%4Admin.evtx
300: File (R--) C:\Windows\System32\winevt\Logs\Windows PowerShell.evtx
310: File (R--) C:\Windows\System32\winevt\Logs\Symantec Endpoint Protection
Client.evtx
320: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA
%4Operational.evtx
324: File (R--) C:\Windows\System32\winevt\Logs\Setup.evtx
32C: File (R--) C:\Windows\System32\winevt\Logs\Internet Explorer.evtx
330: File (R--) C:\Windows\System32\winevt\Logs\OSession.evtx
3B8: File (R--) C:\Windows\System32\winevt\Logs\ODiag.evtx
3CC: File (R--) C:\Windows\System32\winevt\Logs\OAlerts.evtx
3D0: File (R--) C:\Windows\System32\winevt\Logs\Media Center.evtx
3D4: File (R--) C:\Windows\System32\winevt\Logs\Key Management Service.evtx
3DC: File (R--) C:\Windows\System32\winevt\Logs\HardwareEvents.evtx
42C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Power
%4Thermal-Operational.evtx
450: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy
%4Operational.evtx
474: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-
WindowsUpdateClient%4Operational.evtx
 484: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-
BranchCacheSMB%4Operational.evtx
494: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon
%4Operational.evtx
498: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-
LanguagePackSetup%4Operational.evtx
508: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-
StoreMgr%4Operational.evtx
514: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-
TaskScheduler%4Operational.evtx
518: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Known
Folders API Service.evtx
51C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-
AutoConfig%4Operational.evtx
528: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-
DriverFrameworks-UserMode%4Operational.evtx
574: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcp-Client
%4Admin.evtx
580: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcpv6-
Client%4Admin.evtx
598: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows
Firewall With Advanced Security%4Firewall.evtx
59C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows
Firewall With Advanced Security%4ConnectionSecurity.evtx
61C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-
TerminalServices-LocalSessionManager%4Operational.evtx
640: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI
%4Operational.evtx
66C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-
Experience%4Program-Telemetry.evtx
670: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-
Experience%4Program-Compatibility-Assistant.evtx
674: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-
Experience%4Program-Inventory.evtx
678: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-
Experience%4Problem-Steps-Recorder.evtx
67C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-
Experience%4Program-Compatibility-Troubleshooter.evtx
6AC: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-
WindowsBackup%4ActionCenter.evtx
6C0: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-
NetworkProfile%4Operational.evtx
6F0: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost
%4Operational.evtx
6F8: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-PrintService
%4Admin.evtx
730: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-
Scheduled%4Operational.evtx
754: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows
Defender%4WHC.evtx
770: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client
%4Operational.evtx
77C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-
NetworkAccessProtection%4Operational.evtx
780: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-
NetworkAccessProtection%4WHC.evtx
798: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-
DPS%4Operational.evtx
808: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-
Scripted%4Admin.evtx
810: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-
Scripted%4Operational.evtx
83C: File (RW-) C:\Windows\ServiceProfiles\LocalService\AppData\Local\
Microsoft\Windows\WindowsUpdate.log
840: Section \BaseNamedObjects\windows_shell_global_counters
8BC: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-
EventTracing%4Admin.evtx
960: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-
FileVirtualization%4Operational.evtx
9B0: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-
Networking%4Operational.evtx
A2C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-NlaSvc
%4Operational.evtx
A54: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-WPD-
MTPClassDriver%4Operational.evtx
A7C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-
ReliabilityAnalysisComponent%4Operational.evtx
------------------------------------------------------------------------------
svchost.exe pid: 504 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
120: Section \BaseNamedObjects\__ComCatalogCache__
128: Section \BaseNamedObjects\__ComCatalogCache__
294: File (RWD) \Device\Mup\.\.
2C8: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
514: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
6C4: Section \BaseNamedObjects\windows_shell_global_counters
77C: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df
8B8: File (RWD) D:\$Extend\$ObjId
910: File (R--) D:\System Volume Information\tracking.log
DB8: File (RWD) C:\$Extend\$ObjId
DD0: File (R--) C:\System Volume Information\tracking.log
------------------------------------------------------------------------------
svchost.exe pid: 536 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
1B0: Section \BaseNamedObjects\__ComCatalogCache__
218: Section \BaseNamedObjects\SENS Information Cache
26C: Section \BaseNamedObjects\__ComCatalogCache__
3A4: File (R--) C:\Windows\Tasks\SCHEDLGU.TXT
3F0: File (RW-) C:\Windows\Tasks
4A4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
4B0: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-
3716689AF493}.2.ver0x000000000000000b.db
4BC: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
4C0: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
4C8: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-
1A9A39C3FDA2}.2.ver0x0000000000000002.db
518: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
574: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df
668: File (RWD) C:\Windows\System32\wbem\MOF
7F4: Section \BaseNamedObjects\SqmData_FwtSqmSession101457921_S-1-5-18
 9A4: File (RWD) C:\Windows\System32\config\systemprofile\AppData\Roaming\
Microsoft\SystemCertificates\My
B00: File (R--) C:\Windows\System32\wbem\Repository\MAPPING1.MAP
B04: File (R--) C:\Windows\System32\wbem\Repository\MAPPING2.MAP
B08: File (R--) C:\Windows\System32\wbem\Repository\MAPPING3.MAP
B0C: File (R--) C:\Windows\System32\wbem\Repository\OBJECTS.DATA
B10: File (R--) C:\Windows\System32\wbem\Repository\INDEX.BTR
C04: Section \BaseNamedObjects\windows_shell_global_counters
C58: File (R--) C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
CB4: Section \BaseNamedObjects\Wmi Provider Sub System Counters
E40: Section \BaseNamedObjects\MMF_BITS_s
1014: File (R--) C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
11D8: File (R-D) C:\Windows\System32\en-US\nci.dll.mui
1260: File (R--) C:\Windows\SoftwareDistribution\ReportingEvents.log
12E8: File (RW-) C:\Windows\WindowsUpdate.log
149C: File (RWD) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\
SystemCertificates\My
15EC: Section \BaseNamedObjects\RotHintTable
16A0: File (R-D) C:\Windows\System32\en-US\sppc.dll.mui
1790: File (R-D) C:\Handle64.exe
1A44: File (R-D) C:\Handle64.exe
------------------------------------------------------------------------------
svchost.exe pid: 956 NT AUTHORITY\LOCAL SERVICE
C: File (RW-) C:\Windows\System32
10C: Section \BaseNamedObjects\__ComCatalogCache__
344: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
584: Section \BaseNamedObjects\__ComCatalogCache__
77C: Section \BaseNamedObjects\windows_shell_global_counters
------------------------------------------------------------------------------
RtkAudioService64.exe pid: 1080 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
148: Section \BaseNamedObjects\windows_shell_global_counters
------------------------------------------------------------------------------
RAVBg64.exe pid: 1128 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
10: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
14: File (RW-) C:\Windows\winsxs\
amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_145eb2808b8d69
28
248: Section \BaseNamedObjects\__ComCatalogCache__
254: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
svchost.exe pid: 1160 NT AUTHORITY\NETWORK SERVICE
C: File (RW-) C:\Windows\System32
1B4: File (RWD) C:\Windows\System32\drivers\etc
1F0: File (---) \Device\Mup
258: File (RWD) C:\Users\sborazyi0360\AppData\LocalLow\Microsoft\
CryptnetUrlCache\MetaData
2E0: Section \BaseNamedObjects\__ComCatalogCache__
2E4: Section \BaseNamedObjects\__ComCatalogCache__
5BC: File (---) C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-
00C04FC295EE}\catdb
5F0: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
5F8: File (---) C:\Windows\System32\catroot2\edb.log
678: File (---) C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-
00C04FC295EE}\catdb
7E8: File (RWD) C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\
Microsoft\SystemCertificates\My
------------------------------------------------------------------------------
spoolsv.exe pid: 1416 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
1B4: Section \BaseNamedObjects\__ComCatalogCache__
1C0: Section \BaseNamedObjects\__ComCatalogCache__
328: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
37C: File (R-D) C:\Windows\System32\en-US\usbmon.dll.mui
5AC: File (RWD) C:\Windows\System32\win32spl.dll
8D0: File (R--) C:\Windows\System32\spool\drivers\x64\3\ESCP68.BUD
------------------------------------------------------------------------------
svchost.exe pid: 1460 NT AUTHORITY\LOCAL SERVICE
C: File (RW-) C:\Windows\System32
104: File (R-D) C:\Windows\System32\en-US\bfe.dll.mui
328: Section \BaseNamedObjects\__ComCatalogCache__
390: Section \BaseNamedObjects\__ComCatalogCache__
4EC: Section \...\ASqmManifestVersion
------------------------------------------------------------------------------
armsvc.exe pid: 1576 NT AUTHORITY\SYSTEM
10: File (RW-) C:\Windows
1C: File (RW-) C:\Windows\SysWOW64
20: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
------------------------------------------------------------------------------
AGMService.exe pid: 1596 NT AUTHORITY\SYSTEM
10: File (RW-) C:\Windows
1C: File (RW-) C:\Windows\SysWOW64
EC: File (RW-) C:\Windows\Temp\adobegc.log
138: File (RWD) C:\Program Files (x86)\Common Files\Adobe\Adobe PCD\cache
154: Section \BaseNamedObjects\windows_shell_global_counters
158: File (RWD) C:\Program Files (x86)\Common Files\Adobe\SLCache
------------------------------------------------------------------------------
AGSService.exe pid: 1616 NT AUTHORITY\SYSTEM
10: File (RW-) C:\Windows
1C: File (RW-) C:\Windows\SysWOW64
EC: File (RW-) C:\Windows\Temp\adobegc.log
154: Section \BaseNamedObjects\windows_shell_global_counters
18C: File (RW-) C:\Windows\Temp\adobegc.log
1C0: Section \BaseNamedObjects\__ComCatalogCache__
1D4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
214: Section \BaseNamedObjects\windows_shell_global_counters
358: File (RWD) C:\Windows\System32\config\systemprofile\AppData\Roaming\
Microsoft\SystemCertificates\My
3A8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5
3DC: File (R-D) C:\Windows\SysWOW64\en-US\KernelBase.dll.mui
------------------------------------------------------------------------------
cvpnd.exe pid: 1660 NT AUTHORITY\SYSTEM
10: File (RW-) C:\Windows
2B0: File (RWD) C:\Windows\System32\config\systemprofile\AppData\Roaming\
Microsoft\SystemCertificates\My
384: File (RW-) C:\Program Files (x86)\Cisco Systems\VPN Client
------------------------------------------------------------------------------
svchost.exe pid: 1752 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
134: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
150: Section \BaseNamedObjects\UTCRingBuffer_events00.rbs
154: Section \BaseNamedObjects\UTCRingBuffer_events10.rbs
158: Section \BaseNamedObjects\UTCRingBuffer_events01.rbs
 15C: Section \BaseNamedObjects\UTCRingBuffer_events11.rbs
170: Section \BaseNamedObjects\UTCUploaderStatsSharedMemory
218: File (RWD) C:\ProgramData\Microsoft\Diagnosis\Sideload
------------------------------------------------------------------------------
DWRCS.exe pid: 1800 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
9C: File (RWD) C:\ProgramData\DameWare Development\Logs\DWRCS.log
A0: Section \BaseNamedObjects\DameWare Mini Remote Control
1B8: Section \BaseNamedObjects\__ComCatalogCache__
250: Section \BaseNamedObjects\
DameWare_Agent_ProtocolHandlerSharedMemorySegment_v11
384: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
------------------------------------------------------------------------------
EvtEng.exe pid: 1880 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
10: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df
BC: Section \BaseNamedObjects\windows_shell_global_counters
178: Section \BaseNamedObjects\__ComCatalogCache__
334: File (RWD) C:\Program Files\Intel\WiFi\AutoImport
33C: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
inetinfo.exe pid: 2032 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
40: File (R-D) C:\Windows\System32\inetsrv\en-US\inetinfo.exe.mui
148: Section \BaseNamedObjects\__ComCatalogCache__
154: Section \BaseNamedObjects\__ComCatalogCache__
178: File (RW-) C:\Windows\System32\inetsrv\MBSchema.bin.00000000h
180: File (RW-) C:\Windows\System32\inetsrv\MBSchema.bin.00000000h
1B4: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
1BC: File (R--) C:\Windows\System32\inetsrv\MetaBase.xml
1D0: Section \BaseNamedObjects\windows_shell_global_counters
1D4: File (R--) C:\Windows\System32\inetsrv\MBSchema.xml
------------------------------------------------------------------------------
mdm.exe pid: 1672 NT AUTHORITY\SYSTEM
10: File (RW-) C:\Windows
1C: File (RW-) C:\Windows\SysWOW64
114: Section \BaseNamedObjects\__ComCatalogCache__
144: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
mepService.exe pid: 1976 NT AUTHORITY\SYSTEM
10: File (RW-) C:\Windows
20: File (RW-) C:\Windows\winsxs\
x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_5c0be957a009922e
134: File (RW-) C:\Program Files (x86)\EPSON\MyEpson Portal
138: Section \BaseNamedObjects\windows_shell_global_counters
13C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
------------------------------------------------------------------------------
nscp.exe pid: 1924 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
FC: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
------------------------------------------------------------------------------
RegSrvc.exe pid: 2164 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
10: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df
140: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
RupsMon.exe pid: 2224 NT AUTHORITY\SYSTEM
10: File (RW-) C:\Windows
1D0: File (RW-) C:\Program Files (x86)\Megatec\UPSilon 2000
------------------------------------------------------------------------------
UPSOW.exe pid: 2272 NT AUTHORITY\SYSTEM
10: File (RW-) C:\Windows
1C: File (RW-) C:\Program Files (x86)\Megatec\UPSilon 2000
D8: File (R-D) C:\Windows\Fonts\StaticCache.dat
E0: File (R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui
------------------------------------------------------------------------------
ccSvcHst.exe pid: 2300 NT AUTHORITY\SYSTEM
10: File (RW-) C:\Windows
1C: File (RW-) C:\Windows\SysWOW64
21C: Section \BaseNamedObjects\__ComCatalogCache__
228: Section \BaseNamedObjects\__ComCatalogCache__
250: File (R-D) C:\Windows\SysWOW64\en-US\KernelBase.dll.mui
258: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Logs\syslog.log
36C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
6A4: Section \BaseNamedObjects\SmcWatch
6F4: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Logs\rawlog.log
72C: Section \BaseNamedObjects\windows_shell_global_counters
808: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Logs\seclog.log
868: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Logs\tralog.log
86C: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Logs\processlog.log
920: File (RWD) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Definitions\VirusDefs
940: Section \BaseNamedObjects\PscanStatBlock
ADC: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\DB\av.db
B14: File (RWD) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Logs\AV
D18: Section \BaseNamedObjects\UrlZonesSM_SYSTEM
D60: File (RWD) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Definitions\HIDefs\newdefs-trigger
DF8: Section \BaseNamedObjects\FwsVpnStatusDataChannel
E48: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
E74: File (RW-) C:\Windows\SysWOW64\config\systemprofile\AppData\Local\
Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
E7C: Section \BaseNamedObjects\
C:_Windows_system32_config_systemprofile_AppData_Local_Microsoft_Windows_Temporary
Internet Files_Content.IE5_index.dat_32768
E80: File (RW-) C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\
Microsoft\Windows\Cookies\index.dat
E84: Section \BaseNamedObjects\
C:_Windows_system32_config_systemprofile_AppData_Roaming_Microsoft_Windows_Cookies_
index.dat_16384
E8C: File (RW-) C:\Windows\SysWOW64\config\systemprofile\AppData\Local\
Microsoft\Windows\History\History.IE5\index.dat
E90: Section \BaseNamedObjects\
C:_Windows_system32_config_systemprofile_AppData_Local_Microsoft_Windows_History_Hi
story.IE5_index.dat_16384
F04: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Logs\CommonMan.log
F08: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Logs\LocalRep.log
F0C: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Logs\AVMan.log
F14: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Logs\GUP.log
F18: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Logs\LUMan.log
F1C: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Logs\AtpiMan.log
F20: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Logs\BashMan.log
F24: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Logs\NetSecMan.log
F28: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Logs\RebootMgrMan.log
F2C: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Logs\RepMgtMan.log
F30: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Logs\SubmissionsMan.log
F34: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Logs\NacMan.log
F40: File (R--) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\FeatureState\{8131B5DF-5997-4523-81A2-C1B2488A1964}
F44: File (RWD) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\inbox
F70: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\DB\atpi.db
14C0: File (RWD) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Definitions\IronWhitelistDefs\newdefs-trigger
14CC: File (RWD) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Definitions\ccSubSDK_SCD_Defs\newdefs-trigger
14E4: File (RWD) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Definitions\IronRevocationDefs\newdefs-trigger
14EC: File (RWD) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Definitions\BASHDefs\newdefs-trigger
14F8: File (RWD) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Definitions\IronSettingsDefs\newdefs-trigger
14FC: File (RWD) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Definitions\SRTSPSettingsDefs\newdefs-trigger
1500: File (RWD) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Definitions\SMRDefs\newdefs-trigger
1504: File (RWD) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Definitions\EfaVTDefs\newdefs-trigger
1508: File (RWD) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Definitions\VirusDefs\newdefs-trigger
160C: File (RW-) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\DB\atpi.db
1988: File (RWD) C:\Windows\System32\config\systemprofile\AppData\Roaming\
Microsoft\SystemCertificates\My
19E0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5
2E98: File (RWD) C:\ProgramData\Symantec\Symantec Endpoint Protection\
12.1.6608.6300.105\Data\Logs\AV\06112018.Log
2EBC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_581cd2bf5825dde9
2F24: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
 2F50: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
2F5C: Section \BaseNamedObjects\windows_shell_global_counters
2F60: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-
3716689AF493}.2.ver0x000000000000000b.db
2F64: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
2F68: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
2F6C: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-
1A9A39C3FDA2}.2.ver0x0000000000000002.db
------------------------------------------------------------------------------
svchost.exe pid: 2324 NT AUTHORITY\LOCAL SERVICE
C: File (RW-) C:\Windows\System32
D0: File (RW-) C:\Windows\debug\WIA\wiatrace.log
10C: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
134: Section \BaseNamedObjects\__ComCatalogCache__
1BC: File (RW-) C:\Windows\debug\WIA\wiatrace.log
1D8: Section \BaseNamedObjects\__ComCatalogCache__
214: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
270: File (RW-) C:\Windows\winsxs\
amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_145eb2808b8d69
28
------------------------------------------------------------------------------
SynTPEnhService.exe pid: 2344 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
------------------------------------------------------------------------------
TPHKSVC.exe pid: 2396 NT AUTHORITY\SYSTEM
10: File (RW-) C:\Windows
1C: File (RW-) C:\Windows\SysWOW64
110: Section \BaseNamedObjects\TPHKSVC:HotkeyNumber
114: Section \BaseNamedObjects\TPHKSVC:Tpfnf5ToggleAirplaneMode
2F4: File (RWD) C:\Windows\System32\config\systemprofile\AppData\Roaming\
Microsoft\SystemCertificates\My
------------------------------------------------------------------------------
tvnserver.exe pid: 2432 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
10: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
F4: Section \BaseNamedObjects\windows_shell_global_counters
------------------------------------------------------------------------------
usbmate.exe pid: 2476 NT AUTHORITY\SYSTEM
10: File (RW-) C:\Windows
1C: File (RW-) C:\Windows\SysWOW64
F8: File (R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui
------------------------------------------------------------------------------
micmute.exe pid: 2552 NT AUTHORITY\SYSTEM
10: File (RW-) C:\Windows
1C: File (RW-) C:\Windows\SysWOW64
138: Section \BaseNamedObjects\__ComCatalogCache__
144: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
tphkload.exe pid: 2600 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
29C: File (RWD) C:\Windows\System32\config\systemprofile\AppData\Roaming\
Microsoft\SystemCertificates\My
------------------------------------------------------------------------------
tpnumlk.exe pid: 2724 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
10: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
------------------------------------------------------------------------------
svchost.exe pid: 2916 NT AUTHORITY\LOCAL SERVICE
C: File (RW-) C:\Windows\System32
60: Section \BaseNamedObjects\SqmData_{FDA61AA4-DD87-4A1B-B4AE-
CE6DAB346C11}_S-1-5-19
10C: Section \BaseNamedObjects\SqmData_{3C97E568-0D52-4EB9-8DFA-
B9A276502215}_S-1-5-19
11C: Section \BaseNamedObjects\SqmData_{0C2A6FB2-D071-4CD9-9177-
F903029548D2}_S-1-5-19
124: Section \BaseNamedObjects\SqmData_{05749BAE-2A23-43C6-A752-
6AF07A72392F}_S-1-5-19
13C: Section \BaseNamedObjects\SqmData_{85C552CC-3662-4335-8D23-
BE25CC7012F3}_S-1-5-19
148: Section \BaseNamedObjects\SqmData_{5B98705E-C8EF-4991-8AAA-
4C2E7854B2EC}_S-1-5-19
16C: Section \BaseNamedObjects\SqmData_{725716CD-0980-4B45-B483-
8603E0D427A9}_S-1-5-19
1A4: Section \BaseNamedObjects\SqmData_{2F5E906C-C409-4E9C-8ABE-
30535D8B1F41}_S-1-5-19
1A8: Section \BaseNamedObjects\SqmData_{27ACE0B5-45DA-44BB-A38A-
D3EF75A86556}_S-1-5-19
1C0: Section \BaseNamedObjects\SqmData_{3389D324-D80A-49E0-8C23-
F910A8DF49A6}_S-1-5-19
1C4: Section \BaseNamedObjects\SqmData_{9B76615F-6475-4404-AED5-
DDE6396076B2}_S-1-5-19
1D4: Section \BaseNamedObjects\SqmData_{23885689-0995-4443-B7DB-
F4C40C429795}_S-1-5-19
200: Section \BaseNamedObjects\windows_shell_global_counters
220: Section \BaseNamedObjects\SqmData_{45061AE8-00DD-4542-887C-
20049574FC6B}_S-1-5-19
228: Section \BaseNamedObjects\SqmData_{48EBBB96-03C5-43AC-9B15-
3B164D19948E}_S-1-5-19
22C: Section \BaseNamedObjects\SqmData_{6E2C7E86-8F6B-4D07-90F8-
90AEBEC86B81}_S-1-5-19
230: Section \BaseNamedObjects\SqmData_{69A74038-83BD-40CF-BC4F-
EA4F0F7ACA2E}_S-1-5-19
23C: Section \BaseNamedObjects\SqmData_{055FE7B8-5FE9-4723-B492-
E800D07685A9}_S-1-5-19
240: Section \BaseNamedObjects\SqmData_{7AA0F77C-35A3-49FE-BAD7-
152584F2856D}_S-1-5-19
244: Section \BaseNamedObjects\SqmData_{409A5E76-EC19-4656-8479-
EBC3A1C9D394}_S-1-5-19
250: Section \BaseNamedObjects\SqmData_{7D74DD60-BEDF-4264-9103-
BBC9FBD1EE49}_S-1-5-19
254: Section \BaseNamedObjects\SqmData_{B3C563EF-94D8-4125-BD59-
557234A927AD}_S-1-5-19
260: Section \BaseNamedObjects\SqmData_{781807BE-B79E-4CD1-8C17-
BC55196D1D4F}_S-1-5-19
26C: Section \BaseNamedObjects\SqmData_{ACD2DE44-93E0-4709-800F-
A8A777A8F23C}_S-1-5-19
270: Section \BaseNamedObjects\SqmData_{30480B9B-FB2E-4891-B497-
C873E560B81D}_S-1-5-19
274: Section \BaseNamedObjects\SqmData_{DB06757C-A2A9-4B9C-B4F8-
F3577BF43045}_S-1-5-19
 278: Section \BaseNamedObjects\SqmData_{32D6E0F3-72B5-4F6F-9FD1-
D0ADDD395AE2}_S-1-5-19
280: Section \BaseNamedObjects\SqmData_{C3962376-70DC-4C8F-BE57-
E886C7211EF5}_S-1-5-19
294: Section \BaseNamedObjects\SqmData_{9DD62190-99B3-42B7-AB77-
D5D1CAA7B2C9}_S-1-5-19
29C: Section \BaseNamedObjects\SqmData_{203B2B3A-BBBB-4B93-8668-
2FDB2971D284}_S-1-5-19
2A8: Section \BaseNamedObjects\SqmData_{79C772D9-C553-419D-8513-
7AC242F82099}_S-1-5-19
