API tools faq
paste
Guest User

Untitled

a guest
Oct 27th, 2016
152
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 194.56 KB | None | 0 0
raw download clone embed print report
  1. root@puck:/mnt/datos/programaslin/ctf/volatility/volatility-2.3.1# ./vol.py --profile=Win7SP0x64 filescan -f /mnt/datos/ctf/cybercamp/for/for02/20160926.mem
  2. Volatility Foundation Volatility Framework 2.3.1
  3. Offset(P) #Ptr #Hnd Access Name
  4. ------------------ ------ ------ ------ ----
  5. 0x00000000058dfab0 1 1 R--r-d \Device\HarddiskVolume2\Windows\ehome\malgunmc.ttf
  6. 0x00000000058e08e0 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\dbghelp.dll
  7. 0x00000000058e1070 1 1 R--r-d \Device\HarddiskVolume2\Windows\ehome\WTVGOTHIC-S.ttc
  8. 0x00000000058e25e0 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wininit.exe
  9. 0x00000000058e2850 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  10. 0x00000000058e52c0 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\sxssrv.dll
  11. 0x00000000058ec9a0 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\mssph.dll
  12. 0x00000000058f39d0 16 0 R--r-d \Device\HarddiskVolume2\Windows\Fonts\vgasys.fon
  13. 0x00000000058fa510 16 0 R--r-d \Device\HarddiskVolume2\Windows\Fonts\app850.fon
  14. 0x0000000005923460 3 0 R--r-d \Device\HarddiskVolume2\Windows\System32\pcwum.dll
  15. 0x000000000592b5a0 16 0 R--r-d \Device\HarddiskVolume2\Windows\Fonts\cga80850.fon
  16. 0x000000000592b6f0 16 0 R--r-d \Device\HarddiskVolume2\Windows\Fonts\ega40850.fon
  17. 0x000000000594e6f0 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\winsta.dll
  18. 0x0000000005955f20 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  19. 0x0000000005966410 16 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\stdole2.tlb
  20. 0x0000000005966560 11 0 R--rwd \Device\HarddiskVolume2\Windows\System32\dot3api.dll
  21. 0x0000000005966cc0 1 1 RW---- \Device\HarddiskVolume2\Windows\System32\config\SECURITY
  22. 0x000000000596a590 16 0 R--r-d \Device\HarddiskVolume2\Windows\Fonts\vga850.fon
  23. 0x000000000596a6e0 16 0 R--r-d \Device\HarddiskVolume2\Windows\Fonts\cga40850.fon
  24. 0x000000000596bf20 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\umpnpmgr.dll
  25. 0x000000000597fab0 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
  26. 0x00000000059973c0 12 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\npmproxy.dll
  27. 0x000000000599af20 16 0 R--rwd \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
  28. 0x000000000599de60 16 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\msxml6r.dll
  29. 0x00000000059a6470 1 1 R--rw- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ABAI7SR9\follow_button[1].htm
  30. 0x00000000059b2980 13 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\dhcpcsvc.dll
  31. 0x00000000059b3170 14 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
  32. 0x00000000059b7540 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  33. 0x00000000059b9f20 16 0 R--rwd \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
  34. 0x00000000059bfc00 3 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\msxml6.dll
  35. 0x00000000059c0070 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  36. 0x00000000059c2580 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  37. 0x00000000059c8070 19 0 RW-rwd \Device\HarddiskVolume2\$ConvertToNonresident
  38. 0x00000000059c8450 17 1 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\es-ES\urlmon.dll.mui
  39. 0x00000000059cca30 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
  40. 0x00000000059ccb80 2 0 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk
  41. 0x00000000059ccea0 1 0 RW-rwd \Device\HarddiskVolume2\$PrepareToShrinkFileSize
  42. 0x00000000059ce580 16 0 R--r-d \Device\HarddiskVolume2\Program Files (x86)\Internet Explorer\ieproxy.dll
  43. 0x00000000059ce6d0 14 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
  44. 0x00000000059cf960 16 0 R--rwd \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
  45. 0x00000000059cfc10 16 0 R--rwd \Device\HarddiskVolume2????????\System32\IDStore.dll
  46. 0x00000000059cfec0 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