2AC: Section \BaseNamedObjects\SqmData_{D46F5A8F-3091-44E0-BBED-
497BEA3840FA}_S-1-5-19
2B0: Section \BaseNamedObjects\SqmData_{D3AA45DF-58CE-4E6E-B255-
332F629A7907}_S-1-5-19
2C0: Section \BaseNamedObjects\SqmData_{6386AF21-C702-4883-ACFC-
8F8645968AF1}_S-1-5-19
2C8: Section \BaseNamedObjects\SqmData_{4758AA77-6279-4422-962E-
2BAB23571D59}_S-1-5-19
2D4: Section \BaseNamedObjects\SqmData_{EDDBC046-76F5-4C78-A03F-
97049979417E}_S-1-5-19
2D8: Section \BaseNamedObjects\SqmData_{B220AAE1-223C-4854-8C5B-
BF781B65A01D}_S-1-5-19
2E8: Section \BaseNamedObjects\SqmData_{58D8501D-B54B-49CC-90B7-
6A43A6C1BE77}_S-1-5-19
2EC: Section \BaseNamedObjects\SqmData_{1918F0BF-EDC6-4BDB-AB50-
B17F2B19DC20}_S-1-5-19
2F0: Section \BaseNamedObjects\SqmData_{D2EA8672-FCD8-4356-9802-
014C80B4FAEA}_S-1-5-19
2F4: Section \BaseNamedObjects\SqmData_{752C72DF-D8C6-48A3-876E-
440256725A2A}_S-1-5-19
308: Section \BaseNamedObjects\SqmData_{AB550C47-0C45-4502-A31C-
5ACFF2AEDD95}_S-1-5-19
30C: Section \BaseNamedObjects\SqmData_{80076C47-B45F-41F9-8989-
C75FAF8C7ACD}_S-1-5-19
314: Section \BaseNamedObjects\SqmData_{CF855575-AA8E-43F4-8266-
D288C77FCD74}_S-1-5-19
318: Section \BaseNamedObjects\SqmData_{45CFCCDF-8232-4617-BF17-
E6FB136D5E81}_S-1-5-19
320: Section \BaseNamedObjects\SqmData_{43C4EFB7-307B-46C0-8C08-
8E34D60A2475}_S-1-5-19
324: Section \BaseNamedObjects\SqmData_{DFFA968C-5919-4722-B4DE-
1E79F430A519}_S-1-5-19
330: Section \BaseNamedObjects\SqmData_{D47137D0-38B6-4042-A871-
3AEDB7736715}_S-1-5-19
340: Section \BaseNamedObjects\SqmData_{56E53E46-25E4-416F-B13A-
904F52ED4832}_S-1-5-19
350: Section \BaseNamedObjects\SqmData_{327BF3C9-DE07-48D2-A0F1-
2D5E541BE408}_S-1-5-19
354: Section \BaseNamedObjects\SqmData_{CC4CEC06-C372-4D23-A32A-
EFE0E907878A}_S-1-5-19
35C: Section \BaseNamedObjects\SqmData_{5A0D0862-A6A2-436B-8A25-
96D4A2877C63}_S-1-5-19
364: Section \BaseNamedObjects\SqmData_{38EA029D-F0D6-461E-893F-
2D9D2A913A5F}_S-1-5-19
368: Section \BaseNamedObjects\SqmData_{298FD64D-6EF6-4CEA-9F39-
3492B406AA78}_S-1-5-19
36C: Section \BaseNamedObjects\SqmData_{D227DC43-0ED0-42AF-8F5B-
04A5241B78F0}_S-1-5-19
374: Section \BaseNamedObjects\SqmData_{CD87D729-B86D-41A2-BDB1-
B421B307EFAE}_S-1-5-19
378: Section \BaseNamedObjects\SqmData_{B94CFA9B-2CD9-4AB7-9547-
8B1E82CAF121}_S-1-5-19
37C: Section \BaseNamedObjects\SqmData_{A2B08BD1-BA23-48C4-9095-
9F6067CFE060}_S-1-5-19
380: Section \BaseNamedObjects\SqmData_{0A38A3E4-3005-4EC7-9782-
D6A146739B32}_S-1-5-19
384: Section \BaseNamedObjects\SqmData_{197C02D4-8DCA-4CFE-8A14-
A858E5AEA456}_S-1-5-19
388: Section \BaseNamedObjects\SqmData_{86B082F5-F8F5-4FD9-A7CC-
7E5878F0AFEF}_S-1-5-19
398: Section \BaseNamedObjects\SqmData_{4C1B491C-A228-4643-93DC-
EFC3F9263C82}_S-1-5-19
3A0: Section \BaseNamedObjects\SqmData_{2DC18C37-6B43-4DA3-92B1-
9270EAE7EE6C}_S-1-5-19
3A4: Section \BaseNamedObjects\SqmData_{C2DC46A4-A6BA-4333-B758-
46813C0E6267}_S-1-5-19
3AC: Section \BaseNamedObjects\SqmData_{226B1A4C-067C-4BE8-AF32-
ACD409B5A2BF}_S-1-5-19
3B0: Section \BaseNamedObjects\SqmData_{C03CFED8-9E87-4CE2-9E28-
FA5DD2CDA6C9}_S-1-5-19
3B8: Section \BaseNamedObjects\SqmData_{6F8B2110-2E69-4AA6-A22A-
6E18159C545B}_S-1-5-19
3C4: Section \BaseNamedObjects\SqmData_{A240F631-C507-48BE-8EB1-
A6DB1D95C446}_S-1-5-19
3C8: Section \BaseNamedObjects\SqmData_{94EE324B-D9EE-430C-941B-
B84D39C14496}_S-1-5-19
3D4: Section \BaseNamedObjects\SqmData_{D1270E07-D340-43D3-B9F1-
2A49302EDE2D}_S-1-5-19
3E0: Section \BaseNamedObjects\SqmData_{01936245-3A07-4373-9AD4-
911967D78B79}_S-1-5-19
3E4: Section \BaseNamedObjects\SqmData_{AEEF2283-672B-47DB-954B-
618E4EECCF22}_S-1-5-19
3E8: Section \BaseNamedObjects\SqmData_{D9BE682C-8C5E-48A0-B998-
11A2D12B11E9}_S-1-5-19
3F0: Section \BaseNamedObjects\SqmData_{EE800612-0960-4042-84C1-
744504641E22}_S-1-5-19
3F4: Section \BaseNamedObjects\SqmData_{673CAF22-3D66-458F-BE14-
180D2FA49C2B}_S-1-5-19
3F8: Section \BaseNamedObjects\SqmData_{61065BDA-74A2-4B03-A975-
C767646D290A}_S-1-5-19
3FC: Section \BaseNamedObjects\SqmData_{50479364-9797-44FC-A731-
AE7F307A781E}_S-1-5-19
410: Section \BaseNamedObjects\SqmData_{E4BCE905-99ED-43BA-B478-
6598E2441D53}_S-1-5-19
414: Section \BaseNamedObjects\SqmData_{14DCDC3A-BD3F-41FF-830B-
69CD46D95DC4}_S-1-5-19
418: Section \BaseNamedObjects\SqmData_{4DF01057-C2B7-4A0C-9B69-
25FA10405125}_S-1-5-19
428: Section \BaseNamedObjects\SqmData_{9C2C1DAE-C753-46F3-A69C-
7969CF956EC9}_S-1-5-19
42C: Section \BaseNamedObjects\SqmData_{501C3C84-8D53-4088-A570-
3291BC8C95B7}_S-1-5-19
430: Section \BaseNamedObjects\SqmData_{4F1B159A-2A15-40BD-A6FA-
8895EFFCA79F}_S-1-5-19
444: Section \BaseNamedObjects\SqmData_{F90B16DA-D568-4AAC-996B-
5CCC0EA4B206}_S-1-5-19
458: Section \BaseNamedObjects\SqmData_{7B21398C-C188-461F-AB4C-
A50EECB566FB}_S-1-5-19
 45C: Section \BaseNamedObjects\SqmData_{E335E48B-B3EC-495D-B3AA-
C831C912785D}_S-1-5-19
460: Section \BaseNamedObjects\SqmData_{F6FBD574-B5B5-468A-A32C-
8C626F261828}_S-1-5-19
464: Section \BaseNamedObjects\SqmData_{7DBE1FB4-5694-42BD-B840-
1AD9A363D7AA}_S-1-5-19
470: Section \BaseNamedObjects\SqmData_{5565C260-99E1-4734-86CE-
A7A4CD4118D9}_S-1-5-19
478: Section \BaseNamedObjects\SqmData_{D41816CF-2D22-4534-8F26-
B353F943209C}_S-1-5-19
484: Section \BaseNamedObjects\SqmData_{3DC0823E-A807-478D-89AC-
84832E4C179B}_S-1-5-19
48C: Section \BaseNamedObjects\SqmData_{06461B18-7FC2-469B-9DB0-
C849227A0627}_S-1-5-19
490: Section \BaseNamedObjects\SqmData_{D0585063-9918-48B9-BD44-
F9DBCC77A639}_S-1-5-19
49C: Section \BaseNamedObjects\SqmData_{D67E13BA-37A6-4728-93F0-
15E086991DBE}_S-1-5-19
4A4: Section \BaseNamedObjects\SqmData_{82E8CEDB-AEA5-4E9E-914C-
004B2E55937D}_S-1-5-19
4A8: Section \BaseNamedObjects\SqmData_{28F5F1ED-78FA-4FF9-AD81-
DC79CC34A2B5}_S-1-5-19
4B0: Section \BaseNamedObjects\SqmData_{1F62A6AE-5BF7-43A0-8453-
DEA1A9F4D4AC}_S-1-5-19
4B8: Section \BaseNamedObjects\SqmData_{EEC43D64-F7AF-48F4-AB8C-
E501B3863E77}_S-1-5-19
4BC: Section \BaseNamedObjects\SqmData_{6DF60EAC-BC43-4470-B950-
300BCCB818D3}_S-1-5-19
4C0: Section \BaseNamedObjects\SqmData_{D2A67D10-879A-4154-B5CA-
8B6E9081A13C}_S-1-5-19
4C4: Section \BaseNamedObjects\SqmData_{FA08663A-9011-4A60-B47A-
5A5D060F38E9}_S-1-5-19
4D0: Section \BaseNamedObjects\SqmData_{337436B0-B45A-4592-9F58-
02090D47ABFD}_S-1-5-19
4D8: Section \BaseNamedObjects\SqmData_{1BC4F6C5-8EEB-47E7-913B-
D0975C31B2CB}_S-1-5-19
4E4: Section \BaseNamedObjects\SqmData_{B6E9623B-FC2C-4A95-8A3F-
620902E4F07F}_S-1-5-19
4EC: Section \BaseNamedObjects\SqmData_{71A61DF1-D299-46F7-BF58-
09EBA2120744}_S-1-5-19
4F4: Section \BaseNamedObjects\SqmData_{AFD7F9CE-72C0-4CDD-8EB0-
2DD543BFE6E2}_S-1-5-19
500: Section \BaseNamedObjects\SqmData_{DC084D17-9D48-41AC-901B-
801EA1EF5825}_S-1-5-19
504: Section \BaseNamedObjects\SqmData_{3C397FEA-CD9E-4457-80F5-
FBC31DA688FF}_S-1-5-19
510: Section \BaseNamedObjects\SqmData_{BD96D613-7C73-4C15-97C9-
E4846831256C}_S-1-5-19
518: Section \BaseNamedObjects\SqmData_{08EA4759-4E4D-4868-81F6-
A3C4DCC4A8D7}_S-1-5-19
51C: Section \BaseNamedObjects\SqmData_{61F4EEC7-FF00-4CE7-9BD6-
A323474F6E7F}_S-1-5-19
520: Section \BaseNamedObjects\SqmData_{7A4D202A-985A-4CEC-8FA8-
BCAFC554E633}_S-1-5-19
528: Section \BaseNamedObjects\SqmData_{F59B92EF-0742-40AE-A08B-
82C9812A20FA}_S-1-5-19
530: Section \BaseNamedObjects\SqmData_{085E9624-ADDE-4459-A13B-
5DD2102D8255}_S-1-5-19
534: Section \BaseNamedObjects\SqmData_{97A59C8D-F0D4-4330-8F61-
D1D36B5104F6}_S-1-5-19
540: Section \BaseNamedObjects\SqmData_{76205782-2692-49F3-A460-
A82C9FA5B7DD}_S-1-5-19
544: Section \BaseNamedObjects\SqmData_{BEA6F398-2203-4B9B-8DC6-
19B85A0185A4}_S-1-5-19
558: Section \BaseNamedObjects\SqmData_{B6F21E9B-641C-4ABE-A994-
B234838DBD51}_S-1-5-19
570: Section \BaseNamedObjects\SqmData_{8543C823-FE0D-428C-A865-
79CD91C81B66}_S-1-5-19
574: Section \BaseNamedObjects\SqmData_{1741D1EE-1CFD-4F92-9E21-
BF13C546CC09}_S-1-5-19
57C: Section \BaseNamedObjects\SqmData_{97980BED-88D5-4A1D-AA5E-
7A2E6366F6EF}_S-1-5-19
580: Section \BaseNamedObjects\SqmData_{B42B4935-F16D-4156-8940-
A5E8CDDF11E0}_S-1-5-19
590: Section \BaseNamedObjects\SqmData_{DB31DC34-D719-44AA-827D-
E1B24518253C}_S-1-5-19
598: Section \BaseNamedObjects\SqmData_{2259CC64-3626-4530-9525-
AE9D96FDA972}_S-1-5-19
5A0: Section \BaseNamedObjects\SqmData_{02953F16-66E0-457A-8B86-
3A2006EA7AAE}_S-1-5-19
5A4: Section \BaseNamedObjects\SqmData_{BC1D9FA9-EC53-47A9-920D-
2F472947663B}_S-1-5-19
5B4: Section \BaseNamedObjects\SqmData_{90C3EEB9-7EE1-471B-893D-
8734B0F5104A}_S-1-5-19
5B8: Section \BaseNamedObjects\SqmData_{C957AE2F-AA14-4B4E-97EE-
210CC7E06174}_S-1-5-19
5BC: Section \BaseNamedObjects\SqmData_{F258D4CF-924A-4691-915E-
31027A79B47B}_S-1-5-19
5C8: Section \BaseNamedObjects\SqmData_{F0A8EB3A-3F17-4A37-B5BE-
C2ABB9425EB4}_S-1-5-19
5CC: Section \BaseNamedObjects\SqmData_{E21D4481-6797-4FD5-8097-
F3C4D32A7C0F}_S-1-5-19
5D8: Section \BaseNamedObjects\SqmData_{DC7F4124-7A06-45FC-9DB0-
4B7827D3C1FB}_S-1-5-19
5DC: Section \BaseNamedObjects\SqmData_{51064CC3-BB0D-451C-B86F-
08A6350A0882}_S-1-5-19
5E4: Section \BaseNamedObjects\SqmData_{CCFE1144-0B9C-4CEC-A0AF-
373D133A50AE}_S-1-5-19
5E8: Section \BaseNamedObjects\SqmData_{DDE8C475-E469-4224-9CDD-
55E26022F9F5}_S-1-5-19
5EC: Section \BaseNamedObjects\SqmData_{64A5C3D4-B695-45D7-B65E-
3DA0CFB86964}_S-1-5-19
5F0: Section \BaseNamedObjects\SqmData_{9798F710-06FC-4522-A475-
B3B975AB42BE}_S-1-5-19
5FC: Section \BaseNamedObjects\SqmData_{AF3221FF-9028-4F39-A25D-
FA8FAA764902}_S-1-5-19
610: Section \BaseNamedObjects\SqmData_{24EE1A78-9E41-4481-988A-
7A34C7C0EF73}_S-1-5-19
614: Section \BaseNamedObjects\SqmData_{881DC6B3-48DF-4F92-BFB5-
AA2C8CE9A3DD}_S-1-5-19
61C: Section \BaseNamedObjects\SqmData_{57AFBB0F-215D-4211-80E9-
3F453041EA81}_S-1-5-19
630: Section \BaseNamedObjects\SqmData_{B87FFF0D-C721-4C12-B221-
A8DC2DEA7B3D}_S-1-5-19
634: Section \BaseNamedObjects\SqmData_{C0788279-2800-4098-8398-
8CBC11D219AE}_S-1-5-19
638: Section \BaseNamedObjects\SqmData_{59FD9EE9-25D9-4D71-A104-
FB77E3BFBCE3}_S-1-5-19
 640: Section \BaseNamedObjects\SqmData_{2C7EC339-1BFD-4328-A68A-
C25B8FB5FBFE}_S-1-5-19
644: Section \BaseNamedObjects\SqmData_{EC7C71DC-8EF7-47FA-A38E-
62BF840A7307}_S-1-5-19
648: Section \BaseNamedObjects\SqmData_{B3CEDE90-7626-48DB-9B27-
F6701AC82846}_S-1-5-19
654: Section \BaseNamedObjects\SqmData_{046F39BB-BEF3-434B-9FDB-
657E96BF5C13}_S-1-5-19
65C: Section \BaseNamedObjects\SqmData_{074B8D26-AC2B-494E-BB81-
002EEB90C74C}_S-1-5-19
660: Section \BaseNamedObjects\SqmData_{3FA1E800-493F-4D38-9CC5-
CB77D8A4623B}_S-1-5-19
66C: Section \BaseNamedObjects\SqmData_{075B965C-8B84-45C5-A55A-
DE35A40DC466}_S-1-5-19
670: Section \BaseNamedObjects\SqmData_{81642C7A-AE75-404B-AE21-
E52AC015BAE5}_S-1-5-19
674: Section \BaseNamedObjects\SqmData_{4F7FF5B3-D0AB-4243-A26B-
81D894B9D5D7}_S-1-5-19
684: Section \BaseNamedObjects\SqmData_{7DB91967-03F6-491C-89CF-
9CA57D680D9C}_S-1-5-19
68C: Section \BaseNamedObjects\SqmData_{EF623F1E-A384-4693-86A0-
B56E8C3D862A}_S-1-5-19
690: Section \BaseNamedObjects\SqmData_{3DFE6267-F789-4C10-B0FD-
2204C46E7CF6}_S-1-5-19
698: Section \BaseNamedObjects\SqmData_{5CBACDFF-B011-4F92-AC68-
2B10B6AF1BE5}_S-1-5-19
6A0: Section \BaseNamedObjects\SqmData_{7B1BD87B-3B50-4B8F-8EFC-
702256B09134}_S-1-5-19
6A4: Section \BaseNamedObjects\SqmData_{A83D1BD4-4622-4340-8370-
6DDD9D71BBAD}_S-1-5-19
6A8: Section \BaseNamedObjects\SqmData_{E13528B4-7FDE-4F1A-B907-
F4C768BD7260}_S-1-5-19
6B0: Section \BaseNamedObjects\SqmData_{C42D7136-6E00-4FF8-9054-
C3CCF1144121}_S-1-5-19
6BC: Section \BaseNamedObjects\SqmData_{EF46C0A3-909D-4D25-B93A-
425C6D3DB289}_S-1-5-19
6C0: Section \BaseNamedObjects\SqmData_{6BDE3CC7-7A95-4201-AF9A-
4C8ACFB5576F}_S-1-5-19
6D0: Section \BaseNamedObjects\SqmData_{7930E2CD-CEDF-4D8A-9E09-
C8C01489ED48}_S-1-5-19
6D4: Section \BaseNamedObjects\SqmData_{A88A3F94-14A1-4EE6-8DA4-
DF4396B52CFA}_S-1-5-19
6D8: Section \BaseNamedObjects\SqmData_{15A4C09D-FD01-4771-B176-
B997F7E28DD1}_S-1-5-19
6E0: Section \BaseNamedObjects\SqmData_{78B19170-547B-42ED-A5BF-
3BC481A204D4}_S-1-5-19
6E8: Section \BaseNamedObjects\SqmData_{04879DF1-B610-429E-AB8D-
E362F2362797}_S-1-5-19
6F0: Section \BaseNamedObjects\SqmData_{3698535F-7D5E-4B04-BE4D-
3B2ED5313E9A}_S-1-5-19
6F8: Section \BaseNamedObjects\SqmData_{0021C74A-7CC8-45E7-B4BF-
78BDF7B9AF58}_S-1-5-19
714: Section \BaseNamedObjects\SqmData_{9B2FE705-B30B-4DAE-9C94-
792022D093CD}_S-1-5-19
71C: Section \BaseNamedObjects\SqmData_{216BA98D-9A81-47E0-9694-
3BF9B56B3DE2}_S-1-5-19
720: Section \BaseNamedObjects\SqmData_{28BBEF9D-9763-474A-8108-
420F04FDB134}_S-1-5-19
730: Section \BaseNamedObjects\SqmData_{BB62B092-44BC-4FC3-BC2C-
3AF2DCFC4214}_S-1-5-19
744: Section \BaseNamedObjects\SqmData_{961C971F-D786-4ADC-B7E4-
802ECA6086D4}_S-1-5-19
750: Section \BaseNamedObjects\SqmData_{1D615383-4B93-4E29-8E25-
CFFCABB7AEC5}_S-1-5-19
754: Section \BaseNamedObjects\SqmData_{B80B4888-83C0-46CD-BD5D-
681D16515D88}_S-1-5-19
758: Section \BaseNamedObjects\SqmData_{CF81E9A3-4571-43BD-9E40-
05CA25B11F54}_S-1-5-19
75C: Section \BaseNamedObjects\SqmData_{E9B0C5AB-0506-4775-B81E-
9637487EDDBD}_S-1-5-19
764: Section \BaseNamedObjects\SqmData_{B2CDF903-4005-4F20-8F87-
1CD0FE9EBBDF}_S-1-5-19
768: Section \BaseNamedObjects\SqmData_{CD701C68-9585-4F24-9052-
454DE9E4F2B6}_S-1-5-19
76C: Section \BaseNamedObjects\SqmData_{721D0FA0-E35F-4D59-A761-
4FF2F75DC89D}_S-1-5-19
778: Section \BaseNamedObjects\SqmData_{016B4646-8838-4670-9EED-
2C15460088E3}_S-1-5-19
77C: Section \BaseNamedObjects\SqmData_{C79E358C-8D68-4408-8028-
4063804523E7}_S-1-5-19
780: Section \BaseNamedObjects\SqmData_{B01BF1B4-2DB1-4730-B562-
791015087C5D}_S-1-5-19
790: Section \BaseNamedObjects\SqmData_{E4831945-B85B-4BB8-8596-
5DBB3C58AE75}_S-1-5-19
794: Section \BaseNamedObjects\SqmData_{088BF29F-6C89-484E-846C-
D05D45B4E00C}_S-1-5-19
79C: Section \BaseNamedObjects\SqmData_{785AED8F-7C02-4324-B42C-
2726ADE15D40}_S-1-5-19
7A0: Section \BaseNamedObjects\SqmData_{EC4FB85B-02CA-4FBC-AD0D-
82E488EEC8F0}_S-1-5-19
7A8: Section \BaseNamedObjects\SqmData_{AD942DBD-AFD8-4C28-A0BD-
47AB0E65EC93}_S-1-5-19
7B0: Section \BaseNamedObjects\SqmData_{6F7DA0EC-04F8-4886-9713-
20B88B545121}_S-1-5-19
7C0: Section \BaseNamedObjects\SqmData_{8B4B639F-611C-4A93-853B-
641243C93F50}_S-1-5-19
7D0: Section \BaseNamedObjects\SqmData_{9DC2D910-D81C-44D0-9FE2-
A4336A980C3D}_S-1-5-19
7DC: Section \BaseNamedObjects\SqmData_{6025A4A9-4E0B-4BAC-B70E-
4D746D79101D}_S-1-5-19
7E0: Section \BaseNamedObjects\SqmData_{6F92440A-8760-466A-9277-
F7E4EC2A5655}_S-1-5-19
7E4: Section \BaseNamedObjects\SqmData_{9A6C6399-944B-439A-B2A8-
2F3A1941ED83}_S-1-5-19
7EC: Section \BaseNamedObjects\SqmData_{051D1953-3B58-4B9E-81D1-
D025DB14767F}_S-1-5-19
80C: Section \BaseNamedObjects\SqmData_{7CDA1A00-E574-4577-B7CC-
3D72C648D7B8}_S-1-5-19
824: Section \BaseNamedObjects\SqmData_{C255D150-AD86-4C96-9914-
D11F9685D9EE}_S-1-5-19
828: Section \BaseNamedObjects\SqmData_{ADF7D06B-6202-4F93-B8F1-
F895383421B3}_S-1-5-19
82C: Section \BaseNamedObjects\SqmData_{AF5054E5-7E23-4B80-860C-
5A282ED147E3}_S-1-5-19
834: Section \BaseNamedObjects\SqmData_{C6B147B7-7A40-486C-AD63-
761D014BF910}_S-1-5-19
840: Section \BaseNamedObjects\SqmData_{18D9CF6D-5887-47A7-A9B7-
624C8913F637}_S-1-5-19
 848: Section \BaseNamedObjects\SqmData_{9A6AC3EC-228F-4251-BC4F-
89A615ECD7FA}_S-1-5-19
854: Section \BaseNamedObjects\SqmData_{7FEB340D-4B11-4B07-89B4-
44D4B636D29F}_S-1-5-19
858: Section \BaseNamedObjects\SqmData_{4368D1D9-F7EF-4280-BC54-
A9EC33AF7432}_S-1-5-19
860: Section \BaseNamedObjects\SqmData_{86E1D6CE-13BF-4D3F-AF40-
6D94E0F54FA5}_S-1-5-19
864: Section \BaseNamedObjects\SqmData_{016CE5D4-E995-466E-8774-
12FDD6740144}_S-1-5-19
87C: Section \BaseNamedObjects\SqmData_{169F2361-074D-4A38-8249-
C4E348F4833F}_S-1-5-19
880: Section \BaseNamedObjects\SqmData_{784CC786-A893-4C30-A39F-
0DC73CFF1C0E}_S-1-5-19
8B0: Section \BaseNamedObjects\SqmData_{FEEC995E-D2A7-4791-A03D-
68F0B51275C6}_S-1-5-19
------------------------------------------------------------------------------
svchost.exe pid: 3064 NT AUTHORITY\LOCAL SERVICE
C: File (RW-) C:\Windows\System32
108: Section \BaseNamedObjects\windows_shell_global_counters
------------------------------------------------------------------------------
unsecapp.exe pid: 3100 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
C4: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
WmiPrvSE.exe pid: 3244 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
A4: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
110: Section \BaseNamedObjects\Wmi Provider Sub System Counters
128: Section \BaseNamedObjects\__ComCatalogCache__
134: Section \BaseNamedObjects\__ComCatalogCache__
1D4: Section \BaseNamedObjects\windows_shell_global_counters
1DC: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df
------------------------------------------------------------------------------
svchost.exe pid: 3672 NT AUTHORITY\NETWORK SERVICE
C: File (RW-) C:\Windows\System32
11C: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
taskhost.exe pid: 3376 CORPAI\sborazyi0360
C: File (RW-) C:\Windows\System32
FC: Section \BaseNamedObjects\__ComCatalogCache__
108: Section \BaseNamedObjects\__ComCatalogCache__
144: Section \Sessions\1\BaseNamedObjects\CTF.AsmListCache.FMPDefault1
14C: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
280: File (RW-) C:\Windows\System32
2A0: File (RW-) C:\Windows\System32
320: Section \BaseNamedObjects\mmGlobalPnpInfo
418: File (R-D) C:\Windows\Fonts\StaticCache.dat
------------------------------------------------------------------------------
DWRCST.exe pid: 3380 CORPAI\sborazyi0360
C: File (RW-) C:\Windows\System32
10: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
E4: Section \Sessions\1\BaseNamedObjects\Default DameWare Mini Remote
Control Tray Icon
108: File (R-D) C:\Windows\System32\en-US\shell32.dll.mui
1AC: File (R-D) C:\Windows\Fonts\StaticCache.dat
1B4: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
 1B8: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
------------------------------------------------------------------------------
mep.exe pid: 3412 CORPAI\sborazyi0360
10: File (RW-) C:\Windows
20: File (RW-) C:\Windows\winsxs\
x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_5c0be957a009922e
24: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5
CC: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
E4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
100: File (RW-) C:\Program Files (x86)\EPSON\MyEpson Portal
170: Section \BaseNamedObjects\__ComCatalogCache__
178: Section \BaseNamedObjects\__ComCatalogCache__
1A0: File (R-D) C:\Windows\SysWOW64\en-US\KernelBase.dll.mui
200: Section \Sessions\1\BaseNamedObjects\!PrivacIE!SharedMem!Counter
22C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
26C: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
Temporary Internet Files\Content.IE5\index.dat
270: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Local_Microsoft_Windows_Temporary Internet
Files_Content.IE5_index.dat_114688
27C: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Windows\
Cookies\index.dat
280: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Roaming_Microsoft_Windows_Cookies_index.dat_32768
288: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\History\
History.IE5\index.dat
28C: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Local_Microsoft_Windows_History_History.IE5_index.dat
_98304
290: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Windows\
IETldCache\index.dat
298: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Roaming_Microsoft_Windows_IETldCache_index.dat_278528
2B4: Section \Sessions\1\BaseNamedObjects\UrlZonesSM_sborazyi0360
338: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
3D4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
------------------------------------------------------------------------------
ccSvcHst.exe pid: 3660 CORPAI\sborazyi0360
10: File (RW-) C:\Windows
1C: File (RW-) C:\Windows\SysWOW64
1F4: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
2C0: Section \BaseNamedObjects\__ComCatalogCache__
2C8: Section \BaseNamedObjects\__ComCatalogCache__
350: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
374: File (RW-) C:\Windows\winsxs\
x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_5c0be957a009922e
3E0: File (R-D) C:\Windows\Fonts\StaticCache.dat
44C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
458: Section \BaseNamedObjects\windows_shell_global_counters
488: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-
3716689AF493}.2.ver0x000000000000000b.db
 48C: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
490: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
494: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-
1A9A39C3FDA2}.2.ver0x0000000000000002.db
4EC: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
Temporary Internet Files\Content.IE5\index.dat
4F0: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Local_Microsoft_Windows_Temporary Internet
Files_Content.IE5_index.dat_114688
4F8: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Windows\
Cookies\index.dat
4FC: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Roaming_Microsoft_Windows_Cookies_index.dat_32768
504: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\History\
History.IE5\index.dat
508: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Local_Microsoft_Windows_History_History.IE5_index.dat
_98304
50C: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Windows\
IETldCache\index.dat
514: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Roaming_Microsoft_Windows_IETldCache_index.dat_278528
534: Section \Sessions\1\BaseNamedObjects\UrlZonesSM_sborazyi0360
------------------------------------------------------------------------------
TPOSDSVC.exe pid: 3592 CORPAI\sborazyi0360
10: File (RW-) C:\Windows
1C: File (RW-) C:\Program Files\Lenovo\HOTKEY
98: Section \BaseNamedObjects\__ComCatalogCache__
F0: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
124: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
14C: Section \BaseNamedObjects\__ComCatalogCache__
150: Section \BaseNamedObjects\windows_shell_global_counters
180: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
184: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
188: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-
3716689AF493}.2.ver0x000000000000000b.db
190: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-
1A9A39C3FDA2}.2.ver0x0000000000000002.db
23C: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
------------------------------------------------------------------------------
SynTPEnh.exe pid: 3096 CORPAI\sborazyi0360
C: File (RW-) C:\Windows\System32
10: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
EC: Section \BaseNamedObjects\__ComCatalogCache__
F8: Section \BaseNamedObjects\__ComCatalogCache__
108: Section \Sessions\1\BaseNamedObjects\SynAPIArena
140: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
178: Section \Sessions\1\BaseNamedObjects\SynTPAPIMemMap
8C8: File (R-D) C:\Windows\Fonts\StaticCache.dat
------------------------------------------------------------------------------
dwm.exe pid: 3864 CORPAI\sborazyi0360
C: File (RW-) C:\Windows\System32
198: File (R-D) C:\Windows\Fonts\StaticCache.dat
1D0: File (R-D) C:\Windows\winsxs\amd64_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\
comctl32.dll.mui
1E8: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
24C: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
2A0: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3
2AC: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
2D4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
2D8: File (R-D) C:\Windows\System32\en-US\duser.dll.mui
------------------------------------------------------------------------------
shtctky.exe pid: 1048 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Program Files\Lenovo\HOTKEY
------------------------------------------------------------------------------
tpnumlkd.exe pid: 1688 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
------------------------------------------------------------------------------
explorer.exe pid: 1332 CORPAI\sborazyi0360
C: File (RW-) C:\Windows\System32
10: File (RW-) C:\Windows\winsxs\
amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_145eb2808b8d69
28
CC: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
14C: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
168: Section \BaseNamedObjects\__ComCatalogCache__
170: Section \BaseNamedObjects\__ComCatalogCache__
1A4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
1CC: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
220: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
234: File (R-D) C:\Windows\System32\en-US\shell32.dll.mui
264: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
284: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
2BC: File (R-D) C:\Windows\Fonts\StaticCache.dat
2C4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3
2C8: File (R-D) C:\Windows\winsxs\amd64_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\
comctl32.dll.mui
2CC: Section \BaseNamedObjects\windows_shell_global_counters
2D4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
324: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-
3716689AF493}.2.ver0x000000000000000b.db
32C: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
334: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
 338: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-
1A9A39C3FDA2}.2.ver0x0000000000000002.db
368: File (RWD) C:\Users\sborazyi0360\Desktop
380: File (RWD) C:\Users\sborazyi0360\Desktop
384: File (RWD) C:\Users\Public\Desktop
38C: File (RWD) C:\Users\Public\Desktop
394: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\Burn
39C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\Burn
3B4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
3D0: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
3F0: File (RWD) C:\ProgramData\Microsoft\Windows\WER\ReportArchive
3F4: File (R-D) C:\Windows\System32\en-US\duser.dll.mui
414: File (RWD) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Internet
Explorer\Quick Launch\User Pinned
424: File (RWD) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Internet
Explorer\Quick Launch\User Pinned
42C: File (RWD) C:\ProgramData\Microsoft\Windows\Start Menu
43C: File (RWD) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Windows\Start
Menu
444: File (RWD) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Windows\Start
Menu
45C: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
460: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\WER\
ReportArchive
468: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
490: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
4CC: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
4EC: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
Temporary Internet Files\Content.IE5\index.dat
4F0: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Local_Microsoft_Windows_Temporary Internet
Files_Content.IE5_index.dat_114688
4F8: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Windows\
Cookies\index.dat
4FC: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Roaming_Microsoft_Windows_Cookies_index.dat_32768
504: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\History\
History.IE5\index.dat
508: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Local_Microsoft_Windows_History_History.IE5_index.dat
_98304
534: Section \Sessions\1\BaseNamedObjects\UrlZonesSM_sborazyi0360
568: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{40FC8D7D-05ED-4FEB-B03B-
6C100659EF5C}.2.ver0x0000000000000001.db
570: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
58C: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{ECB52F61-3F4C-49C7-9BD8-
4D2A5FB71BC6}.2.ver0x0000000000000001.db
5E8: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
 5FC: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
6B0: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\WER\ERC
6D4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
6D8: File (R-D) C:\Windows\System32\en-US\ActionCenter.dll.mui
718: File (RWD) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Windows\
Libraries
738: File (RWD) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Windows\
Libraries
768: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
794: Section \BaseNamedObjects\mmGlobalPnpInfo
7D0: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
7F0: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
844: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
89C: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
8B0: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
8B4: File (RWD) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Windows\
Printer Shortcuts
8BC: File (RWD) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Windows\
Printer Shortcuts
908: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
9C4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
9E4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
A28: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
A38: Section \Sessions\1\BaseNamedObjects\windows_ie_global_counters
A48: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
A50: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
A80: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
B10: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
B24: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
B2C: File (RW-) C:\Users\SBORAZ~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt
B70: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
BC0: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
C08: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
CA0: Section \BaseNamedObjects\SearchCrawlScopeVersion
CD4: File (R-D) C:\Windows\System32\en-US\wlanmm.dll.mui
D3C: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
D60: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
D6C: Section \Sessions\1\BaseNamedObjects\
SqmData_WPDBUSENUMROOT#UMB#2&37C186B&0&STORAGE#VOLUME#_??
_USBSTOR#DISK&VEN_HP&PROD_V245O&REV_1100#04150600000000000466&0#_S-1-5-21-
466040969-3019942160-365623475-34820176
D90: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
DA0: File (RWD) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs
E70: File (RWD) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
F48: Section \Sessions\1\BaseNamedObjects\
SqmData_USB#VID_17EF&PID_74A6&MI_00#7&28B49B38&0&0000_S-1-5-21-466040969-
3019942160-365623475-34820176
FBC: File (R-D) C:\Windows\System32\en-US\WLanConn.dll.mui
FE8: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
FF8: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Local_Microsoft_Windows_History_History.IE5_MSHist012
018061120180612_index.dat_32768
FFC: File (RWD) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
1040: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
1058: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
1068: File (RWD) C:\ProgramData\Microsoft\Windows\Start Menu\Programs
1090: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
Explorer\thumbcache_idx.db
10A4: Section \Sessions\1\BaseNamedObjects\
SqmData_WPDBUSENUMROOT#UMB#2&37C186B&0&STORAGE#VOLUME#_??
_USBSTOR#DISK&VEN_SANDISK&PROD_ULTRA&REV_1.00#4C531001450509114515&0#_S-1-5-21-
466040969-3019942160-365623475-34820176
10A8: File (RWD) C:\Users\sborazyi0360\Favorites\Links
10F0: File (R-D) C:\Windows\System32\en-US\WinSATAPI.dll.mui
10F8: File (RWD) C:\Users\sborazyi0360\Favorites\Links
1160: File (R-D) C:\Windows\System32\en-US\timedate.cpl.mui
11E8: File (R-D) C:\Windows\System32\en-US\ntshrui.dll.mui
1204: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\History\
History.IE5\MSHist012018061120180612\index.dat
125C: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
1288: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
128C: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
1338: Section \BaseNamedObjects\RotHintTable
1434: File (RWD) C:\ProgramData\Microsoft\Windows\Start Menu
14E8: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
14EC: File (RWD) C:\ProgramData\Microsoft\Windows\Start Menu\Programs
14FC: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
Explorer\thumbcache_idx.db
15B0: File (RWD) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs
162C: File (RWD) C:\Users\sborazyi0360\Favorites
1698: File (R-D) C:\Windows\System32\en-US\aclui.dll.mui
16C4: File (RWD) C:\Users\sborazyi0360\Favorites
170C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
Explorer\thumbcache_32.db
1814: File (R-D) C:\Windows\System32\en-US\devmgr.dll.mui
1834: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
1CC4: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
Explorer\thumbcache_96.db
 4210: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
Explorer\thumbcache_idx.db
4458: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
Explorer\thumbcache_256.db
7E2C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
Explorer\thumbcache_1024.db
8898: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
Explorer\thumbcache_sr.db
------------------------------------------------------------------------------
TPONSCR.exe pid: 2900 CORPAI\sborazyi0360
10: File (RW-) C:\Windows
1C: File (RW-) C:\Program Files\Lenovo\HOTKEY
100: File (R-D) C:\Windows\Fonts\StaticCache.dat
------------------------------------------------------------------------------
TpScrex.exe pid: 3236 CORPAI\sborazyi0360
10: File (RW-) C:\Windows
1C: File (RW-) C:\Program Files\Lenovo\HOTKEY
------------------------------------------------------------------------------
SynTPLpr.exe pid: 1472 CORPAI\sborazyi0360
C: File (RW-) C:\Windows\System32
7C: Section \BaseNamedObjects\__ComCatalogCache__
88: Section \BaseNamedObjects\__ComCatalogCache__
CC: Section \Sessions\1\BaseNamedObjects\SynAPIArena
------------------------------------------------------------------------------
SynLenovoHelper.exe pid: 3392 CORPAI\sborazyi0360
C: File (RW-) C:\Windows\System32
7C: Section \BaseNamedObjects\__ComCatalogCache__
88: Section \BaseNamedObjects\__ComCatalogCache__
CC: Section \Sessions\1\BaseNamedObjects\SynAPIArena
10C: Section \Sessions\1\BaseNamedObjects\SynTPAPIMemMap
170: File (R-D) C:\Windows\Fonts\StaticCache.dat
------------------------------------------------------------------------------
igfxtray.exe pid: 4192 CORPAI\sborazyi0360
C: File (RW-) C:\Windows\System32
AC: Section \BaseNamedObjects\__ComCatalogCache__
B8: Section \BaseNamedObjects\__ComCatalogCache__
13C: File (R-D) C:\Windows\Fonts\StaticCache.dat
148: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
------------------------------------------------------------------------------
hkcmd.exe pid: 4216 CORPAI\sborazyi0360
C: File (RW-) C:\Windows\System32
7C: Section \Sessions\1\BaseNamedObjects\
AtlDebugAllocator_FileMappingNameStatic3_1078
9C: Section \BaseNamedObjects\__ComCatalogCache__
A8: Section \BaseNamedObjects\__ComCatalogCache__
128: File (R-D) C:\Windows\Fonts\StaticCache.dat
------------------------------------------------------------------------------
SynTPHelper.exe pid: 4228 CORPAI\sborazyi0360
C: File (RW-) C:\Windows\System32
------------------------------------------------------------------------------
igfxpers.exe pid: 4256 CORPAI\sborazyi0360
C: File (RW-) C:\Windows\System32
94: Section \Sessions\1\BaseNamedObjects\
AtlDebugAllocator_FileMappingNameStatic3_10a0
B4: Section \BaseNamedObjects\__ComCatalogCache__
C0: Section \BaseNamedObjects\__ComCatalogCache__
174: Section \Sessions\1\BaseNamedObjects\icc_lib_shm_name
18C: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
1D4: File (R-D) C:\Windows\Fonts\StaticCache.dat
------------------------------------------------------------------------------
tvnserver.exe pid: 4312 CORPAI\sborazyi0360
C: File (RW-) C:\Windows\System32
10: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
E0: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
118: File (R-D) C:\Windows\Fonts\StaticCache.dat
------------------------------------------------------------------------------
RAVCpl64.exe pid: 4416 CORPAI\sborazyi0360
C: File (RW-) C:\Windows\System32
10: File (RW-) C:\Windows\winsxs\
amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_145eb2808b8d69
28
14: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
25C: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
378: Section \BaseNamedObjects\__ComCatalogCache__
380: Section \BaseNamedObjects\__ComCatalogCache__
3EC: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
------------------------------------------------------------------------------
RAVBg64.exe pid: 4436 CORPAI\sborazyi0360
C: File (RW-) C:\Windows\System32
10: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
14: File (RW-) C:\Windows\winsxs\
amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_145eb2808b8d69
28
24C: Section \BaseNamedObjects\__ComCatalogCache__
258: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
lync.exe pid: 4468 CORPAI\sborazyi0360
14: File (RW-) C:\Windows
20: File (RW-) C:\Windows\SysWOW64
24: File (RW-) C:\Windows\winsxs\
x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_5c0be957a009922e
328: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
638: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
648: File (R-D) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing\Lync-16.0.4417.1000-Office-x86ship-U.etl
654: Section \BaseNamedObjects\__ComCatalogCache__
69C: Section \BaseNamedObjects\__ComCatalogCache__
770: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
7B4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
7E0: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
Temporary Internet Files\Content.IE5\index.dat
7E4: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Local_Microsoft_Windows_Temporary Internet
Files_Content.IE5_index.dat_114688
7EC: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Windows\
Cookies\index.dat
7F0: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Roaming_Microsoft_Windows_Cookies_index.dat_32768
7F8: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\History\
History.IE5\index.dat
7FC: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Local_Microsoft_Windows_History_History.IE5_index.dat
_98304
8D4: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
99C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
9A0: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
9A8: Section \Sessions\1\BaseNamedObjects\UrlZonesSM_sborazyi0360
9CC: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
A2C: File (RWD) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\
SystemCertificates\My
AAC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
B78: File (RWD) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\
SystemCertificates\My
CB4: File (R-D) C:\Windows\SysWOW64\en-US\KernelBase.dll.mui
CD0: Section \Sessions\1\BaseNamedObjects\MicrosoftOfficeCommunicatorURL
D14: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
D1C: File (RW-) C:\Program Files (x86)\Microsoft Office\Office16
F8C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
1484: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing\Lync-UccApi-1.UccApilog
1644: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
172C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
1730: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing\Lync-AppSharingMediaProvider-0.AppSharingMediaProviderlog
1890: File (R-D) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing\WPPMedia\lync_MediaStack-6.0.8941.633-lcsmedia_vnext_w16cu(rtbldlab)-
x86fre-U.etl
18B0: File (R-D) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing\WPPMedia\lync_MediaStackETW-6.0.8941.633-
lcsmedia_vnext_w16cu(rtbldlab)-x86fre-U.etl
18D8: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing\SCT_Lync_0.log
1914: File (---) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing\SCT_Offline_Storage_Lync_0.dat
1928: File (RWD) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\
SystemCertificates\My
196C: Section \BaseNamedObjects\mmGlobalPnpInfo
1970: Section \BaseNamedObjects\windows_shell_global_counters
1984: File (R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui
1998: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
19A4: File (R-D) C:\Windows\Fonts\StaticCache.dat
1A24: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
1A30: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
1AD8: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
1ADC: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
1AE0: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
1AE4: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
1AF8: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
1B14: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
1B30: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
1B70: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
1B7C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
1BA8: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
1BAC: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
1BB0: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
1BB4: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
1BD8: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
1C50: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
1DE4: File (R-D) C:\Windows\SysWOW64\en-US\UIAutomationCore.dll.mui
1F68: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
1F78: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
2060: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
206C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
20C8: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
20D4: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
21A0: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-
1A9A39C3FDA2}.2.ver0x0000000000000002.db
25DC: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-
3716689AF493}.2.ver0x000000000000000b.db
25F0: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
25F8: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
2640: File (R-D) C:\Windows\SysWOW64\en-US\msxml6r.dll.mui
26D4: Section \Sessions\1\BaseNamedObjects\!PrivacIE!SharedMem!Counter
26E8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
2854: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
287C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
3180: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
32F0: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
 337C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
338C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
34EC: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
34F4: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
3510: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
3544: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
35EC: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
36D4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
3724: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
373C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
3740: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
3760: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
3764: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
3778: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
3798: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
37AC: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
3828: File (R-D) C:\Windows\SysWOW64\en-US\shell32.dll.mui
3848: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
386C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
3880: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
38A0: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
38B8: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
38E4: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
38EC: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
38F8: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
3908: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
3960: File (R-D) C:\Windows\winsxs\x86_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_581cd2bf5825dde9\
comctl32.dll.mui
3964: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
3988: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
39BC: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
39CC: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
3A18: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_581cd2bf5825dde9
3A50: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
3A78: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
3A7C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
3AB4: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
3ACC: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
3B2C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
3B34: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
3B4C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
3B7C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
411C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
45C4: File (R--) C:\Windows\Fonts\segoeuib.ttf
464C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
46D0: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
4700: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
4738: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
473C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
4744: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
4758: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
4764: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
4774: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
4788: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
47E0: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
4818: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
4860: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
4870: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
4880: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
4890: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
48A0: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
48CC: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
48D8: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
491C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
4924: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
4938: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
4948: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
4950: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
497C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
4980: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
49C0: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
4A70: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
4A88: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
4B38: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
4B54: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
504C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5078: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5474: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
59C8: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
59CC: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
59E0: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5A30: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5A58: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5A64: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5A68: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5A9C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5AA4: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5AAC: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5AC0: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5AD4: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
 5AF0: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5B24: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5B6C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5B70: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5B74: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5B84: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5B8C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5C14: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5C18: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5C20: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5C2C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5C84: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5CBC: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5CD0: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5D84: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5DB8: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5DD4: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5E00: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5E68: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5E9C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5F38: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5F3C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5F5C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5FB4: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
5FD8: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
6060: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
607C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
6080: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
60B0: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
61BC: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
61C8: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
61E0: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
61EC: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
6218: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
6244: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
6268: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
626C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
6278: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\sip_sbo.razy.iqbal@ai.astra.co.id\CoreContact.cache
6294: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
62B8: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
6300: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
6350: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
6360: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
6374: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
639C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
6444: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
6470: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
6488: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
64B8: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
64C4: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
64F0: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\sip_sbo.razy.iqbal@ai.astra.co.id\EwsFoldersbo.razy.iqbal@ai.astra.co.id.cache
64FC: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
6508: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
657C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
6590: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
6790: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
6958: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
6978: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
6A08: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
 6A50: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\sip_sbo.razy.iqbal@ai.astra.co.id\MfuGroup.cache
6A6C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
6AA4: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
6AE8: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\sip_sbo.razy.iqbal@ai.astra.co.id\
MailItemsbo.razy.iqbal@ai.astra.co.id19965442261.cache
6B14: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
6BFC: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
6C80: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
6C8C: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\sip_sbo.razy.iqbal@ai.astra.co.id\
MailItemsbo.razy.iqbal@ai.astra.co.id32908128904.cache