  47. 0x000000002506cf20 16 0 R--rwd \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
  48. 0x0000000045156460 3 0 R--r-d \Device\HarddiskVolume2\Windows\System32\pcwum.dll
  49. 0x00000000473e6170 14 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
  50. 0x000000004df94070 1 1 R--r-d \Device\HarddiskVolume2\Windows\ehome\WTVGOTHIC-S.ttc
  51. 0x0000000054188f20 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  52. 0x0000000055575580 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  53. 0x0000000055a9f9a0 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\mssph.dll
  54. 0x00000000562e69a0 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\mssph.dll
  55. 0x00000000569938e0 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\dbghelp.dll
  56. 0x000000005749d590 16 0 R--r-d \Device\HarddiskVolume2\Windows\Fonts\vga850.fon
  57. 0x000000005749d6e0 16 0 R--r-d \Device\HarddiskVolume2\Windows\Fonts\cga40850.fon
  58. 0x0000000057c19410 16 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\stdole2.tlb
  59. 0x0000000057c19560 11 0 R--rwd \Device\HarddiskVolume2\Windows\System32\dot3api.dll
  60. 0x0000000057c19cc0 1 1 RW---- \Device\HarddiskVolume2\Windows\System32\config\SECURITY
  61. 0x0000000057ccdf20 16 0 R--rwd \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
  62. 0x0000000058112ab0 1 1 R--r-d \Device\HarddiskVolume2\Windows\ehome\malgunmc.ttf
  63. 0x00000000591982c0 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\sxssrv.dll
  64. 0x00000000592955e0 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wininit.exe
  65. 0x0000000059295850 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  66. 0x00000000596816f0 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\winsta.dll
  67. 0x000000005a001580 16 0 R--r-d \Device\HarddiskVolume2\Program Files (x86)\Internet Explorer\ieproxy.dll
  68. 0x000000005a0016d0 14 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
  69. 0x000000006a406f20 16 0 R--rwd \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
  70. 0x000000007013a580 16 0 R--r-d \Device\HarddiskVolume2\Program Files (x86)\Internet Explorer\ieproxy.dll
  71. 0x000000007013a6d0 14 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
  72. 0x00000000732512c0 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\sxssrv.dll
  73. 0x000000007dc2bc30 1 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\WinSATAPI.dll.mui
  74. 0x000000007de7b4b0 16 0 RW---- \Device\HarddiskVolume2\Windows\AppCompat\Programs\RecentFileCache.bcf
  75. 0x000000007de7b730 2 1 R--rwd \Device\CdRom0\
  76. 0x000000007dedb070 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\EAPQEC.DLL
  77. 0x000000007dedb4c0 1 1 ------ \Device\Afd\Endpoint
  78. 0x000000007dedbf20 3 0 RW-rwd \Device\HarddiskVolume2\$Directory
  79. 0x000000007dee5880 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\WindowsAnytimeUpgradeui.exe
  80. 0x000000007dee59d0 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\windowsanytimeupgradeui.exe.mui
  81. 0x000000007deead60 13 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\rasadhlp.dll
  82. 0x000000007df2c3c0 13 0 R--rwd \Device\HarddiskVolume2\Program Files\Windows NT\Accessories\wordpad.exe
  83. 0x000000007df2caa0 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  84. 0x000000007df37260 1 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\KernelBase.dll.mui
  85. 0x000000007df37500 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6
  86. 0x000000007df3da70 10 0 R--rwd \Device\HarddiskVolume2\Windows\System32\notepad.exe
  87. 0x000000007df559b0 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\keyiso.dll
  88. 0x000000007df5b070 2 1 ------ \Device\Afd\Endpoint
  89. 0x000000007df5b880 2 1 ------ \Device\Afd\Endpoint
  90. 0x000000007df65070 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\NlsData000a.dll
  91. 0x000000007df6b6c0 11 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\dhcpcsvc6.dll
  92. 0x000000007df6c070 15 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\uxtheme.dll
  93. 0x000000007df6d820 11 0 R--rwd \Device\HarddiskVolume2\Windows\System32\OobeFldr.dll
  94. 0x000000007e009530 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wscinterop.dll