72B8: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\sip_sbo.razy.iqbal@ai.astra.co.id\PresencePhoto.cache
74E4: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\sip_sbo.razy.iqbal@ai.astra.co.id\PersonalLISDB.cache
74EC: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\sip_sbo.razy.iqbal@ai.astra.co.id\EndpointConfiguration.cache
761C: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\sip_sbo.razy.iqbal@ai.astra.co.id\ABS__sbo.razy.iqbal@ai.astra.co.id.cache
7628: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\sip_sbo.razy.iqbal@ai.astra.co.id\UCSGroupsContacts.cache
7668: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
7674: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\sip_sbo.razy.iqbal@ai.astra.co.id\
MailItemsbo.razy.iqbal@ai.astra.co.id41615589907.cache
7684: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\sip_sbo.razy.iqbal@ai.astra.co.id\
MailItemsbo.razy.iqbal@ai.astra.co.id32960236819.cache
7690: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing
76D8: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\sip_sbo.razy.iqbal@ai.astra.co.id\
MailItemsbo.razy.iqbal@ai.astra.co.id3993894244.cache
7798: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\sip_sbo.razy.iqbal@ai.astra.co.id\
MailItemsbo.razy.iqbal@ai.astra.co.id25628968606.cache
77D0: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\sip_sbo.razy.iqbal@ai.astra.co.id\
MailItemsbo.razy.iqbal@ai.astra.co.id35878890752.cache
77E8: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\sip_sbo.razy.iqbal@ai.astra.co.id\
MailItemsbo.razy.iqbal@ai.astra.co.id14230507214.cache
------------------------------------------------------------------------------
SpotifyWebHelper.exe pid: 4684 CORPAI\sborazyi0360
10: File (RW-) C:\Windows
1C: File (RW-) C:\Windows\SysWOW64
B0: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
------------------------------------------------------------------------------
Monw32.exe pid: 4700 CORPAI\sborazyi0360
10: File (RW-) C:\Windows
1C: File (RW-) C:\Program Files (x86)\Megatec\UPSilon 2000
 B0: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
140: File (R-D) C:\Windows\Fonts\StaticCache.dat
------------------------------------------------------------------------------
acrotray.exe pid: 5020 CORPAI\sborazyi0360
10: File (RW-) C:\Windows
1C: File (RW-) C:\Windows\SysWOW64
20: File (RW-) C:\Windows\winsxs\
x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_5c0be957a009922e
BC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5
------------------------------------------------------------------------------
HpqSRmon.exe pid: 5060 CORPAI\sborazyi0360
10: File (RW-) C:\Windows
1C: File (RW-) C:\Windows\SysWOW64
98: Section \Sessions\1\BaseNamedObjects\HPPhotoSmartLogCtrlMemory
BC: Section \BaseNamedObjects\__ComCatalogCache__
C8: Section \BaseNamedObjects\__ComCatalogCache__
140: File (R-D) C:\Windows\Fonts\StaticCache.dat
150: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
160: File (RW-) C:\Windows\debug\WIA\wiatrace.log
------------------------------------------------------------------------------
hpwuSchd2.exe pid: 5068 CORPAI\sborazyi0360
10: File (RW-) C:\Windows
1C: File (RW-) C:\Windows\SysWOW64
A4: File (R-D) C:\Windows\Fonts\StaticCache.dat
------------------------------------------------------------------------------
svchost.exe pid: 4456 NT AUTHORITY\LOCAL SERVICE
C: File (RW-) C:\Windows\System32
FC: File (RWD) C:\Program Files (x86)\Adobe\Acrobat DC\Resource\Font
100: File (RWD) C:\Program Files (x86)\Common Files\microsoft shared\EQUATION
104: File (RWD) C:\Windows\Fonts
134: Section \BaseNamedObjects\FntCache-699643e6-023e-4daa-bd93-
b03ebc5c2300
2F0: Section \BaseNamedObjects\__ComCatalogCache__
31C: Section \BaseNamedObjects\windows_shell_global_counters
35C: Section \BaseNamedObjects\__ComCatalogCache__
384: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
3B8: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
------------------------------------------------------------------------------
SearchIndexer.exe pid: 4984 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
A4: Section \BaseNamedObjects\windows_shell_global_counters
198: Section \BaseNamedObjects\UGATHERER
19C: Section \BaseNamedObjects\UGathererObj
1CC: Section \BaseNamedObjects\UGTHRSVC
1D0: Section \BaseNamedObjects\UGthrSvcObj
1D4: Section \BaseNamedObjects\__ComCatalogCache__
1E0: Section \BaseNamedObjects\__ComCatalogCache__
34C: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\PropMap\CiPT0000.000
368: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
36C: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
370: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
374: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-
3716689AF493}.2.ver0x000000000000000b.db
378: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
37C: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-
1A9A39C3FDA2}.2.ver0x0000000000000002.db
380: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{ECB52F61-3F4C-49C7-9BD8-
4D2A5FB71BC6}.2.ver0x0000000000000001.db
388: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{40FC8D7D-05ED-4FEB-B03B-
6C100659EF5C}.2.ver0x0000000000000001.db
9C8: File (R--) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
GatherLogs\SystemIndex\SystemIndex.98.gthr
A08: File (---) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
tmp.edb
BC0: File (---) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Windows.edb
BEC: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\SecStore\CiST0000.000
C0C: Section \BaseNamedObjects\WSearchIdxPi
C10: Section \BaseNamedObjects\WseIdxPm
C18: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\INDEX.000
C34: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010001.wid
C40: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010001.wsb
C44: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010001.ci
C48: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010001.dir
C54: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010002.wid
C60: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010002.ci
C64: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010002.dir
C6C: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010003.wid
C78: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010003.ci
C7C: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010003.dir
C84: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010004.wid
C90: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010004.ci
C94: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010004.dir
C9C: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010005.wid
CA8: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010005.ci
CAC: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010005.dir
CB4: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010006.wid
 CC0: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010006.ci
CC4: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010006.dir
CCC: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010007.wid
CD8: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010007.ci
CDC: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010007.dir
CE4: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010008.wid
CF0: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010008.ci
CF4: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010008.dir
CFC: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010009.wid
D08: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010009.ci
D0C: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010009.dir
D14: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\0001000A.wid
D20: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\0001000A.ci
D24: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\0001000A.dir
DD4: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010012.wid
DE0: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010012.ci
DE4: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010012.dir
E34: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010018.wid
E40: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010018.ci
E44: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010018.dir
E4C: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010019.wid
E58: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010019.ci
E5C: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010019.dir
E64: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\0001001A.wid
E70: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\0001001A.ci
E74: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\0001001A.dir
E7C: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\0001001F.wid
E88: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\0001001F.ci
E8C: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\0001001F.dir
E94: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010020.wid
EA0: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010020.ci
EA4: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010020.dir
EAC: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010022.wid
EB8: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010022.ci
EBC: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010022.dir
EC4: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010025.wid
ED0: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010025.ci
ED4: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010025.dir
1074: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010023.wid
10B8: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\0001001B.dir
10C4: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
1114: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
1124: Section \BaseNamedObjects\windows_shell_global_counters
1140: File (R-D) C:\Windows\System32\en-US\shell32.dll.mui
1150: File (---) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
MSStmp.log
11D8: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\0001001B.wid
12D4: Section \BaseNamedObjects\windows_shell_global_counters
1360: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\0001001B.ci
1364: Section \BaseNamedObjects\UsGthrCtrlFltPipeMssGthrPipe145
1370: File (---) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
MSS.log
1374: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\0001000B.dir
138C: File (R--) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
GatherLogs\SystemIndex\SystemIndex.98.Crwl
13A4: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\0001000B.ci
13A8: Section \BaseNamedObjects\UsGthrFltPipeMssGthrPipe145_1
13AC: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\0001000B.wid
1420: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010023.ci
1438: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Projects\SystemIndex\Indexer\CiFiles\00010023.dir
------------------------------------------------------------------------------
BESClient.exe pid: 4132 NT AUTHORITY\SYSTEM
10: File (RW-) C:\Windows
19C: File (R--) C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\
__Global\Logs\20180611.log
1B8: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
1CC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_5.82.7600.16385_en-us_020378a8991bbcc2
 1D0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5
1D4: File (RW-) C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\
SiteData.db-wal
1D8: File (RW-) C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\
SiteData.db
1E0: File (RW-) C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\
SiteData.db-shm
294: File (RWD) C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\
__Global\Upload
2A0: File (RW-) C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\
__Global\ActionHistory.db
2A8: File (RW-) C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\
__Global\UserSettings.db
2B4: File (RW-) C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\
__Global\ActionHistory.db
2D4: File (RWD) C:\ProgramData\BigFix\BESClientCompliance\Request
2EC: File (RWD) C:\Windows\System32\DriverStore\FileRepository
31C: Section \BaseNamedObjects\__ComCatalogCache__
32C: Section \BaseNamedObjects\__ComCatalogCache__
358: File (RWD) C:\Windows\System32\DriverStore\FileRepository
380: File (R--) C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\
actionsite\Multiple Action Group 68218.fxf
384: File (R--) C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\
actionsite\Multiple Action Group 68222.fxf
3A4: File (R-D) C:\Windows\SysWOW64\en-US\kernel32.dll.mui
3AC: Section \BaseNamedObjects\windows_shell_global_counters
3BC: File (R--) C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\
actionsite\Multiple Action Group 81071.fxf
3C0: File (R--) C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\
actionsite\Multiple Action Group 68224.fxf
3C4: File (R--) C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\
actionsite\Multiple Action Group 7259.fxf
3D0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
3E4: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-
3716689AF493}.2.ver0x000000000000000b.db
3EC: Section \BaseNamedObjects\windows_shell_global_counters
3F0: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
3F4: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
3F8: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-
1A9A39C3FDA2}.2.ver0x0000000000000002.db
410: File (R-D) C:\Windows\SysWOW64\en-US\ntdll.dll.mui
418: File (R--) C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\
actionsite\Multiple Action Group 81018.fxf
41C: File (R--) C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\
actionsite\Multiple Action Group 78782.fxf
44C: Section \BaseNamedObjects\UrlZonesSM_SYSTEM
470: File (R-D) C:\Windows\SysWOW64\en-US\KernelBase.dll.mui
474: File (R--) C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\
actionsite\Multiple Action Group 68200.fxf
4A4: File (R-D) C:\Windows\SysWOW64\en-US\kerberos.dll.mui
4AC: Section \BaseNamedObjects\windows_shell_global_counters
4B0: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
 4C4: File (RW-) C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\
actionsite
4DC: File (RWD) C:\Windows\System32\DriverStore\FileRepository
4F0: File (RWD) C:\Windows\System32\DriverStore\FileRepository
------------------------------------------------------------------------------
BESClientUI.exe pid: 5312 CORPAI\sborazyi0360
10: File (RW-) C:\Windows
1C: File (RW-) C:\Windows\winsxs\
x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_5c0be957a009922e
20: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
F4: File (R-D) C:\Windows\SysWOW64\en-US\shell32.dll.mui
110: File (R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui
114: File (R-D) C:\Windows\Fonts\StaticCache.dat
128: Section \BaseNamedObjects\__ComCatalogCache__
134: Section \BaseNamedObjects\__ComCatalogCache__
154: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
1A8: Section \Sessions\1\BaseNamedObjects\windows_ie_global_counters
1C8: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
1CC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
1DC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
200: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
Temporary Internet Files\Content.IE5\index.dat
204: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Local_Microsoft_Windows_Temporary Internet
Files_Content.IE5_index.dat_114688
214: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Windows\
Cookies\index.dat
218: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Roaming_Microsoft_Windows_Cookies_index.dat_32768
220: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\History\
History.IE5\index.dat
224: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Local_Microsoft_Windows_History_History.IE5_index.dat
_98304
278: Section \Sessions\1\BaseNamedObjects\!PrivacIE!SharedMem!Counter
2D0: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Windows\
IETldCache\index.dat
2D4: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Roaming_Microsoft_Windows_IETldCache_index.dat_278528
2D8: Section \Sessions\1\BaseNamedObjects\UrlZonesSM_sborazyi0360
3AC: Section \BaseNamedObjects\windows_shell_global_counters
3BC: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Local_Microsoft_Windows_History_History.IE5_MSHist012
018060720180608_index.dat_32768
3C4: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\History\
History.IE5\MSHist012018060720180608\index.dat
3D0: File (R-D) C:\Windows\SysWOW64\ieframe.dll
3D4: File (R-D) C:\Windows\SysWOW64\stdole2.tlb
------------------------------------------------------------------------------
UcMapi.exe pid: 6776 CORPAI\sborazyi0360
14: File (RW-) C:\Windows
1D4: File (R-D) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing\UCMAPI-16.0.4417.1000-Office-x86ship-U.etl
1E0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5
 374: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
37C: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
384: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
398: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3E0: Section \Sessions\1\BaseNamedObjects\MAPI-HP!4D417049921C2D06
3EC: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
43C: Section \Sessions\1\BaseNamedObjects\MAPI-HP!80031B9B921C2D06
460: Section \BaseNamedObjects\__ComCatalogCache__
4F0: Section \BaseNamedObjects\__ComCatalogCache__
50C: Section \Sessions\1\BaseNamedObjects\
OLKCRPC.OBJ=SharedMemory.REC=(GLOBAL)_S-1-5-21-466040969-3019942160-365623475-
34820176
52C: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
548: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
564: Section \Sessions\1\BaseNamedObjects\MAPI-HP!4154494E921C2D06
588: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
6BC: Section \Sessions\1\BaseNamedObjects\MAPI-HP!04132005921C2D06
6E0: Section \Sessions\1\BaseNamedObjects\MAPI-HP!04131975921C2D06
6F0: Section \Sessions\1\BaseNamedObjects\MAPI-HP!04191980921C2D06
700: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
738: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
884: Section \Sessions\1\BaseNamedObjects\MAPI-HP!2E724260921C2D06
898: Section \Sessions\1\BaseNamedObjects\MAPI-HP!4E4630D3921C2D06
8D4: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Outlook\
outlook.ost
8E4: Section \Sessions\1\BaseNamedObjects\MAPI-HP!80031CB4921C2D06
8F0: Section \Sessions\1\BaseNamedObjects\MAPI-HP!80031CB5921C2D06
8FC: Section \Sessions\1\BaseNamedObjects\MAPI-HP!80031CB6921C2D06
984: Section
\Sessions\1\BaseNamedObjects\EMSMDBCacheOwner-C:/Users/sborazyi0360/AppData/Local/
Microsoft/Outlook/outlook.ost
A48: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
AD0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
AFC: File (RW-) C:\Program Files (x86)\Microsoft Office\Office12
B7C: File (R-D) C:\Windows\SysWOW64\en-US\KernelBase.dll.mui
C6C: File (RW-) C:\Users\SBORAZ~1\AppData\Local\Temp\
ExchangePerflog_8484fa31921d2d06cfcccd43.dat
D5C: File (RWD) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\
SystemCertificates\My
DF4: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Outlook\
~outlook.ost.tmp
EBC: Section \Sessions\1\BaseNamedObjects\
C__Users_sborazyi0360_AppData_Local_Microsoft_Outlook_outlook_ost_WCINFO
F18: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Outlook\
outlook.ost
FE0: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Outlook\
outlook.ost
142C: Section \Sessions\1\BaseNamedObjects\MAPI-HP!801245E6921C2D06
 14B8: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
------------------------------------------------------------------------------
mmc.exe pid: 7120 CORPAI\altharto5605
A4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
E0: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
E8: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
FC: Section \BaseNamedObjects\__ComCatalogCache__
104: Section \BaseNamedObjects\__ComCatalogCache__
10C: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
134: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
164: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
1A8: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df
1B4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
1B8: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
1C0: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
1C4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
1D0: File (R-D) C:\Windows\System32\en-US\dsadmin.dll.mui
1D4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
1E0: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
1E8: File (R-D) C:\Windows\Fonts\StaticCache.dat
1F0: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
298: Section \BaseNamedObjects\windows_shell_global_counters
2A4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
2D4: File (R-D) C:\Windows\System32\activeds.tlb
2F4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
33C: File (R-D) C:\Windows\System32\en-US\shell32.dll.mui
344: File (R-D) C:\Windows\System32\en-US\dsuiext.dll.mui
368: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
36C: File (R-D) C:\Windows\System32\en-US\dsquery.dll.mui
370: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
378: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
37C: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
3A8: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
3B8: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
3C8: File (R-D) C:\Windows\idmu\common\en-US\nisprop.dll.mui
440: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
484: File (R-D) C:\Windows\System32\en-US\adprop.dll.mui
49C: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
4AC: File (R-D) C:\Windows\System32\en-US\adsiedit.dll.mui
4B4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
4BC: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3
4C0: File (R-D) C:\Windows\winsxs\amd64_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\
comctl32.dll.mui
4C4: File (R-D) C:\Windows\System32\en-US\tsuserex.dll.mui
4CC: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
4F4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
510: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
514: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
------------------------------------------------------------------------------
OUTLOOK.EXE pid: 6596 CORPAI\sborazyi0360
10: File (RW-) C:\Windows
20: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
34: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5
88: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
11C: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
13C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
144: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
148: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
170: File (R-D) C:\Users\sborazyi0360\AppData\Local\Microsoft\Outlook\
extend.dat
1DC: Section \BaseNamedObjects\__ComCatalogCache__
1E8: Section \BaseNamedObjects\__ComCatalogCache__
1F0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
21C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
230: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
234: File (RWD) C:\Program Files (x86)\Microsoft Office\Office12\MSOUTL.OLB
254: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
26C: Section \Sessions\1\BaseNamedObjects\MAPI-HP!4D417049921C2D06
2C4: Section \Sessions\1\BaseNamedObjects\MAPI-HP!801245E6921C2D06
2E4: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
2F0: Section \Sessions\1\BaseNamedObjects\FM_ACBBD09_S-1-5-5-0-445731
310: File (R-D) C:\Windows\Fonts\StaticCache.dat
33C: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
340: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
34C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
 35C: Section \Sessions\1\BaseNamedObjects\
OLKCRPC.OBJ=SharedMemory.REC=(GLOBAL)_S-1-5-21-466040969-3019942160-365623475-
34820176
368: Section \Sessions\1\BaseNamedObjects\MAPI-HP!04131975921C2D06
374: Section \Sessions\1\BaseNamedObjects\MAPI-HP!04191980921C2D06
3D4: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3F0: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
410: Section \Sessions\1\BaseNamedObjects\MAPI-HP!4154494E921C2D06
434: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
494: File (RW-) C:\Users\SBORAZ~1\AppData\Local\Temp\oobelib.log
4BC: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
4C0: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{40FC8D7D-05ED-4FEB-B03B-
6C100659EF5C}.2.ver0x0000000000000001.db
51C: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
55C: Section \Sessions\1\BaseNamedObjects\MAPI-HP!04132005921C2D06
5B0: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
5D8: Section \BaseNamedObjects\RotHintTable
61C: Section \Sessions\1\BaseNamedObjects\MAPI-HP!2E724260921C2D06
730: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
748: Section \Sessions\1\BaseNamedObjects\MAPI-HP!4E4630D3921C2D06
76C: Section \Sessions\1\BaseNamedObjects\MAPI-HP!95561055921C2D06
790: Section \Sessions\1\BaseNamedObjects\MAPI-HP!80031CB4921C2D06
79C: Section \Sessions\1\BaseNamedObjects\MAPI-HP!80031CB5921C2D06
7A8: Section \Sessions\1\BaseNamedObjects\MAPI-HP!80031CB6921C2D06
810: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
880: Section
\Sessions\1\BaseNamedObjects\EMSMDBCacheOwner-C:/Users/sborazyi0360/AppData/Local/
Microsoft/Outlook/outlook.ost
948: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
BCC: Section
\Sessions\1\BaseNamedObjects\EMSMDBCacheOwner-C:/Users/sborazyi0360/AppData/Local/
Microsoft/Outlook/outlook.ost
C98: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Outlook\
outlook.ost
D08: Section \Sessions\1\BaseNamedObjects\MAPI-HP!80124818921C2D06
D18: Section \Sessions\1\BaseNamedObjects\MAPI-HP!80124819921C2D06
D24: Section \Sessions\1\BaseNamedObjects\MAPI-HP!8012481A921C2D06
D70: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
F28: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
F60: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
F64: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
113C: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
1204: Section \Sessions\1\BaseNamedObjects\MAPI-HP!80124A49921C2D06
1210: Section \Sessions\1\BaseNamedObjects\MAPI-HP!80124A4A921C2D06
 121C: Section \Sessions\1\BaseNamedObjects\MAPI-HP!80124A4B921C2D06
1304: Section \Sessions\1\BaseNamedObjects\MAPI-HP!80124C6B921C2D06
1310: Section \Sessions\1\BaseNamedObjects\MAPI-HP!80124C6C921C2D06
131C: Section \Sessions\1\BaseNamedObjects\MAPI-HP!80124C6D921C2D06
13F4: Section \Sessions\1\BaseNamedObjects\MAPI-HP!80124D36921C2D06
1404: Section \Sessions\1\BaseNamedObjects\MAPI-HP!80124D37921C2D06
1410: Section \Sessions\1\BaseNamedObjects\MAPI-HP!80124D38921C2D06
1678: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
1680: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
16A0: File (R-D) C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\
MSO.DLL
16C4: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
16CC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
16E4: File (RW-) C:\Windows\winsxs\
x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_5c0be957a009922e
16E8: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing\SCT_OCAddin_0.log
1708: File (R-D) C:\Windows\SysWOW64\en-US\KernelBase.dll.mui
171C: File (R-D) C:\Windows\SysWOW64\stdole2.tlb
1738: File (R-D) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing\OCAddin\OCAddin-16.0.4405.1000-Office-x86ship-U.0.etl
1744: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
174C: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
17A0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
17D0: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
Temporary Internet Files\Content.IE5\index.dat
17D4: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Local_Microsoft_Windows_Temporary Internet
Files_Content.IE5_index.dat_114688
17DC: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Windows\
Cookies\index.dat
17E0: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Roaming_Microsoft_Windows_Cookies_index.dat_32768
17E8: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\History\
History.IE5\index.dat
17EC: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Local_Microsoft_Windows_History_History.IE5_index.dat
_98304
1824: File (---) C:\Users\sborazyi0360\AppData\Local\Microsoft\Office\16.0\
Lync\Tracing\SCT_Offline_Storage_OCAddin_0.dat
1854: Section \Sessions\1\BaseNamedObjects\mapiph.dll-profilename
1A74: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Outlook\
urdndex.oab
1BD0: Section
\Sessions\1\BaseNamedObjects\EMSMDBCacheOwner-C:/Users/sborazyi0360/AppData/Local/
Microsoft/Outlook/outlook.ost
1BDC: Section
\Sessions\1\BaseNamedObjects\SHNTFN-MAPI-HPs6091CE18921C2D06/o=CORPAI/ou=Exchange
Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=7d873193-
cb0c-4576-ae02-3cd3f440c086@ai.astra.co.id
1C08: File (R--) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Outlook\
Outlook.srs
 1D08: File (---) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
Temporary Internet Files\Content.Word\~WRS{CC2AB245-D6FD-4576-B89B-
52C311E17987}.tmp
1E54: File (RW-) C:\Users\SBORAZ~1\AppData\Local\Temp\
ExchangePerflog_8484fa31921d2d06cfcccd43.dat
1E60: File (---) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
Temporary Internet Files\Content.Word\~WRS{2A895FF3-15D4-49E0-BA61-
FD79FC26EEB0}.tmp
1EA4: Section \Sessions\1\BaseNamedObjects\FM_ACB09_S-1-5-5-0-445731
1EAC: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
1EC4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
1EE0: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
2178: File (RWD) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\
SystemCertificates\My
2180: File (---) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
Temporary Internet Files\Content.Word\~WRS{957ADD90-E59D-4B52-BFB7-
5551639F33DA}.tmp
21F0: File (R--) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Templates\
NormalEmail.dotm
2208: Section \BaseNamedObjects\windows_shell_global_counters
2404: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Outlook\
ubrowse.oab
2458: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
24C4: File (RW-) C:\Users\SBORAZ~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt
2778: File (R-D) C:\Windows\winsxs\x86_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_581cd2bf5825dde9\
comctl32.dll.mui
2780: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Outlook\
outlook.ost
2794: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Outlook\
outlook.ost
2888: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
2978: File (R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui
2988: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Outlook\
uanrdex.oab
2994: File (R-D) C:\Windows\SysWOW64\en-US\msdrm.dll.mui
29A4: File (R--) C:\Windows\Fonts\tahoma.ttf
2B6C: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Roaming_Microsoft_Windows_IETldCache_index.dat_278528
2B70: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Windows\
IETldCache\index.dat
2C14: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
2C1C: Section \Sessions\1\BaseNamedObjects\MAPI-HP!80031B9B921C2D06
2C68: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-
3716689AF493}.2.ver0x000000000000000b.db
2CB0: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
2CFC: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
2D18: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-
1A9A39C3FDA2}.2.ver0x0000000000000002.db
 2D1C: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
2D20: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{ECB52F61-3F4C-49C7-9BD8-
4D2A5FB71BC6}.2.ver0x0000000000000001.db
2DA8: Section \Sessions\1\BaseNamedObjects\UrlZonesSM_sborazyi0360
2DEC: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
2DF0: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
2E08: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Outlook\
~outlook.ost.tmp
2E0C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_581cd2bf5825dde9
2E34: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
32AC: File (R--) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Outlook\
Outlook.NK2
342C: File (---) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
Temporary Internet Files\Content.Word\~WRS{4E06E929-5C3D-4942-B1AE-
9940B0192E35}.tmp
3484: Section \BaseNamedObjects\mmGlobalPnpInfo
34E8: File (RW-) C:\Users\sborazyi0360\AppData\Local\Adobe\OOBE\opm.db
353C: Section \Sessions\1\BaseNamedObjects\
C__Users_sborazyi0360_AppData_Local_Microsoft_Outlook_outlook_ost_WCINFO
356C: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
36EC: File (R-D) C:\Program Files (x86)\Adobe\Acrobat DC\PDFMaker\Mail\Outlook\
PDFMOutlookAddin.dll
36F8: File (---) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
Temporary Internet Files\Content.Word\~WRS{E11E085F-4D01-44F4-B685-
FEA346D3C443}.tmp
3708: File (RW-) C:\Users\SBORAZ~1\AppData\Local\Temp\PDApp.log
3754: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Outlook\
outlook.ost
37F8: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Outlook\
outlook.ost
3B1C: File (RW-) C:\Program Files (x86)\Microsoft Office\Office12
3B84: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
3C10: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Outlook\
udetails.oab
3C70: File (R--) C:\Users\sborazyi0360\AppData\Local\Microsoft\Outlook\
utmplts.oab
3CA0: File (R-D) C:\Windows\SysWOW64\en-US\shell32.dll.mui
3E30: Section
\Sessions\1\BaseNamedObjects\EMSMDBCacheOwner-C:/Users/sborazyi0360/AppData/Local/
Microsoft/Outlook/outlook.ost
3E9C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
3F90: Section
\Sessions\1\BaseNamedObjects\SHNTFN-MAPI-HPs6091CE18921C2D06/o=CORPAI/ou=Exchange
Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=7d873193-
cb0c-4576-ae02-3cd3f440c086@ai.astra.co.id
------------------------------------------------------------------------------
WmiPrvSE.exe pid: 6464 NT AUTHORITY\NETWORK SERVICE
C: File (RW-) C:\Windows\System32
A4: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
110: Section \BaseNamedObjects\Wmi Provider Sub System Counters
130: Section \BaseNamedObjects\__ComCatalogCache__
 13C: Section \BaseNamedObjects\__ComCatalogCache__
2E8: Section \BaseNamedObjects\windows_shell_global_counters
2F4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
308: File (R--) C:\Windows\System32\spool\drivers\x64\3\hpf2200t.BUD
338: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
344: File (RW-) C:\Windows\Temp\FXSTIFFDebugLogFile.txt
358: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
360: File (RW-) C:\Windows\Temp\FXSAPIDebugLogFile.txt
364: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
378: Section \BaseNamedObjects\windows_shell_global_counters
------------------------------------------------------------------------------
notepad.exe pid: 7104 CORPAI\sborazyi0360
C: File (RW-) C:\Users\sborazyi0360
10: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
D8: File (R-D) C:\Windows\Fonts\StaticCache.dat
E0: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
E4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
F0: File (R-D) C:\Windows\winsxs\amd64_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\
comctl32.dll.mui
F4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3
------------------------------------------------------------------------------
notepad.exe pid: 7712 CORPAI\sborazyi0360
C: File (RW-) C:\Users\sborazyi0360
10: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
D8: File (R-D) C:\Windows\Fonts\StaticCache.dat
E0: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
E4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
F0: File (R-D) C:\Windows\winsxs\amd64_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\
comctl32.dll.mui
F4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3
------------------------------------------------------------------------------
notepad.exe pid: 7388 CORPAI\sborazyi0360
C: File (RW-) C:\Users\sborazyi0360\Desktop
10: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
D8: File (R-D) C:\Windows\Fonts\StaticCache.dat
E0: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
E4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
F0: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
F4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3
10C: File (R-D) C:\Windows\winsxs\amd64_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\
comctl32.dll.mui
------------------------------------------------------------------------------
chrome.exe pid: 7496 CORPAI\sborazyi0360
C: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
10: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
7C: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
100: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
13C: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\icudtl.dat
210: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\chrome_100_percent.pak
218: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\chrome_200_percent.pak
220: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\Locales\en-US.pak
228: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\resources.pak
230: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
BrowserMetrics\BrowserMetrics-5B19CEC3-1D48.pma
290: Section \BaseNamedObjects\mmGlobalPnpInfo
2AC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_ac5ea0fbf8f03e29bdcd5e1f231ffd0f40b97371d65e6e0742d32ed88aaf877e
2B4: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
2FC: File (RWD) C:\Windows\System32\drivers\etc
318: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Feature Engagement Tracker\EventDB\LOG
320: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Feature Engagement Tracker\EventDB\LOCK
378: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Safe Browsing Cookies
3C8: Section \BaseNamedObjects\__ComCatalogCache__
3DC: Section \BaseNamedObjects\__ComCatalogCache__
4B8: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Top Sites
4C4: File (R--) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
lockfile
4E8: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_ac5ea0fbf8f03e29bdcd5e1f231ffd0f40b97371d65e6e0742d32ed88aaf877e
508: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Web Data
52C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_53671bdcf15251f18e7732ae748020e28b24ce7bf3cfa240c2b53e9285b5ef72
538: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Visited Links
53C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_53671bdcf15251f18e7732ae748020e28b24ce7bf3cfa240c2b53e9285b5ef72
540: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_53671bdcf15251f18e7732ae748020e28b24ce7bf3cfa240c2b53e9285b5ef72
548: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
564: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_b366c29d0b1a211cfbee2a7893949a2d642a4a7a104660cc3d39f41b6c3a5aa1
568: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_68468ef2744c69d08e473a19136d0685b89391871097bd66d0b8521ec9514d25
56C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_68468ef2744c69d08e473a19136d0685b89391871097bd66d0b8521ec9514d25
5D4: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\History
5DC: File (R-D) C:\Windows\System32\en-US\ncrypt.dll.mui
5F8: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
ShaderCache\GPUCache\index
5FC: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
ShaderCache\GPUCache\index
604: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
ShaderCache\GPUCache\data_0
608: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
ShaderCache\GPUCache\data_0
610: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
ShaderCache\GPUCache\data_1
614: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
ShaderCache\GPUCache\data_1
61C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_8bf48dddbdf913c720d6323cba3c2ca5d3661fcc354d1fb5d21530ee132e3a62
620: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Login Data
630: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
ShaderCache\GPUCache\data_2
634: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
ShaderCache\GPUCache\data_2
63C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
ShaderCache\GPUCache\data_3
640: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
ShaderCache\GPUCache\data_3
650: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Login Data-journal
654: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Favicons
660: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
680: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\previews_opt_out.db
72C: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Thumbnails\LOG
740: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
754: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Cookies-journal
75C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Subresource Filter\Indexed Rules\19\7.54\Ruleset Data
7C4: File (R-D) C:\Windows\System32\en-US\dui70.dll.mui
7E8: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\data_reduction_proxy_leveldb\LOCK
808: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Thumbnails\LOCK
80C: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Feature Engagement Tracker\EventDB\000003.log
810: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Thumbnails\MANIFEST-000001
814: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Thumbnails\000003.log
818: File (R-D) C:\Windows\Fonts\StaticCache.dat
834: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\data_reduction_proxy_leveldb\LOG
83C: File (R-D) C:\Windows\System32\en-US\wlanutil.dll.mui
86C: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Feature Engagement Tracker\EventDB\MANIFEST-000001
87C: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\data_reduction_proxy_leveldb\000264.log
894: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Subresource Filter\Indexed Rules\19\7.54\Ruleset Data
898: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Subresource Filter\Indexed Rules\19\7.54\Ruleset Data
8C8: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Shortcuts-journal
904: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Web Data-journal
920: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\data_reduction_proxy_leveldb\MANIFEST-000263
928: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Sync Data\LevelDB\LOG
92C: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Sync Data\LevelDB\LOCK
930: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Sync Data\LevelDB\MANIFEST-000001
934: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Sync Data\LevelDB\000003.log
944: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
948: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Download Service\EntryDB\LOCK
94C: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Download Service\EntryDB\LOG
950: Section \BaseNamedObjects\windows_shell_global_counters
95C: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
960: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Download Service\EntryDB\MANIFEST-000001
964: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Download Service\EntryDB\000003.log
968: File (R-D) C:\Windows\System32\en-US\kernel32.dll.mui
96C: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-
3716689AF493}.2.ver0x000000000000000b.db
970: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
974: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-
1A9A39C3FDA2}.2.ver0x0000000000000002.db
980: File (R-D) C:\Windows\System32\en-US\sechost.dll.mui
9A0: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Cache\data_0
9C0: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Service Worker\Database\LOCK
9C4: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Service Worker\Database\LOG
9CC: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Service Worker\Database\MANIFEST-000001
9D0: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Service Worker\Database\000004.log
9DC: File (R-D) C:\Windows\System32\en-US\duser.dll.mui
9FC: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\GPUCache\data_3
A04: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Shortcuts
A14: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Network Action Predictor
A78: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Cache\index
A94: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Cookies
 AA4: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Cache\data_1
AB4: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Cache\data_0
ABC: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Cache\data_3
AE4: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\GPUCache\data_2
AEC: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\GPUCache\index
B48: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Service Worker\Database\000005.ldb
B50: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\GPUCache\data_1
B54: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\GPUCache\data_0
B6C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\GPUCache\data_0
BB8: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\GPUCache\data_1
BC0: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\GPUCache\data_2
C1C: File (RWD) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\
SystemCertificates\My
C4C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Cache\index
C50: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Origin Bound Certs
C6C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Cache\data_1
C74: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Cache\data_2
CA4: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Cache\data_2
CB0: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Cache\data_3
CD0: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\History-journal
CEC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_ee1e0f15f7efffbc31de4198c2b21097201dc911f62286b5f23f8f68d4d58b7a
CF0: File (---) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Current Tabs
D44: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_26a6c183b464af45d7f0dc9a134f11e71fdab5f3d154c5c80297a5c29d6d1670
D7C: File (R-D) C:\Windows\System32\en-US\AudioSes.dll.mui
D84: File (R-D) C:\Windows\System32\en-US\hid.dll.mui
D98: File (---) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Current Session
D9C: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Local Storage\leveldb\000302.log
DA4: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Local Storage\leveldb\LOG
DB4: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Local Storage\leveldb\LOCK
DC0: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Local Storage\leveldb\MANIFEST-000001
DCC: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Local Storage\leveldb\000303.ldb
DD0: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Local Storage\leveldb\000300.ldb
DD4: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Local Storage\leveldb\000298.ldb
DD8: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Local Storage\leveldb\000005.ldb
DDC: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Network Action Predictor-journal
DE0: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOCK
DE4: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
DE8: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\MANIFEST-000001
DEC: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\000003.log
DF8: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_c0d4dc309dc426f4a9c2aab2fa7b60ae441f5f6d9e4831d8178236493f95b4bf
E04: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_148421c54e7b5715a4262fbcf34795254bcba671b5eb74794cd9cd919ecf4315
E0C: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\QuotaManager-journal
E10: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_1d6f2f230d67719e0947fbb54badbf39ae918fc354c2d90e672fae2e67f8ba17
E14: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_21cfb6c9c5d2ed4d56d060f49dd330dac081632ca41bcb6a52efd5d75314b6ff
E18: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\QuotaManager
E48: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\File System\Origins\MANIFEST-000001
E4C: File (R-D) C:\Windows\System32\en-US\ntdll.dll.mui
E58: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\databases\Databases.db
E5C: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\File System\Origins\LOCK
E64: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\File System\Origins\LOG
E68: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\File System\Origins\000003.log
E6C: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Extension State\000003.log
E7C: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Extension State\LOCK
E80: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Extension State\LOG
E84: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Extension State\MANIFEST-000001
E8C: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Session Storage\MANIFEST-000001
E94: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Session Storage\LOG
E98: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Session Storage\LOCK
E9C: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Session Storage\000227.ldb
EAC: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\Dictionaries\
en-US-8-0.bdic
EB0: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Favicons-journal
ED8: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Safe Browsing Channel IDs
EFC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_c6378a4d6c9506a3851bc3a0566682e0df06057cae51da759d346ab6e97c2e1f
F10: File (R-D) C:\Windows\System32\en-US\shell32.dll.mui
FD0: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3
FE0: File (R-D) C:\Windows\winsxs\amd64_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\
comctl32.dll.mui
1004: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\GPUCache\data_3
1018: File (R-D) C:\Windows\System32\en-US\DWrite.dll.mui
1098: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_89e4b7a99530ec4391009e2396517124de0ee25a46715bef8e863554aa77ed7c
11BC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_29cea4588eabcb7ad9680d484617eed12e126cda8e23c7a2374b5ba6e1023bcb
12D8: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Session Storage\000232.log
131C: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
1340: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Top Sites-journal
1354: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_e70feca8eea408660eceb4fddcc4a446d8e9c650ffa68b73a82d055b6d5649ba
138C: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Origin Bound Certs-journal
1414: File (RW-) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Session Storage\000234.ldb
14BC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_2e9a771d5349ae9f02fc8622d81f2a92b128037c677b64a1a12e0a506f372881
14C4: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\GPUCache\index
1610: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_5a30b28007d25c731d4d0e431afcac4a56f0c2836d1c6dca5c751f9b6fffbeb4
16C8: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_40a31a1e4c87e079092bd5a44f9b5a419fc212c03e18da72ab3d4b6506133eae
187C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_2564c8a333f52cc5789cc6e878617828fcea83d85beef0bd722147c37547e309
18CC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_5c4f11e045a084f6657bca92c632186278bae5b308fdfa6fdbd6d79b45158c9f
1DB4: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Media Cache\index
1E34: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Media Cache\index
1E3C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Media Cache\data_0
1E40: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Media Cache\data_0
1E4C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Media Cache\data_2
1E54: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Media Cache\data_3
1E58: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Media Cache\data_2
1E60: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Media Cache\data_1
1E68: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Media Cache\data_1
1E70: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Default\Media Cache\data_3
------------------------------------------------------------------------------
chrome.exe pid: 4856 CORPAI\sborazyi0360
C: File (RW-) C:\Program Files (x86)\Google\Chrome\Application
10: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
B8: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
CrashpadMetrics-active.pma
------------------------------------------------------------------------------
chrome.exe pid: 7936 CORPAI\sborazyi0360
C: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
10: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
8C: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
------------------------------------------------------------------------------
chrome.exe pid: 7468 CORPAI\sborazyi0360
50: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
C8: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
140: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\icudtl.dat
1F4: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
2C8: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_ac5ea0fbf8f03e29bdcd5e1f231ffd0f40b97371d65e6e0742d32ed88aaf877e
2D0: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_ac5ea0fbf8f03e29bdcd5e1f231ffd0f40b97371d65e6e0742d32ed88aaf877e
2D8: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_b366c29d0b1a211cfbee2a7893949a2d642a4a7a104660cc3d39f41b6c3a5aa1
2E4: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_b4440cd0bc41694a21c56e538dd2f529fd81f1f3a24445c98c376506bbbea18d
2F0: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_c0d4dc309dc426f4a9c2aab2fa7b60ae441f5f6d9e4831d8178236493f95b4bf
2FC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_5b30fb337e7a6dcedef9ecdb972b8eaae7eb679bc281ae20a843417a66afce0c
308: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_ad1dee8c7c9b7dfee722ea16467a1b33bb599718e6e7b96a88b98a26e439a70b
310: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_148421c54e7b5715a4262fbcf34795254bcba671b5eb74794cd9cd919ecf4315
318: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_1d6f2f230d67719e0947fbb54badbf39ae918fc354c2d90e672fae2e67f8ba17
31C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_21cfb6c9c5d2ed4d56d060f49dd330dac081632ca41bcb6a52efd5d75314b6ff
328: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_82c0143cd2c2897e0f1ae471f93d4708bbc9ba7defd336dde44a9d27ca399847
330: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_9d1a6082f08c747223560fb98218670dd6d0e9d5b5947992bfa2af3977326276
34C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_613f7fb85fac1445bbae764eeef8e4320befe712e3e4e6aedbbc97d26be19525
388: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_429d7e18f912cb7c8e7108be9b62c455616d6d6acfa93749e82cf5898097d55f
38C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_3b4f1232109e547aa1d43cb30b5d6c2e85b359405664dd4ef0dfe1e01b45a9fa
390: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_9923145cd19e419e00c9b3bb401d52eba7412f9f3aecbb58d4aff443feba3a9a
394: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_e52e061bf448b5e4897f62009dd7507bf3d856cdc0be9fbdd8043c9e73b0d22c
398: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_9ac843959fa618d25d27b512b59367a52f80584bc7a5231d014702cf53f0148e
3A4: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_bc4b1b525b10e04dad49ae6978605a3d222be545c4986617d05933bc9555d184
3C0: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_79eb011fbea9686cffa7a58b6998b891c5d640d02b5efc16cda45a8c5a604604
3C8: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_e831d026cbf0c6e5218b382a562e0ed2269a7a7ddf26fd912c7509ceaacf7e6a
3D8: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_36790dc5bafa7cc2e13b7f6d521d46e7b977181562c26fce3619a3fd877346e1
3E8: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_e9b675f824f8c685884cd8295a3cd2470b0d1fe014a16f333c317e60b8d6c722
3F0: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_29cea4588eabcb7ad9680d484617eed12e126cda8e23c7a2374b5ba6e1023bcb
41C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_9f85d32959a4e111d88b8b95811a3de197333e0a52aaa5e42354faae25171ff1
420: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_0628b32621266966fd0e02effeca5425c21b003f11907cfb8f92dd8fb18ea391
42C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_f58fa366de5878acefaf1ce7bda0874e4f186061172b25ca92102b8333d33d07
43C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_439d9b6ea5345e77084f7781f41339681c25fc6399fede9a6964ab5e24c5732a
450: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_116586b9ed51363ab9ca03b29c36cef9b88bd36220dcc2b46a7637c43eadc6e9
478: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_fbe8fe611ea4fbd4f3c64bdc9c5844df58b434b2cb5363d82b6c0f7867dfdf6b
47C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_03a251888d49205b0021af35c9cf14a948a04a170af3fe5f7cca35fe0ff4b881
484: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_39bdc07ef99b588f77321069fcaae768d35b48083f4640cfad035bf81a3589fc
498: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_99e165ecb3eb9dcd3584bf9decf8c27654c2cf41f52e620ce9eadf196a84361a
4BC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_2965569163bcfd2284091e1c47becaa89b7f8048ba0a51fb989e751b5a2f0cf5
4C0: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_5e604455806e0bab00f3f0ec2e8fb562088198a4386d1ab129c9413d0bc55976
4CC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_a3726ad01330c8d5b9a1524d33e0c4badb8eccf78d5e5199a541fded1a4d6260
4D4: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_307c56118b8829546c51cda02f0e84c3546c0c2a83574867ab2d0e2be23cfc69
4F8: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_6b050731a01f2d15ee15c50cbd5e66b87f3421a4ce658a9c75063aeb9836b744
508: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_ad2e770ad84fe91ccd68efff8e2e24a917b6a55ff8d13e2ebebb6007fdac8f6e
50C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_a95b72d8d653bf3e129d366bdbbfcb98b3d16aacb22b4b2e64fa35ff72aa0c4a
514: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_1afd849a46a0373f4b4767fc9f52d5bb337fdb24289ca8e7e215d2300986dda6
520: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_55f965083a45f060fa56cae80d5bea04c3c32638b7cfac1467cd7a114148c2d6
524: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_53cda9ae046566990adc4b8dca4dee940e463482efefee046e9a931e012d029f
530: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_8efc181f85c6cb164a72026eec2471d3f16da77244d19990ff5f54e0e32ca32f
540: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_2856e98cb0cd61667d93b200e00a8588e810241f9dcf10acca8bbbabf2819a78
548: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_5421983ee4a2219fa9ba48c84a0d278bf6aff31c5692743c101ef497b48079de
554: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_df99ad05858b6629cfc3e626becca6396d306b9f24ce2ee6a5aa68636d2a1006
560: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_97c9c2a03322df36b60f718863ad04ed95da48bee00580a5fb4de3b28d730346
568: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_68468ef2744c69d08e473a19136d0685b89391871097bd66d0b8521ec9514d25
 56C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_4799ff4e5893d3d36013ca533ba258e10b0a9fbd9eb5d41db60e53202b6fdda4
598: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_68433d38fc45b9a9c8bf341cd07b78b4012795388e79b46a43d6ecdf366203f8
5B0: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_635796f9dbe21de5111386b2be7dbc51335331a17f41a635b469e6067639173b
5B4: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_9ae4b3771aed32bfff9198544b012033e357829a50c70cda20b39b41aa1b3ee2
5B8: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_7d7f39c8ed31284ce8a4409bffe64403493b7ae8356025773188b06ceabe63ab
6CC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_69d8c91bed95bfd4cc8cf53c4353d9437375e7e05ba8c7ee9def4bb7fa770938
6D0: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_630e696a7036aedeed9cae20f8d8c04e82f6c2fa10cf9e37bf174f6e90d85a96
------------------------------------------------------------------------------
chrome.exe pid: 8216 CORPAI\sborazyi0360
4C: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
50: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
68: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_53671bdcf15251f18e7732ae748020e28b24ce7bf3cfa240c2b53e9285b5ef72
CC: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
140: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\icudtl.dat
148: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\v8_context_snapshot.bin
150: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\natives_blob.bin
158: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\chrome_100_percent.pak
160: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\chrome_200_percent.pak
16C: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\Locales\en-US.pak
170: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\resources.pak
260: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Subresource Filter\Indexed Rules\19\7.54\Ruleset Data
2B8: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_26a6c183b464af45d7f0dc9a134f11e71fdab5f3d154c5c80297a5c29d6d1670
2D8: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_bc4b1b525b10e04dad49ae6978605a3d222be545c4986617d05933bc9555d184
2EC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_82c0143cd2c2897e0f1ae471f93d4708bbc9ba7defd336dde44a9d27ca399847
2F8: File (R--) C:\Windows\Fonts\timesbd.ttf
2FC: File (R--) C:\Windows\Fonts\arial.ttf
308: File (R--) C:\Windows\Fonts\arialbd.ttf
30C: File (R--) C:\Windows\Fonts\arialbi.ttf
310: File (R--) C:\Windows\Fonts\ariali.ttf
314: File (R--) C:\Windows\Fonts\ARIALN.TTF
318: File (R--) C:\Windows\Fonts\ARIALNB.TTF
31C: File (R--) C:\Windows\Fonts\ARIALNBI.TTF
320: File (R--) C:\Windows\Fonts\ARIALNI.TTF
324: File (R--) C:\Windows\Fonts\ariblk.ttf
328: File (R--) C:\Windows\Fonts\arial.ttf
330: File (R--) C:\Windows\Fonts\arial.ttf
338: File (R--) C:\Windows\Fonts\times.ttf
33C: File (R--) C:\Windows\Fonts\timesbd.ttf
340: File (R--) C:\Windows\Fonts\timesbi.ttf
 344: File (R--) C:\Windows\Fonts\timesi.ttf
348: File (R--) C:\Windows\Fonts\times.ttf
350: File (R--) C:\Windows\Fonts\times.ttf
36C: File (R--) C:\Windows\Fonts\verdanai.ttf
378: File (R--) C:\Windows\Fonts\arialbd.ttf
380: File (R--) C:\Windows\Fonts\verdana.ttf
388: File (R--) C:\Windows\Fonts\tahomabd.ttf
3A0: File (R--) C:\Windows\Fonts\timesbd.ttf
3C4: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\Dictionaries\
en-US-8-0.bdic
3D0: File (R--) C:\Windows\Fonts\arialbd.ttf
3F8: File (R--) C:\Windows\Fonts\tahoma.ttf
42C: File (R--) C:\Windows\Fonts\ariali.ttf
438: File (R--) C:\Windows\Fonts\verdanab.ttf
43C: File (R--) C:\Windows\Fonts\verdana.ttf
440: File (R--) C:\Windows\Fonts\tahomabd.ttf
444: File (R--) C:\Windows\Fonts\tahomabd.ttf
44C: File (R--) C:\Windows\Fonts\tahoma.ttf
450: File (R--) C:\Windows\Fonts\verdanaz.ttf
458: File (R--) C:\Windows\Fonts\verdanai.ttf
45C: File (R--) C:\Windows\Fonts\tahoma.ttf
464: File (R--) C:\Windows\Fonts\verdanab.ttf
480: File (R--) C:\Windows\Fonts\tahoma.ttf
4B0: File (R--) C:\Windows\Fonts\ariali.ttf
4C8: File (R--) C:\Windows\Fonts\tahoma.ttf
568: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_68468ef2744c69d08e473a19136d0685b89391871097bd66d0b8521ec9514d25
------------------------------------------------------------------------------
EXCEL.EXE pid: 7804 CORPAI\sborazyi0360
10: File (RW-) C:\Windows
20: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
2C: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
40: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5
120: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
134: Section \Sessions\1\BaseNamedObjects\MSO_Formal11206762_S-1-5-21-
466040969-3019942160-365623475-34820176
17C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
194: File (R-D) C:\Windows\Fonts\StaticCache.dat
1D0: Section \BaseNamedObjects\__ComCatalogCache__
1DC: Section \BaseNamedObjects\__ComCatalogCache__
1EC: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
1F8: Section \Sessions\1\BaseNamedObjects\FM_ACB09_S-1-5-5-0-445731
1FC: Section \Sessions\1\BaseNamedObjects\FM_ACBBD09_S-1-5-5-0-445731
264: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
278: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
294: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
308: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
310: File (RW-) C:\Users\sborazyi0360\Documents
324: File (R-D) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
32C: File (R-D) C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\
MSO.DLL
358: File (R-D) C:\Windows\SysWOW64\en-US\KernelBase.dll.mui
39C: File (R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui
3BC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
3D4: Section \BaseNamedObjects\windows_shell_global_counters
43C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
448: File (R--) C:\Users\SBORAZ~1\AppData\Local\Temp\91CB.tmp
450: Section \BaseNamedObjects\RotHintTable
484: Section \Sessions\1\BaseNamedObjects\!PrivacIE!SharedMem!Counter
4A0: Section \Sessions\1\BaseNamedObjects\MSO_AdHoc11206762_S-1-5-21-
466040969-3019942160-365623475-34820176
4C0: File (R--) C:\Users\sborazyi0360\Desktop\Asset\Data_Asset_New.xlsx
4C8: Section \Sessions\1\BaseNamedObjects\
KYIMEShareCachedData.SharedMemoryObject.sborazyi0360.1033
530: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-
3716689AF493}.2.ver0x000000000000000b.db
538: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
53C: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
540: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-
1A9A39C3FDA2}.2.ver0x0000000000000002.db
748: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
------------------------------------------------------------------------------
notepad.exe pid: 7488 CORPAI\sborazyi0360
C: File (RW-) C:\Users\sborazyi0360\Desktop
10: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
D8: File (R-D) C:\Windows\Fonts\StaticCache.dat
E0: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
E4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
F0: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
F4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3
10C: File (R-D) C:\Windows\winsxs\amd64_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\
comctl32.dll.mui
------------------------------------------------------------------------------
Spotify.exe pid: 6972 CORPAI\sborazyi0360
10: File (RW-) C:\Windows
1C: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify
154: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
170: File (RW-) C:\Windows\winsxs\
x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_5c0be957a009922e
21C: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
280: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
2D4: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify\icudtl.dat
2E8: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify\
v8_context_snapshot.bin
2F0: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify\natives_blob.bin
 304: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify\locales\en-
US.pak
30C: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify\cef.pak
314: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify\
cef_100_percent.pak
31C: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify\
cef_200_percent.pak
324: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify\
cef_extensions.pak
32C: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify\
devtools_resources.pak
3FC: File (RWD) C:\Windows\System32\drivers\etc
4BC: Section \BaseNamedObjects\__ComCatalogCache__
4C8: Section \BaseNamedObjects\__ComCatalogCache__
4E0: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_523fc1c8aafcb94b8a4eb2cb4641a1025c3088c9e14473d5add8890a15fa1afa
4E4: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_523fc1c8aafcb94b8a4eb2cb4641a1025c3088c9e14473d5add8890a15fa1afa
534: File (---) C:\Users\sborazyi0360\AppData\Local\Spotify\Storage\index.dat
5E4: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_58799594e74f369938922122f5f63ee120ddbfd48b827901f8df944975098cca
5F8: File (RW-) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\Visited
Links
5FC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_58799594e74f369938922122f5f63ee120ddbfd48b827901f8df944975098cca
600: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_58799594e74f369938922122f5f63ee120ddbfd48b827901f8df944975098cca
844: File (R-D) C:\Windows\SysWOW64\en-US\KernelBase.dll.mui
868: File (RW-) C:\Users\sborazyi0360\AppData\Local\Spotify\mercury.db
884: File (RW-) C:\Users\sborazyi0360\AppData\Local\Spotify\mercury.db-wal
8C0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
8D8: File (RWD) C:\Users\sborazyi0360\Music
8E4: Section \BaseNamedObjects\windows_shell_global_counters
8EC: File (RWD) C:\Users\sborazyi0360\Downloads
8F0: File (R-D) C:\Windows\SysWOW64\en-US\shell32.dll.mui
8F8: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
8FC: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-
3716689AF493}.2.ver0x000000000000000b.db
900: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
904: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-
1A9A39C3FDA2}.2.ver0x0000000000000002.db
910: File (RWD) C:\Users\sborazyi0360\Downloads
914: File (RWD) C:\Users\Public\Music
918: File (RWD) C:\Users\sborazyi0360\Music
920: File (RWD) C:\Users\Public\Music
948: File (RWD) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\GPUCache\
index
954: File (RWD) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\GPUCache\
index
968: File (RWD) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\GPUCache\
data_1
970: File (RWD) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\GPUCache\
data_1
974: File (RWD) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\GPUCache\
data_0
978: File (RWD) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\GPUCache\
data_0
9A8: File (RWD) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\GPUCache\
data_2
9F4: File (RWD) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\GPUCache\
data_2
9FC: File (RWD) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\GPUCache\
data_3
A00: File (RWD) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\GPUCache\
data_3
A08: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
A14: Section \Sessions\1\BaseNamedObjects\SpotifyWindowHandle
A20: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_cc3a1504fc02cd28066d6f1510cc10c1f14adb05356e060c52a5939169cdc35e
A34: File (RW-) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\Cookies
B3C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_8806beea1e0f6cd99b178a357b3d65566e87780a0437797973252e6052faea8d
B4C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_154d07cf232fb440ec7826edada6125eb1fd7a306e35b39a49a09eeaf0450759
B50: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_2ef236cabe29cad107201514210cad11cd52562102aa6231d3d04166fad7e84e
B54: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_961b924ac3b934bfd203924a890819fdd610fa17b56204375e321236109347cc
B58: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_081dd6c664bf74d215c63643c7690bfc6e20e7e46bda057ff8bf3c25be7e5dc2
B5C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_ef322f3258d59615b1892db91e42bbd86a8c72cdf4d81d932ef1d2e93c89c077
B60: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_e8a6c00c52432720e0c71bc6b39abe0f9c2c00fc63d1a58f4d5fa50ddcfd5261
B68: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_db7dca5b9c2736b3545ba8d05146e5d363162fa3293f31c592fbe028f148f1c6
B6C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_385026b05ac6908a04b536cdf872421fc342367eaef1317d4a2dd8bb5f128ec0
DC0: File (RWD) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\
SystemCertificates\My
E0C: File (---) C:\Users\sborazyi0360\AppData\Local\Spotify\Data\bf\
bfe2bb38507b6430ddcb6e8081061b8083179a62.file
E5C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\Cache\
data_1
E60: File (RWD) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\Cache\
index
E64: File (RWD) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\Cache\
index
E6C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\Cache\
data_0
E70: File (RWD) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\Cache\
data_0
E78: File (RWD) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\Cache\
data_1
E80: File (RWD) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\Cache\
data_2
E84: File (RWD) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\Cache\
data_2
E8C: File (RW-) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\Local
Storage\leveldb\LOCK
E90: File (RWD) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\Cache\
data_3
 E94: File (RWD) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\Cache\
data_3
EB8: File (RW-) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\Local
Storage\leveldb\LOG
EC4: File (RW-) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\Local
Storage\leveldb\MANIFEST-000001
ED4: File (RW-) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\Local
Storage\leveldb\000005.ldb
ED8: File (R-D) C:\Windows\Fonts\StaticCache.dat
F64: File (RW-) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\LOCK
F68: File (RW-) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\LOG
F6C: File (RW-) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\MANIFEST-
000001
F70: File (RW-) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\000003.log
FC0: File (RW-) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\Local
Storage\leveldb\000168.ldb
FD8: File (RW-) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\Local
Storage\leveldb\000167.log
FEC: File (RW-) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\Local
Storage\leveldb\000166.ldb
106C: File (RW-) C:\Users\sborazyi0360\AppData\Local\Spotify\Browser\Cookies-
journal
------------------------------------------------------------------------------
Spotify.exe pid: 5880 CORPAI\sborazyi0360
10: File (RW-) C:\Windows
1C: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify
154: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
170: File (RW-) C:\Windows\winsxs\
x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_5c0be957a009922e
230: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
294: File (RWD) C:\Users\sborazyi0360\AppData\Local\Spotify\User Data\
CrashpadMetrics-active.pma
------------------------------------------------------------------------------
Spotify.exe pid: 1312 CORPAI\sborazyi0360
54: File (RW-) C:\Windows
1B4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
1D4: File (RW-) C:\Windows\winsxs\
x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_5c0be957a009922e
294: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
2E0: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify\icudtl.dat
2E8: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify\locales\en-
US.pak
2F0: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify\cef.pak
2F8: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify\
cef_100_percent.pak
300: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify\
cef_200_percent.pak
308: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify\
cef_extensions.pak
310: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify\
devtools_resources.pak
368: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify
42C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_523fc1c8aafcb94b8a4eb2cb4641a1025c3088c9e14473d5add8890a15fa1afa
434: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_523fc1c8aafcb94b8a4eb2cb4641a1025c3088c9e14473d5add8890a15fa1afa
448: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_cc3a1504fc02cd28066d6f1510cc10c1f14adb05356e060c52a5939169cdc35e
45C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_3568427698f896f969045ddf8e481857b7f7fdba990fec56ce41dff9d4ca80f6
460: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_154d07cf232fb440ec7826edada6125eb1fd7a306e35b39a49a09eeaf0450759
464: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_8806beea1e0f6cd99b178a357b3d65566e87780a0437797973252e6052faea8d
468: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_2ef236cabe29cad107201514210cad11cd52562102aa6231d3d04166fad7e84e
46C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_081dd6c664bf74d215c63643c7690bfc6e20e7e46bda057ff8bf3c25be7e5dc2
470: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_961b924ac3b934bfd203924a890819fdd610fa17b56204375e321236109347cc
474: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_db7dca5b9c2736b3545ba8d05146e5d363162fa3293f31c592fbe028f148f1c6
478: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_ef322f3258d59615b1892db91e42bbd86a8c72cdf4d81d932ef1d2e93c89c077
47C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_e8a6c00c52432720e0c71bc6b39abe0f9c2c00fc63d1a58f4d5fa50ddcfd5261
480: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_385026b05ac6908a04b536cdf872421fc342367eaef1317d4a2dd8bb5f128ec0
484: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_f6a53a99b97218b3a08125ef08673239cf58ce5643282c00bc72419943a770cf
488: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_bcb91a8d1e7ab517503c8cfc6b6eeda926976c0571ed446e69778ba5b54b5af7
4B0: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_77ffdc5833518a65cfc62c3a4abd127ac064fd67001257779937c99feaf7fbfc
4B4: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_19c0cf4d10c126717f39ccc4adb909d6873cec47e2eff2571cfd7c2b1914858a
4D4: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_26ca67ae81bd2ee9e719992482497f179f620a14ea9d3d4d89717741f83acd1f
------------------------------------------------------------------------------
Spotify.exe pid: 7824 CORPAI\sborazyi0360
54: File (RW-) C:\Windows
60: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify
A0: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_58799594e74f369938922122f5f63ee120ddbfd48b827901f8df944975098cca
1B4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
1D4: File (RW-) C:\Windows\winsxs\
x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_5c0be957a009922e
294: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
2E0: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify\icudtl.dat
2E8: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify\
v8_context_snapshot.bin
2F0: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify\natives_blob.bin
2F8: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify\locales\en-
US.pak
300: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify\cef.pak
308: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify\
cef_100_percent.pak
310: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify\
cef_200_percent.pak
318: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify\
cef_extensions.pak
320: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Spotify\
devtools_resources.pak
460: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_3568427698f896f969045ddf8e481857b7f7fdba990fec56ce41dff9d4ca80f6
468: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_bcb91a8d1e7ab517503c8cfc6b6eeda926976c0571ed446e69778ba5b54b5af7
46C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_f6a53a99b97218b3a08125ef08673239cf58ce5643282c00bc72419943a770cf
47C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_77ffdc5833518a65cfc62c3a4abd127ac064fd67001257779937c99feaf7fbfc
490: File (R--) C:\Windows\Fonts\times.ttf
49C: File (R--) C:\Windows\Fonts\timesbd.ttf
4A0: File (R--) C:\Windows\Fonts\timesbi.ttf
4A4: File (R--) C:\Windows\Fonts\timesi.ttf
4A8: File (R--) C:\Windows\Fonts\times.ttf
4B0: File (R--) C:\Windows\Fonts\arial.ttf
4B4: File (R--) C:\Windows\Fonts\arialbd.ttf
4B8: File (R--) C:\Windows\Fonts\arialbi.ttf
4BC: File (R--) C:\Windows\Fonts\ariali.ttf
4C0: File (R--) C:\Windows\Fonts\ARIALN.TTF
4C4: File (R--) C:\Windows\Fonts\ARIALNB.TTF
4C8: File (R--) C:\Windows\Fonts\ARIALNBI.TTF
4CC: File (R--) C:\Windows\Fonts\ARIALNI.TTF
4D0: File (R--) C:\Windows\Fonts\ariblk.ttf
4D4: File (R--) C:\Windows\Fonts\arial.ttf
4DC: File (R--) C:\Windows\Fonts\arial.ttf
4E4: File (R--) C:\Windows\Fonts\times.ttf
4EC: File (R--) C:\Windows\Fonts\timesbd.ttf
4F4: File (R--) C:\Windows\Fonts\timesbd.ttf
4FC: File (R--) C:\Windows\Fonts\timesi.ttf
504: File (R--) C:\Windows\Fonts\timesi.ttf
50C: File (R--) C:\Windows\Fonts\meiryob.ttc
518: File (R--) C:\Windows\Fonts\meiryo.ttc
528: File (R--) C:\Windows\Fonts\meiryob.ttc
52C: File (R--) C:\Windows\Fonts\meiryo.ttc
534: File (R--) C:\Windows\Fonts\msgothic.ttc
538: File (R--) C:\Windows\Fonts\msgothic.ttc
55C: File (R--) C:\Windows\Fonts\arialbd.ttf
560: File (R--) C:\Windows\Fonts\msgothic.ttc
574: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_26ca67ae81bd2ee9e719992482497f179f620a14ea9d3d4d89717741f83acd1f
58C: File (R--) C:\Windows\Fonts\arialbd.ttf
598: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_19c0cf4d10c126717f39ccc4adb909d6873cec47e2eff2571cfd7c2b1914858a
------------------------------------------------------------------------------
notepad.exe pid: 4180 CORPAI\sborazyi0360
C: File (RW-) C:\Users\sborazyi0360
10: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
D8: File (R-D) C:\Windows\Fonts\StaticCache.dat
E0: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
E4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
------------------------------------------------------------------------------
notepad.exe pid: 2840 CORPAI\sborazyi0360
C: File (RW-) D:\
10: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
D8: File (R-D) C:\Windows\Fonts\StaticCache.dat
E0: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
 E4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
F0: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
------------------------------------------------------------------------------
chrome.exe pid: 5016 CORPAI\sborazyi0360
50: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
54: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
68: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_2e9a771d5349ae9f02fc8622d81f2a92b128037c677b64a1a12e0a506f372881
CC: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
140: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\icudtl.dat
148: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\v8_context_snapshot.bin
150: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\natives_blob.bin
158: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\chrome_100_percent.pak
160: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\chrome_200_percent.pak
16C: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\Locales\en-US.pak
170: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\resources.pak
568: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_68468ef2744c69d08e473a19136d0685b89391871097bd66d0b8521ec9514d25
------------------------------------------------------------------------------
StikyNot.exe pid: 6284 CORPAI\sborazyi0360
C: File (RW-) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
Accessories
10: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
14: File (RW-) C:\Windows\winsxs\
amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_145eb2808b8d69
28
48: File (R-D) C:\Windows\System32\en-US\StikyNot.exe.mui
BC: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
EC: Section \BaseNamedObjects\__ComCatalogCache__
FC: Section \BaseNamedObjects\__ComCatalogCache__
124: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
144: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
158: File (R--) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Sticky Notes\
StickyNotes.snt
22C: File (R-D) C:\Windows\Fonts\StaticCache.dat
230: File (R-D) C:\Windows\System32\en-US\duser.dll.mui
23C: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
254: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
258: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3
260: File (R-D) C:\Windows\winsxs\amd64_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\
comctl32.dll.mui
------------------------------------------------------------------------------
chrome.exe pid: 3364 CORPAI\sborazyi0360
50: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
 54: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
68: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_e70feca8eea408660eceb4fddcc4a446d8e9c650ffa68b73a82d055b6d5649ba
CC: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
140: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\icudtl.dat
148: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\v8_context_snapshot.bin
150: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\natives_blob.bin
158: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\chrome_100_percent.pak
160: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\chrome_200_percent.pak
16C: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\Locales\en-US.pak
170: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\resources.pak
254: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Subresource Filter\Indexed Rules\19\7.54\Ruleset Data
258: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_53671bdcf15251f18e7732ae748020e28b24ce7bf3cfa240c2b53e9285b5ef72
260: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\Dictionaries\
en-US-8-0.bdic
2DC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_99e165ecb3eb9dcd3584bf9decf8c27654c2cf41f52e620ce9eadf196a84361a
2E4: File (R--) C:\Windows\Fonts\arialbd.ttf
2E8: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_9923145cd19e419e00c9b3bb401d52eba7412f9f3aecbb58d4aff443feba3a9a
2F0: File (R--) C:\Windows\Fonts\segoeuib.ttf
2FC: File (R--) C:\Windows\Fonts\segoeui.ttf
308: File (R--) C:\Windows\Fonts\segoeuib.ttf
30C: File (R--) C:\Windows\Fonts\segoeuii.ttf
310: File (R--) C:\Windows\Fonts\segoeuil.ttf
314: File (R--) C:\Windows\Fonts\SEGOEUISL.TTF
318: File (R--) C:\Windows\Fonts\segoeuiz.ttf
31C: File (R--) C:\Windows\Fonts\seguisb.ttf
320: File (R--) C:\Windows\Fonts\segoeui.ttf
328: File (R--) C:\Windows\Fonts\tahoma.ttf
32C: File (R--) C:\Windows\Fonts\tahomabd.ttf
330: File (R--) C:\Windows\Fonts\tahoma.ttf
338: File (R--) C:\Windows\Fonts\arial.ttf
33C: File (R--) C:\Windows\Fonts\arialbd.ttf
340: File (R--) C:\Windows\Fonts\arialbi.ttf
344: File (R--) C:\Windows\Fonts\ariali.ttf
348: File (R--) C:\Windows\Fonts\ARIALN.TTF
34C: File (R--) C:\Windows\Fonts\ARIALNB.TTF
350: File (R--) C:\Windows\Fonts\ARIALNBI.TTF
354: File (R--) C:\Windows\Fonts\ARIALNI.TTF
358: File (R--) C:\Windows\Fonts\ariblk.ttf
35C: File (R--) C:\Windows\Fonts\arial.ttf
364: File (R--) C:\Windows\Fonts\segoeui.ttf
370: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_9ac843959fa618d25d27b512b59367a52f80584bc7a5231d014702cf53f0148e
374: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_429d7e18f912cb7c8e7108be9b62c455616d6d6acfa93749e82cf5898097d55f
378: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_0628b32621266966fd0e02effeca5425c21b003f11907cfb8f92dd8fb18ea391
 384: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_e831d026cbf0c6e5218b382a562e0ed2269a7a7ddf26fd912c7509ceaacf7e6a
388: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_a95b72d8d653bf3e129d366bdbbfcb98b3d16aacb22b4b2e64fa35ff72aa0c4a
3A0: File (R--) C:\Windows\Fonts\segoeuib.ttf
568: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_68468ef2744c69d08e473a19136d0685b89391871097bd66d0b8521ec9514d25
------------------------------------------------------------------------------
chrome.exe pid: 7800 CORPAI\sborazyi0360
50: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
54: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
68: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_6b050731a01f2d15ee15c50cbd5e66b87f3421a4ce658a9c75063aeb9836b744
BC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_53671bdcf15251f18e7732ae748020e28b24ce7bf3cfa240c2b53e9285b5ef72
CC: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
140: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\icudtl.dat
148: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\v8_context_snapshot.bin
150: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\natives_blob.bin
158: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\chrome_100_percent.pak
160: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\chrome_200_percent.pak
16C: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\Locales\en-US.pak
170: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\resources.pak
250: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Subresource Filter\Indexed Rules\19\7.54\Ruleset Data
264: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\Dictionaries\
en-US-8-0.bdic
2C0: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_89e4b7a99530ec4391009e2396517124de0ee25a46715bef8e863554aa77ed7c
2D4: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_ad1dee8c7c9b7dfee722ea16467a1b33bb599718e6e7b96a88b98a26e439a70b
2F4: File (R--) C:\Windows\Fonts\arial.ttf
314: File (R--) C:\Windows\Fonts\arialbd.ttf
318: File (R--) C:\Windows\Fonts\arialbi.ttf
31C: File (R--) C:\Windows\Fonts\ariali.ttf
320: File (R--) C:\Windows\Fonts\ARIALN.TTF
324: File (R--) C:\Windows\Fonts\ARIALNB.TTF
328: File (R--) C:\Windows\Fonts\ARIALNBI.TTF
32C: File (R--) C:\Windows\Fonts\ARIALNI.TTF
330: File (R--) C:\Windows\Fonts\ariblk.ttf
334: File (R--) C:\Windows\Fonts\arial.ttf
33C: File (R--) C:\Windows\Fonts\trebuc.ttf
340: File (R--) C:\Windows\Fonts\trebucbd.ttf
344: File (R--) C:\Windows\Fonts\trebucbi.ttf
348: File (R--) C:\Windows\Fonts\trebucit.ttf
34C: File (R--) C:\Windows\Fonts\trebucbd.ttf
354: File (R--) C:\Windows\Fonts\arialbd.ttf
35C: File (R--) C:\Windows\Fonts\trebucbd.ttf
364: File (R--) C:\Windows\Fonts\tahomabd.ttf
368: File (R--) C:\Windows\Fonts\arialbd.ttf
370: File (R--) C:\Windows\Fonts\arial.ttf
 378: File (R--) C:\Windows\Fonts\verdana.ttf
37C: File (R--) C:\Windows\Fonts\verdanab.ttf
380: File (R--) C:\Windows\Fonts\verdanai.ttf
384: File (R--) C:\Windows\Fonts\verdanaz.ttf
388: File (R--) C:\Windows\Fonts\verdana.ttf
390: File (R--) C:\Windows\Fonts\verdana.ttf
3BC: File (R--) C:\Windows\Fonts\tahoma.ttf
3CC: File (R--) C:\Windows\Fonts\tahoma.ttf
3D4: File (R--) C:\Windows\Fonts\tahoma.ttf
3DC: File (R--) C:\Windows\Fonts\timesbi.ttf
3E0: File (R--) C:\Windows\Fonts\times.ttf
3E4: File (R--) C:\Windows\Fonts\timesbd.ttf
3EC: File (R--) C:\Windows\Fonts\timesi.ttf
3F0: File (R--) C:\Windows\Fonts\times.ttf
568: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_68468ef2744c69d08e473a19136d0685b89391871097bd66d0b8521ec9514d25
------------------------------------------------------------------------------
dllhost.exe pid: 6288 CORPAI\sborazyi0360
10: File (RW-) C:\Windows
1C: File (RW-) C:\Windows\SysWOW64
98: Section \BaseNamedObjects\__ComCatalogCache__
A4: Section \BaseNamedObjects\__ComCatalogCache__
150: File (RW-) C:\Windows\winsxs\
x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_5c0be957a009922e
194: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
1E4: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
1E8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
1F8: File (R--) C:\Windows\System32\spool\drivers\color\sRGB Color Space
Profile.icm
1FC: File (R--) C:\Windows\System32\spool\drivers\color\sRGB Color Space
Profile.icm
210: File (R-D) C:\Program Files (x86)\Windows Photo Viewer\en-US\
PhotoViewer.dll.mui
284: File (R-D) C:\Windows\Fonts\StaticCache.dat
28C: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
294: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-
3716689AF493}.2.ver0x000000000000000b.db
29C: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
2A0: File (R--) C:\Windows\Fonts\segoeui.ttf
2A8: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-
1A9A39C3FDA2}.2.ver0x0000000000000002.db
308: Section \BaseNamedObjects\windows_shell_global_counters
368: File (R--) C:\Windows\Fonts\segoeuib.ttf
37C: File (R--) C:\Windows\System32\spool\drivers\color\sRGB Color Space
Profile.icm
398: File (---) C:\Users\SBORAZ~1\AppData\Local\Temp\~PI8D2C.tmp
3A8: File (R--) C:\Windows\System32\spool\drivers\color\sRGB Color Space
Profile.icm
3B8: File (---) C:\Users\SBORAZ~1\AppData\Local\Temp\~PI8D2B.tmp
3C0: File (R--) C:\Windows\System32\spool\drivers\color\sRGB Color Space
Profile.icm
3D4: File (R--) C:\Windows\System32\spool\drivers\color\sRGB Color Space
Profile.icm
 3D8: File (R--) C:\Windows\System32\spool\drivers\color\sRGB Color Space
Profile.icm
3E4: File (R--) C:\Windows\System32\spool\drivers\color\sRGB Color Space
Profile.icm
3E8: File (R--) C:\Windows\System32\spool\drivers\color\sRGB Color Space
Profile.icm
------------------------------------------------------------------------------
SnippingTool.exe pid: 4292 CORPAI\sborazyi0360
C: File (RW-) C:\Windows\System32
10: File (RW-) C:\Windows\winsxs\
amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_145eb2808b8d69
28
14: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
A4: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
E0: File (R-D) C:\Windows\Fonts\StaticCache.dat
F0: Section \BaseNamedObjects\__ComCatalogCache__
F8: Section \BaseNamedObjects\__ComCatalogCache__
27C: File (R--) C:\Windows\Fonts\segoeui.ttf
------------------------------------------------------------------------------
wisptis.exe pid: 5428 CORPAI\sborazyi0360
C: File (RW-) C:\Windows\System32
10: File (RW-) C:\Windows\winsxs\
amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_145eb2808b8d69
28
30: File (R-D) C:\Windows\System32\en-US\wisptis.exe.mui
14C: File (R-D) C:\Windows\System32\en-US\Tabbtn.dll.mui
154: Section \BaseNamedObjects\__ComCatalogCache__
160: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
tvnviewer.exe pid: 7024 CORPAI\sborazyi0360
C: File (RW-) C:\Program Files\TightVNC
10: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
88: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
E8: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
EC: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
F0: File (R-D) C:\Windows\Fonts\StaticCache.dat
1F8: File (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui
------------------------------------------------------------------------------
chrome.exe pid: 5812 CORPAI\sborazyi0360
50: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
54: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
BC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_53671bdcf15251f18e7732ae748020e28b24ce7bf3cfa240c2b53e9285b5ef72
CC: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
140: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\icudtl.dat
148: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\v8_context_snapshot.bin
150: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\natives_blob.bin
158: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\chrome_100_percent.pak
160: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\chrome_200_percent.pak
16C: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\Locales\en-US.pak
170: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\resources.pak
22C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Subresource Filter\Indexed Rules\19\7.54\Ruleset Data
238: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\Dictionaries\
en-US-8-0.bdic
2B4: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_8bf48dddbdf913c720d6323cba3c2ca5d3661fcc354d1fb5d21530ee132e3a62
2D0: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_53cda9ae046566990adc4b8dca4dee940e463482efefee046e9a931e012d029f
2E0: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_03a251888d49205b0021af35c9cf14a948a04a170af3fe5f7cca35fe0ff4b881
2F0: File (R--) C:\Windows\Fonts\segoeui.ttf
2FC: File (R--) C:\Windows\Fonts\segoeuib.ttf
300: File (R--) C:\Windows\Fonts\segoeuii.ttf
304: File (R--) C:\Windows\Fonts\segoeuil.ttf
308: File (R--) C:\Windows\Fonts\SEGOEUISL.TTF
30C: File (R--) C:\Windows\Fonts\segoeuiz.ttf
310: File (R--) C:\Windows\Fonts\seguisb.ttf
314: File (R--) C:\Windows\Fonts\segoeui.ttf
31C: File (R--) C:\Windows\Fonts\tahoma.ttf
320: File (R--) C:\Windows\Fonts\tahomabd.ttf
324: File (R--) C:\Windows\Fonts\tahoma.ttf
32C: File (R--) C:\Windows\Fonts\arial.ttf
330: File (R--) C:\Windows\Fonts\arialbd.ttf
334: File (R--) C:\Windows\Fonts\arialbi.ttf
338: File (R--) C:\Windows\Fonts\ariali.ttf
33C: File (R--) C:\Windows\Fonts\ARIALN.TTF
340: File (R--) C:\Windows\Fonts\ARIALNB.TTF
344: File (R--) C:\Windows\Fonts\ARIALNBI.TTF
348: File (R--) C:\Windows\Fonts\ARIALNI.TTF
34C: File (R--) C:\Windows\Fonts\ariblk.ttf
350: File (R--) C:\Windows\Fonts\arial.ttf
358: File (R--) C:\Windows\Fonts\segoeui.ttf
360: File (R--) C:\Windows\Fonts\arialbd.ttf
364: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_439d9b6ea5345e77084f7781f41339681c25fc6399fede9a6964ab5e24c5732a
368: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_39bdc07ef99b588f77321069fcaae768d35b48083f4640cfad035bf81a3589fc
36C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_9d1a6082f08c747223560fb98218670dd6d0e9d5b5947992bfa2af3977326276
378: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_8efc181f85c6cb164a72026eec2471d3f16da77244d19990ff5f54e0e32ca32f
380: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_2965569163bcfd2284091e1c47becaa89b7f8048ba0a51fb989e751b5a2f0cf5
384: File (R--) C:\Windows\Fonts\arial.ttf
390: File (R--) C:\Windows\Fonts\arialbd.ttf
568: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_68468ef2744c69d08e473a19136d0685b89391871097bd66d0b8521ec9514d25
------------------------------------------------------------------------------
iexplore.exe pid: 8724 CORPAI\sborazyi0360
14: File (RW-) C:\Windows
20: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Local_Microsoft_Feeds Cache_index.dat_32768
A4: File (---) C:\Users\sborazyi0360\AppData\Local\Microsoft\Internet
Explorer\Recovery\Active\{160531D4-6D2B-11E8-993F-402CF4B8A457}.dat
E4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
 F0: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-
1A9A39C3FDA2}.2.ver0x0000000000000002.db
104: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
150: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
Temporary Internet Files\Content.IE5\index.dat
154: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
158: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Local_Microsoft_Windows_Temporary Internet
Files_Content.IE5_index.dat_114688
168: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Windows\
Cookies\index.dat
16C: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Roaming_Microsoft_Windows_Cookies_index.dat_32768
174: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\History\
History.IE5\index.dat
178: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Local_Microsoft_Windows_History_History.IE5_index.dat
_98304
1D8: Section \BaseNamedObjects\__ComCatalogCache__
290: Section \Sessions\1\BaseNamedObjects\Internet Explorer Immutable
Application State (00002214-0000-0000-0000-000000000000)
2BC: Section \Sessions\1\BaseNamedObjects\ie_lcie_LogonMedium
2CC: Section \Sessions\1\BaseNamedObjects\windows_ie_global_counters
2D8: Section \Sessions\1\BaseNamedObjects\ie_lcie_main_2214
2DC: Section \Sessions\1\BaseNamedObjects\ie_lcie_low_2214
2E0: Section \Sessions\1\BaseNamedObjects\Isolation Process Registry
(160531D1-6D2B-11E8-993F-402CF4B8A457)
2E4: Section \Sessions\1\BaseNamedObjects\Isolation Signal Registry
(160531D1-6D2B-11E8-993F-402CF4B8A457, 0)
2E8: Section \Sessions\1\BaseNamedObjects\Isolation Signal Registry
(160531D1-6D2B-11E8-993F-402CF4B8A457, 1)
320: Section \Sessions\1\BaseNamedObjects\VERMGMTSharedMemory
338: Section \Sessions\1\BaseNamedObjects\IEFrame!
GetAsyncKeyStateSharedMem!8724
350: File (RW-) C:\Users\sborazyi0360\Desktop
354: Section \Sessions\1\BaseNamedObjects\UrlZonesSM_sborazyi0360
36C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
370: Section \BaseNamedObjects\__ComCatalogCache__
484: Section \Sessions\1\BaseNamedObjects\ie_lcie_ConnHashTable<8724>
4D8: File (---) C:\Users\sborazyi0360\AppData\Local\Microsoft\Internet
Explorer\Recovery\Active\RecoveryStore.{160531D3-6D2B-11E8-993F-402CF4B8A457}.dat
4E0: File (RWD) C:\Users\SBORAZ~1\AppData\Local\Temp\~DFFC6A373FCC5F6BD8.TMP
4FC: File (R-D) C:\Windows\Fonts\StaticCache.dat
50C: Section \Sessions\1\BaseNamedObjects\windows_ie_global_counters
538: Section \BaseNamedObjects\windows_shell_global_counters
594: File (RWD) C:\Users\SBORAZ~1\AppData\Local\Temp\~DFC7CDEC9DA79908B7.TMP
5B8: Section \Sessions\1\BaseNamedObjects\Feed Eventing Shared Memory S-1-
5-21-466040969-3019942160-365623475-34820176
5E4: Section \Sessions\1\BaseNamedObjects\LRIEElevationPolicy_
5F0: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
5FC: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-
3716689AF493}.2.ver0x000000000000000b.db
600: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
 608: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Feeds Cache\
index.dat
610: Section \Sessions\1\BaseNamedObjects\Feed Arbitration Shared Memory
[ User : S-1-5-21-466040969-3019942160-365623475-34820176 ]
64C: Section \Sessions\1\BaseNamedObjects\ie_lcie_ConnHashTable<8724>
67C: File (R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui
68C: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Feeds\{5588ACFD-
6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms
69C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Feeds\{5588ACFD-
6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms
6A8: File (RWD) C:\Users\SBORAZ~1\AppData\Local\Temp\~DFD41D341D3C674FA7.TMP
6B0: File (RWD) C:\Users\SBORAZ~1\AppData\Local\Temp\~DFECB6E54F82E321C7.TMP
6DC: File (R-D) C:\Windows\SysWOW64\en-US\KernelBase.dll.mui
6F0: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Feeds\
FeedsStore.feedsdb-ms
6F8: File (RWD) C:\Users\SBORAZ~1\AppData\Local\Temp\~DFA535422E1AEA6FE4.TMP
700: File (RWD) C:\Users\SBORAZ~1\AppData\Local\Temp\~DFDC7097E1E895E4F1.TMP
708: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Feeds\
FeedsStore.feedsdb-ms
70C: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Feeds\{5588ACFD-
6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
714: File (RWD) C:\Users\SBORAZ~1\AppData\Local\Temp\~DF5B3F82868E55121E.TMP
718: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Feeds\{5588ACFD-
6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
720: File (RWD) C:\Users\SBORAZ~1\AppData\Local\Temp\~DF547BA184BA787299.TMP
740: File (R-D) C:\Windows\SysWOW64\en-US\shell32.dll.mui
794: File (RWD) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\
SystemCertificates\My
8B4: File (RWD) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\
SystemCertificates\My
920: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
92C: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
930: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{40FC8D7D-05ED-4FEB-B03B-
6C100659EF5C}.2.ver0x0000000000000001.db
------------------------------------------------------------------------------
iexplore.exe pid: 8356 CORPAI\sborazyi0360
14: File (RW-) C:\Windows
20: File (RW-) C:\Users\sborazyi0360\Desktop
E4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
F0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
F4: Section \Sessions\1\BaseNamedObjects\Internet Explorer Immutable
Application State (00002214-0000-0000-0000-000000000000)
F8: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
110: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
114: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
130: Section \Sessions\1\BaseNamedObjects\ie_lcie_main_2214
134: Section \Sessions\1\BaseNamedObjects\ie_lcie_low_2214
138: Section \Sessions\1\BaseNamedObjects\Isolation Process Registry
(160531D1-6D2B-11E8-993F-402CF4B8A457)
13C: Section \Sessions\1\BaseNamedObjects\Isolation Signal Registry
(160531D1-6D2B-11E8-993F-402CF4B8A457, 1)
1F0: Section \BaseNamedObjects\__ComCatalogCache__
 1F8: Section \BaseNamedObjects\__ComCatalogCache__
218: Section \BaseNamedObjects\windows_shell_global_counters
27C: Section \Sessions\1\BaseNamedObjects\IEFrame!
GetAsyncKeyStateSharedMem!8724
2A0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
2A8: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Windows\
IETldCache\Low\index.dat
2E8: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Local_Microsoft_Windows_History_Low_History.IE5_MSHis
t012018060420180611_index.dat_32768
304: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
Temporary Internet Files\Low\Content.IE5\index.dat
308: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Local_Microsoft_Windows_Temporary Internet
Files_Low_Content.IE5_index.dat_311296
310: File (RW-) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\Windows\
Cookies\Low\index.dat
314: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Roaming_Microsoft_Windows_Cookies_Low_index.dat_32768
31C: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\History\
Low\History.IE5\index.dat
320: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Local_Microsoft_Windows_History_Low_History.IE5_index
.dat_49152
364: Section \Sessions\1\BaseNamedObjects\windows_ie_global_counters
380: File (R-D) C:\Windows\Fonts\StaticCache.dat
384: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5
39C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
41C: Section \Sessions\1\BaseNamedObjects\YTOOLBAR_YTBC_MMAP
440: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Roaming_Microsoft_Windows_IETldCache_Low_index.dat_27
8528
448: Section \Sessions\1\BaseNamedObjects\UrlZonesSM_sborazyi0360
450: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
580: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
Temporary Internet Files\Low\Content.IE5\ZY615WL6\glyphicons-halflings-
regular[2].eot
584: File (RWD) C:\Users\sborazyi0360\Favorites
58C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\History
59C: Section \Sessions\1\BaseNamedObjects\!PrivacIE!SharedMem!Settings
5B8: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c
5C4: File (R-D) C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
5CC: File (R-D) C:\Windows\SysWOW64\stdole2.tlb
5E0: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
5E4: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c
5E8: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
5EC: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
678: File (R-D) C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
AcroIEHelper.dll
67C: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
680: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
684: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c
688: File (RW-) C:\Windows\winsxs\
x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_5c0be957a009922e
690: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c
694: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
7D8: Section \Sessions\1\BaseNamedObjects\LRIEElevationPolicy_
808: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c
82C: File (R-D) C:\Windows\SysWOW64\ieframe.dll
868: Section \Sessions\1\BaseNamedObjects\YTOOLBAR_SH_MMAP
8BC: Section \Sessions\1\BaseNamedObjects\ie_lcie_ConnHashTable<8724>
8C8: Section \Sessions\1\BaseNamedObjects\windows_ie_global_counters
940: File (RWD) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\
SystemCertificates\My
A6C: File (RWD) C:\Users\sborazyi0360\AppData\Roaming\Microsoft\
SystemCertificates\My
AB8: Section \Sessions\1\BaseNamedObjects\!PrivacIE!SharedMem!Settings
AC8: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\History\
Low\History.IE5\MSHist012018060420180611\index.dat
ADC: File (R-D) C:\Windows\SysWOW64\en-US\KernelBase.dll.mui
B18: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
B40: Section \Sessions\1\BaseNamedObjects\
C:_Users_sborazyi0360_AppData_Local_Microsoft_Windows_History_Low_History.IE5_MSHis
t012018061120180612_index.dat_32768
B58: Section \Sessions\1\BaseNamedObjects\!PrivacIE!SharedMem!Counter
B5C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
B7C: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\
Temporary Internet Files\Low\Content.IE5\0BWHFHSJ\login[2].htm
BC8: Section \BaseNamedObjects\mmGlobalPnpInfo
C58: File (R-D) C:\Windows\SysWOW64\en-US\shell32.dll.mui
C5C: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
C98: File (RW-) C:\Users\sborazyi0360\AppData\Local\Microsoft\Windows\History\
Low\History.IE5\MSHist012018061120180612\index.dat
CA4: Section \Sessions\1\BaseNamedObjects\MSIMGSIZECacheMap
CB8: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-
3716689AF493}.2.ver0x000000000000000b.db
CBC: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
CC0: Section \Sessions\1\BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-
1A9A39C3FDA2}.2.ver0x0000000000000002.db
------------------------------------------------------------------------------
hpswp_clipbook.exe pid: 4524 CORPAI\sborazyi0360
10: File (RW-) C:\Windows
1C: File (RW-) C:\Windows\SysWOW64
20: File (RW-) C:\Windows\winsxs\
x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
A8: Section \BaseNamedObjects\__ComCatalogCache__
144: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
 198: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
notepad.exe pid: 2612 CORPAI\sborazyi0360
C: File (RW-) C:\Users\sborazyi0360
10: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
D8: File (R-D) C:\Windows\Fonts\StaticCache.dat
E0: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
E4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
------------------------------------------------------------------------------
notepad.exe pid: 6852 CORPAI\sborazyi0360
C: File (RW-) C:\Users\sborazyi0360
10: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
D8: File (R-D) C:\Windows\Fonts\StaticCache.dat
E0: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
E4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
F0: File (R-D) C:\Windows\winsxs\amd64_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\
comctl32.dll.mui
F4: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.c..-
controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3
------------------------------------------------------------------------------
chrome.exe pid: 680 CORPAI\sborazyi0360
50: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
54: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
BC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_53671bdcf15251f18e7732ae748020e28b24ce7bf3cfa240c2b53e9285b5ef72
CC: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
140: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\icudtl.dat
148: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\v8_context_snapshot.bin
150: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\natives_blob.bin
158: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\chrome_100_percent.pak
160: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\chrome_200_percent.pak
16C: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\Locales\en-US.pak
170: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\resources.pak
1F4: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Subresource Filter\Indexed Rules\19\7.54\Ruleset Data
24C: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\Dictionaries\
en-US-8-0.bdic
2C0: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_5a30b28007d25c731d4d0e431afcac4a56f0c2836d1c6dca5c751f9b6fffbeb4
2D4: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_3b4f1232109e547aa1d43cb30b5d6c2e85b359405664dd4ef0dfe1e01b45a9fa
2DC: File (R--) C:\Windows\Fonts\segoeui.ttf
2E0: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_9f85d32959a4e111d88b8b95811a3de197333e0a52aaa5e42354faae25171ff1
2F0: File (R--) C:\Windows\Fonts\segoeuib.ttf
2F4: File (R--) C:\Windows\Fonts\segoeuii.ttf
 2F8: File (R--) C:\Windows\Fonts\segoeuil.ttf
2FC: File (R--) C:\Windows\Fonts\SEGOEUISL.TTF
300: File (R--) C:\Windows\Fonts\segoeuiz.ttf
304: File (R--) C:\Windows\Fonts\seguisb.ttf
308: File (R--) C:\Windows\Fonts\segoeui.ttf
310: File (R--) C:\Windows\Fonts\tahoma.ttf
314: File (R--) C:\Windows\Fonts\tahomabd.ttf
318: File (R--) C:\Windows\Fonts\tahoma.ttf
320: File (R--) C:\Windows\Fonts\arial.ttf
324: File (R--) C:\Windows\Fonts\arialbd.ttf
328: File (R--) C:\Windows\Fonts\arialbi.ttf
32C: File (R--) C:\Windows\Fonts\ariali.ttf
330: File (R--) C:\Windows\Fonts\ARIALN.TTF
334: File (R--) C:\Windows\Fonts\ARIALNB.TTF
338: File (R--) C:\Windows\Fonts\ARIALNBI.TTF
33C: File (R--) C:\Windows\Fonts\ARIALNI.TTF
340: File (R--) C:\Windows\Fonts\ariblk.ttf
344: File (R--) C:\Windows\Fonts\arial.ttf
34C: File (R--) C:\Windows\Fonts\segoeui.ttf
354: File (R--) C:\Windows\Fonts\segoeuib.ttf
35C: File (R--) C:\Windows\Fonts\tahomabd.ttf
364: File (R--) C:\Windows\Fonts\arialbd.ttf
36C: File (R--) C:\Windows\Fonts\segoeuib.ttf
374: File (R--) C:\Windows\Fonts\arial.ttf
388: File (R--) C:\Windows\Fonts\arialbd.ttf
390: File (R--) C:\Windows\Fonts\times.ttf
394: File (R--) C:\Windows\Fonts\timesbd.ttf
398: File (R--) C:\Windows\Fonts\timesbi.ttf
39C: File (R--) C:\Windows\Fonts\timesi.ttf
3A0: File (R--) C:\Windows\Fonts\timesbd.ttf
3A8: File (R--) C:\Windows\Fonts\timesbd.ttf
3B0: File (R--) C:\Windows\Fonts\seguisym.ttf
3B4: File (R--) C:\Windows\Fonts\seguisym.ttf
3BC: File (R--) C:\Windows\Fonts\cambria.ttc
3C0: File (R--) C:\Windows\Fonts\cambria.ttc
3C8: File (R--) C:\Windows\Fonts\cambria.ttc
3D0: File (R--) C:\Windows\Fonts\ARIALUNI.TTF
3D4: File (R--) C:\Windows\Fonts\ARIALUNI.TTF
3DC: File (R--) C:\Windows\Fonts\ARIALUNI.TTF
568: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_68468ef2744c69d08e473a19136d0685b89391871097bd66d0b8521ec9514d25
------------------------------------------------------------------------------
chrome.exe pid: 6640 CORPAI\sborazyi0360
50: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
54: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
68: File (R--) C:\Windows\Fonts\arial.ttf
BC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_53671bdcf15251f18e7732ae748020e28b24ce7bf3cfa240c2b53e9285b5ef72
CC: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
140: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\icudtl.dat
148: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\v8_context_snapshot.bin
150: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\natives_blob.bin
158: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\chrome_100_percent.pak
160: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\chrome_200_percent.pak
16C: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\Locales\en-US.pak
170: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\resources.pak
230: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Subresource Filter\Indexed Rules\19\7.54\Ruleset Data
268: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\Dictionaries\
en-US-8-0.bdic
2CC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_ee1e0f15f7efffbc31de4198c2b21097201dc911f62286b5f23f8f68d4d58b7a
2D0: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_e52e061bf448b5e4897f62009dd7507bf3d856cdc0be9fbdd8043c9e73b0d22c
2DC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_55f965083a45f060fa56cae80d5bea04c3c32638b7cfac1467cd7a114148c2d6
2F8: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_fbe8fe611ea4fbd4f3c64bdc9c5844df58b434b2cb5363d82b6c0f7867dfdf6b
2FC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_ad2e770ad84fe91ccd68efff8e2e24a917b6a55ff8d13e2ebebb6007fdac8f6e
300: File (R--) C:\Windows\Fonts\arial.ttf
304: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_613f7fb85fac1445bbae764eeef8e4320befe712e3e4e6aedbbc97d26be19525
310: File (R--) C:\Windows\Fonts\arialbd.ttf
314: File (R--) C:\Windows\Fonts\arialbi.ttf
318: File (R--) C:\Windows\Fonts\ariali.ttf
31C: File (R--) C:\Windows\Fonts\ARIALN.TTF
320: File (R--) C:\Windows\Fonts\ARIALNB.TTF
324: File (R--) C:\Windows\Fonts\ARIALNBI.TTF
328: File (R--) C:\Windows\Fonts\ARIALNI.TTF
32C: File (R--) C:\Windows\Fonts\ariblk.ttf
330: File (R--) C:\Windows\Fonts\arialbd.ttf
338: File (R--) C:\Windows\Fonts\arialbd.ttf
340: File (R--) C:\Windows\Fonts\times.ttf
344: File (R--) C:\Windows\Fonts\timesbd.ttf
348: File (R--) C:\Windows\Fonts\timesbi.ttf
34C: File (R--) C:\Windows\Fonts\timesi.ttf
350: File (R--) C:\Windows\Fonts\timesbd.ttf
358: File (R--) C:\Windows\Fonts\timesbd.ttf
360: File (R--) C:\Windows\Fonts\cambria.ttc
364: File (R--) C:\Windows\Fonts\seguisym.ttf
368: File (R--) C:\Windows\Fonts\seguisym.ttf
370: File (R--) C:\Windows\Fonts\cambria.ttc
378: File (R--) C:\Windows\Fonts\seguisym.ttf
380: File (R--) C:\Windows\Fonts\tahoma.ttf
384: File (R--) C:\Windows\Fonts\tahomabd.ttf
388: File (R--) C:\Windows\Fonts\tahomabd.ttf
390: File (R--) C:\Windows\Fonts\ARIALUNI.TTF
394: File (R--) C:\Windows\Fonts\ARIALUNI.TTF
39C: File (R--) C:\Windows\Fonts\l_10646.ttf
3A0: File (R--) C:\Windows\Fonts\l_10646.ttf
3A8: File (R--) C:\Windows\Fonts\micross.ttf
3AC: File (R--) C:\Windows\Fonts\micross.ttf
3C0: File (R--) C:\Windows\Fonts\pala.ttf
3C4: File (R--) C:\Windows\Fonts\palab.ttf
3C8: File (R--) C:\Windows\Fonts\palabi.ttf
3CC: File (R--) C:\Windows\Fonts\palai.ttf
3D0: File (R--) C:\Windows\Fonts\palab.ttf
3D8: File (R--) C:\Windows\Fonts\msgothic.ttc
3DC: File (R--) C:\Windows\Fonts\msgothic.ttc
 3E4: File (R--) C:\Windows\Fonts\simsun.ttc
3E8: File (R--) C:\Windows\Fonts\simsun.ttc
3F0: File (R--) C:\Windows\Fonts\gulim.ttc
3F4: File (R--) C:\Windows\Fonts\gulim.ttc
410: File (R--) C:\Windows\Fonts\mingliu.ttc
414: File (R--) C:\Windows\Fonts\mingliu.ttc
424: File (R--) C:\Windows\Fonts\times.ttf
434: File (R--) C:\Windows\Fonts\arial.ttf
448: File (R--) C:\Windows\Fonts\ariali.ttf
450: File (R--) C:\Windows\Fonts\ariali.ttf
458: File (R--) C:\Windows\Fonts\arialbi.ttf
460: File (R--) C:\Windows\Fonts\arialbi.ttf
470: File (R--) C:\Windows\Fonts\times.ttf
484: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_e9b675f824f8c685884cd8295a3cd2470b0d1fe014a16f333c317e60b8d6c722
4A8: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_f58fa366de5878acefaf1ce7bda0874e4f186061172b25ca92102b8333d33d07
4AC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_2856e98cb0cd61667d93b200e00a8588e810241f9dcf10acca8bbbabf2819a78
4B0: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_5b30fb337e7a6dcedef9ecdb972b8eaae7eb679bc281ae20a843417a66afce0c
4BC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_5e604455806e0bab00f3f0ec2e8fb562088198a4386d1ab129c9413d0bc55976
4C4: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_116586b9ed51363ab9ca03b29c36cef9b88bd36220dcc2b46a7637c43eadc6e9
4E0: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_5c4f11e045a084f6657bca92c632186278bae5b308fdfa6fdbd6d79b45158c9f
568: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_68468ef2744c69d08e473a19136d0685b89391871097bd66d0b8521ec9514d25
------------------------------------------------------------------------------
chrome.exe pid: 9200 CORPAI\sborazyi0360
50: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
54: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
BC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_53671bdcf15251f18e7732ae748020e28b24ce7bf3cfa240c2b53e9285b5ef72
CC: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
140: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\icudtl.dat
148: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\v8_context_snapshot.bin
150: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\natives_blob.bin
158: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\chrome_100_percent.pak
160: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\chrome_200_percent.pak
16C: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\Locales\en-US.pak
170: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\resources.pak
25C: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Subresource Filter\Indexed Rules\19\7.54\Ruleset Data
270: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\Dictionaries\
en-US-8-0.bdic
2D4: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_c6378a4d6c9506a3851bc3a0566682e0df06057cae51da759d346ab6e97c2e1f
2D8: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_79eb011fbea9686cffa7a58b6998b891c5d640d02b5efc16cda45a8c5a604604
 2E4: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_307c56118b8829546c51cda02f0e84c3546c0c2a83574867ab2d0e2be23cfc69
2F8: File (R--) C:\Windows\Fonts\arial.ttf
304: File (R--) C:\Windows\Fonts\timesbd.ttf
308: File (R--) C:\Windows\Fonts\arialbd.ttf
30C: File (R--) C:\Windows\Fonts\arialbi.ttf
310: File (R--) C:\Windows\Fonts\ariali.ttf
314: File (R--) C:\Windows\Fonts\ARIALN.TTF
318: File (R--) C:\Windows\Fonts\ARIALNB.TTF
31C: File (R--) C:\Windows\Fonts\ARIALNBI.TTF
320: File (R--) C:\Windows\Fonts\ARIALNI.TTF
324: File (R--) C:\Windows\Fonts\ariblk.ttf
328: File (R--) C:\Windows\Fonts\arial.ttf
330: File (R--) C:\Windows\Fonts\arialbd.ttf
338: File (R--) C:\Windows\Fonts\arialbd.ttf
340: File (R--) C:\Windows\Fonts\arial.ttf
34C: File (R--) C:\Windows\Fonts\times.ttf
36C: File (R--) C:\Windows\Fonts\timesbi.ttf
370: File (R--) C:\Windows\Fonts\timesi.ttf
374: File (R--) C:\Windows\Fonts\timesbd.ttf
37C: File (R--) C:\Windows\Fonts\timesbd.ttf
384: File (R--) C:\Windows\Fonts\seguisym.ttf
388: File (R--) C:\Windows\Fonts\seguisym.ttf
390: File (R--) C:\Windows\Fonts\cambria.ttc
394: File (R--) C:\Windows\Fonts\cambria.ttc
39C: File (R--) C:\Windows\Fonts\cambria.ttc
3A4: File (R--) C:\Windows\Fonts\tahoma.ttf
3A8: File (R--) C:\Windows\Fonts\tahomabd.ttf
3AC: File (R--) C:\Windows\Fonts\tahomabd.ttf
3B4: File (R--) C:\Windows\Fonts\ARIALUNI.TTF
3B8: File (R--) C:\Windows\Fonts\ARIALUNI.TTF
3C0: File (R--) C:\Windows\Fonts\ARIALUNI.TTF
568: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_68468ef2744c69d08e473a19136d0685b89391871097bd66d0b8521ec9514d25
------------------------------------------------------------------------------
chrome.exe pid: 7956 CORPAI\sborazyi0360
50: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
54: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
68: File (R--) C:\Windows\Fonts\arial.ttf
BC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_53671bdcf15251f18e7732ae748020e28b24ce7bf3cfa240c2b53e9285b5ef72
CC: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
140: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\icudtl.dat
148: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\v8_context_snapshot.bin
150: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\natives_blob.bin
158: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\chrome_100_percent.pak
160: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\chrome_200_percent.pak
16C: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\Locales\en-US.pak
170: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\resources.pak
230: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Subresource Filter\Indexed Rules\19\7.54\Ruleset Data
 268: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\Dictionaries\
en-US-8-0.bdic
2D8: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_2564c8a333f52cc5789cc6e878617828fcea83d85beef0bd722147c37547e309
2DC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_1afd849a46a0373f4b4767fc9f52d5bb337fdb24289ca8e7e215d2300986dda6
2EC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_68433d38fc45b9a9c8bf341cd07b78b4012795388e79b46a43d6ecdf366203f8
300: File (R--) C:\Windows\Fonts\arialbd.ttf
304: File (R--) C:\Windows\Fonts\arialbi.ttf
308: File (R--) C:\Windows\Fonts\ariali.ttf
30C: File (R--) C:\Windows\Fonts\ARIALN.TTF
310: File (R--) C:\Windows\Fonts\ARIALNB.TTF
314: File (R--) C:\Windows\Fonts\ARIALNBI.TTF
318: File (R--) C:\Windows\Fonts\ARIALNI.TTF
31C: File (R--) C:\Windows\Fonts\ariblk.ttf
320: File (R--) C:\Windows\Fonts\arial.ttf
328: File (R--) C:\Windows\Fonts\verdana.ttf
32C: File (R--) C:\Windows\Fonts\verdanab.ttf
330: File (R--) C:\Windows\Fonts\verdanai.ttf
334: File (R--) C:\Windows\Fonts\verdanaz.ttf
338: File (R--) C:\Windows\Fonts\verdanab.ttf
340: File (R--) C:\Windows\Fonts\arialbd.ttf
348: File (R--) C:\Windows\Fonts\verdanab.ttf
350: File (R--) C:\Windows\Fonts\verdana.ttf
358: File (R--) C:\Windows\Fonts\verdana.ttf
360: File (R--) C:\Windows\Fonts\arialbd.ttf
378: File (R--) C:\Windows\Fonts\arial.ttf
568: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_68468ef2744c69d08e473a19136d0685b89391871097bd66d0b8521ec9514d25
------------------------------------------------------------------------------
chrome.exe pid: 6028 CORPAI\sborazyi0360
4C: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
50: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181
BC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_53671bdcf15251f18e7732ae748020e28b24ce7bf3cfa240c2b53e9285b5ef72
CC: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
140: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\icudtl.dat
148: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\v8_context_snapshot.bin
150: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\natives_blob.bin
158: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\chrome_100_percent.pak
160: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\chrome_200_percent.pak
16C: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\Locales\en-US.pak
170: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\
66.0.3359.181\resources.pak
240: File (RWD) C:\Users\sborazyi0360\AppData\Local\Google\Chrome\User Data\
Subresource Filter\Indexed Rules\19\7.54\Ruleset Data
260: File (RW-) C:\Program Files (x86)\Google\Chrome\Application\Dictionaries\
en-US-8-0.bdic
2D4: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_40a31a1e4c87e079092bd5a44f9b5a419fc212c03e18da72ab3d4b6506133eae
2DC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_5421983ee4a2219fa9ba48c84a0d278bf6aff31c5692743c101ef497b48079de
2E4: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_a3726ad01330c8d5b9a1524d33e0c4badb8eccf78d5e5199a541fded1a4d6260
2E8: File (R--) C:\Windows\Fonts\arial.ttf
2EC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_4799ff4e5893d3d36013ca533ba258e10b0a9fbd9eb5d41db60e53202b6fdda4
2F0: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_97c9c2a03322df36b60f718863ad04ed95da48bee00580a5fb4de3b28d730346
314: File (R--) C:\Windows\Fonts\CalibriL.ttf
320: File (R--) C:\Windows\Fonts\arialbd.ttf
32C: File (R--) C:\Windows\Fonts\arialbi.ttf
330: File (R--) C:\Windows\Fonts\ariali.ttf
334: File (R--) C:\Windows\Fonts\ARIALN.TTF
338: File (R--) C:\Windows\Fonts\ARIALNB.TTF
340: File (R--) C:\Windows\Fonts\ARIALNBI.TTF
344: File (R--) C:\Windows\Fonts\ARIALNI.TTF
348: File (R--) C:\Windows\Fonts\ariblk.ttf
34C: File (R--) C:\Windows\Fonts\arial.ttf
354: File (R--) C:\Windows\Fonts\tahoma.ttf
358: File (R--) C:\Windows\Fonts\tahomabd.ttf
35C: File (R--) C:\Windows\Fonts\tahoma.ttf
364: File (R--) C:\Windows\Fonts\verdana.ttf
368: File (R--) C:\Windows\Fonts\verdanab.ttf
36C: File (R--) C:\Windows\Fonts\verdanai.ttf
370: File (R--) C:\Windows\Fonts\verdanaz.ttf
374: File (R--) C:\Windows\Fonts\verdana.ttf
37C: File (R--) C:\Windows\Fonts\arial.ttf
384: File (R--) C:\Windows\Fonts\times.ttf
388: File (R--) C:\Windows\Fonts\timesbd.ttf
38C: File (R--) C:\Windows\Fonts\timesbi.ttf
390: File (R--) C:\Windows\Fonts\timesi.ttf
394: File (R--) C:\Windows\Fonts\times.ttf
39C: File (R--) C:\Windows\Fonts\times.ttf
3A4: File (R--) C:\Windows\Fonts\tahoma.ttf
3AC: File (R--) C:\Windows\Fonts\arialbd.ttf
3B4: File (R--) C:\Windows\Fonts\arialbd.ttf
3BC: File (R--) C:\Windows\Fonts\georgia.ttf
3C4: File (R--) C:\Windows\Fonts\calibri.ttf
3CC: File (R--) C:\Windows\Fonts\georgiab.ttf
3D0: File (R--) C:\Windows\Fonts\georgiai.ttf
3D4: File (R--) C:\Windows\Fonts\georgiaz.ttf
3D8: File (R--) C:\Windows\Fonts\georgia.ttf
3E4: File (R--) C:\Windows\Fonts\verdanab.ttf
3F4: File (R--) C:\Windows\Fonts\calibri.ttf
424: File (R--) C:\Windows\Fonts\calibrii.ttf
430: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_6e80dd30855d982ecb4cf30585b0ceb9444a0f4ad239b05ace4fc718fc30bbd4
438: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_df99ad05858b6629cfc3e626becca6396d306b9f24ce2ee6a5aa68636d2a1006
44C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_b4440cd0bc41694a21c56e538dd2f529fd81f1f3a24445c98c376506bbbea18d
45C: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_630e696a7036aedeed9cae20f8d8c04e82f6c2fa10cf9e37bf174f6e90d85a96
498: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_635796f9dbe21de5111386b2be7dbc51335331a17f41a635b469e6067639173b
4A0: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_9ae4b3771aed32bfff9198544b012033e357829a50c70cda20b39b41aa1b3ee2
4C0: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_7d7f39c8ed31284ce8a4409bffe64403493b7ae8356025773188b06ceabe63ab
 4CC: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_36790dc5bafa7cc2e13b7f6d521d46e7b977181562c26fce3619a3fd877346e1
4DC: File (R--) C:\Windows\Fonts\CalibriLI.ttf
4FC: File (R--) C:\Windows\Fonts\calibriz.ttf
500: File (R--) C:\Windows\Fonts\calibrib.ttf
520: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_69d8c91bed95bfd4cc8cf53c4353d9437375e7e05ba8c7ee9def4bb7fa770938
524: File (R--) C:\Windows\Fonts\calibrib.ttf
568: Section \Sessions\1\BaseNamedObjects\
CrSharedMem_68468ef2744c69d08e473a19136d0685b89391871097bd66d0b8521ec9514d25
------------------------------------------------------------------------------
SearchProtocolHost.exe pid: 7540 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
2E0: Section \BaseNamedObjects\UsGthrCtrlFltPipeMssGthrPipe145
2EC: Section \BaseNamedObjects\__ComCatalogCache__
2F8: Section \BaseNamedObjects\__ComCatalogCache__
340: Section \BaseNamedObjects\UsGthrFltPipeMssGthrPipe145_1
3BC: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
3F8: Section \BaseNamedObjects\windows_shell_global_counters
404: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
418: Section \BaseNamedObjects\windows_shell_global_counters
4EC: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
4F0: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-
3716689AF493}.2.ver0x000000000000000b.db
4F4: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
4F8: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-
1A9A39C3FDA2}.2.ver0x0000000000000002.db
500: File (R-D) C:\Windows\System32\en-US\shell32.dll.mui
50C: Section \BaseNamedObjects\windows_shell_global_counters
------------------------------------------------------------------------------
SearchFilterHost.exe pid: 6588 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
D4: Section \BaseNamedObjects\__ComCatalogCache__
DC: Section \BaseNamedObjects\__ComCatalogCache__
368: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
36C: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
370: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
374: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-
3716689AF493}.2.ver0x000000000000000b.db
378: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
37C: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-
1A9A39C3FDA2}.2.ver0x0000000000000002.db
10C4: Section \BaseNamedObjects\
C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
------------------------------------------------------------------------------
PrintIsolationHost.exe pid: 4136 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
 8C: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
WmiPrvSE.exe pid: 6440 NT AUTHORITY\SYSTEM
10: File (RW-) C:\Windows
1C: File (RW-) C:\Windows\SysWOW64
C0: File (R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui
12C: Section \BaseNamedObjects\Wmi Provider Sub System Counters
148: Section \BaseNamedObjects\__ComCatalogCache__
154: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
cmd.exe pid: 6360 NT AUTHORITY\SYSTEM
68: File (RW-) C:\
78: File (R--) C:\handleall.txt
------------------------------------------------------------------------------
conhost.exe pid: 3312 NT AUTHORITY\SYSTEM
C: File (RW-) C:\Windows\System32
88: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
------------------------------------------------------------------------------
Handle.exe pid: 5296 NT AUTHORITY\SYSTEM
10: File (RW-) C:\Windows
1C: File (RW-) C:\
2C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-
controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5
78: File (R--) C:\handleall.txt
------------------------------------------------------------------------------
Handle64.exe pid: 3872 NT AUTHORITY\SYSTEM
4: File (R--) C:\handleall.txt
10: File (RW-) C:\
20: File (RW-) C:\Windows\winsxs\amd64_microsoft.windows.common-
controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df