  95. 0x000000007e01bf20 15 0 R--r-- \Device\HarddiskVolume2\Windows\winsxs\Manifests\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_es-es_103af8cc43d0a688.manifest
  96. 0x000000007e01cdc0 15 0 R--rwd \Device\HarddiskVolume2\Users\USER01\Desktop\desktop.ini
  97. 0x000000007e023d10 16 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\jscript9.dll
  98. 0x000000007e040070 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\UIAnimation.dll
  99. 0x000000007e047070 1 1 RW-r-d \Device\HarddiskVolume2\Windows\System32\wfp\wfpdiag.etl
  100. 0x000000007e047370 2 2 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
  101. 0x000000007e04c8f0 10 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\FWPUCLNT.DLL
  102. 0x000000007e054630 3 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\Windows\Libraries
  103. 0x000000007e054a20 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  104. 0x000000007e055dd0 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\Pictures
  105. 0x000000007e055f20 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\Pictures
  106. 0x000000007e056070 2 1 R--rwd \Device\HarddiskVolume2\Users\Public\Pictures
  107. 0x000000007e056240 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\Music
  108. 0x000000007e056390 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\Music
  109. 0x000000007e056c80 2 1 R--rwd \Device\HarddiskVolume2\Users\Public\Recorded TV
  110. 0x000000007e056dd0 15 0 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms
  111. 0x000000007e056f20 2 1 R--rwd \Device\HarddiskVolume2\Users\Public\Pictures
  112. 0x000000007e058070 3 1 R--rwd \Device\HarddiskVolume2\Users\Public\Libraries
  113. 0x000000007e058f20 15 0 R--rwd \Device\HarddiskVolume2\Users\Public\Libraries\RecordedTV.library-ms
  114. 0x000000007e05dd10 15 0 R--rwd \Device\HarddiskVolume2\Users\Public\Videos\desktop.ini
  115. 0x000000007e05df20 17 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\ActionCenter.dll.mui
  116. 0x000000007e05e070 18 0 RW-rwd \Device\HarddiskVolume2\$Directory
  117. 0x000000007e05e340 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\Videos
  118. 0x000000007e05e490 2 1 R--rwd \Device\HarddiskVolume2\Users\Public\Recorded TV
  119. 0x000000007e05ec90 2 1 R--rwd \Device\HarddiskVolume2\Users\Public\Music
  120. 0x000000007e05ede0 2 1 R--rwd \Device\HarddiskVolume2\Users\Public\Music
  121. 0x000000007e062520 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  122. 0x000000007e06b070 2 1 R--rwd \Device\HarddiskVolume2\Users\Public\Videos
  123. 0x000000007e06b780 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\Videos
  124. 0x000000007e06bf20 2 1 R--rwd \Device\HarddiskVolume2\Users\Public\Videos
  125. 0x000000007e082070 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wercplsupport.dll
  126. 0x000000007e082920 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\systemcpl.dll
  127. 0x000000007e08b070 13 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\winnsi.dll
  128. 0x000000007e08b9e0 7 0 R--rwd \Device\HarddiskVolume2\Windows\System32\iedkcs32.dll
  129. 0x000000007e0969f0 16 0 R--r-- \Device\HarddiskVolume2\Windows\winsxs\Manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest
  130. 0x000000007e0a0ea0 3 1 R--rwd \Device\HarddiskVolume2\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My
  131. 0x000000007e0a4070 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\bitsigd.dll
  132. 0x000000007e0b1a10 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\dssenh.dll
  133. 0x000000007e0b2a70 15 0 R--r-d \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpengine.dll
  134. 0x000000007e0b2c90 12 0 R--rwd \Device\HarddiskVolume2\Windows\System32\webcheck.dll
  135. 0x000000007e0d4070 2 1 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\WER\ReportArchive
  136. 0x000000007e0d4680 14 0 R--rwd \Device\HarddiskVolume2\Windows\System32\recovery.dll
  137. 0x000000007e201f20 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\Syncreg.dll
  138. 0x000000007e20b790 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\cscobj.dll
  139. 0x000000007e20c070 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\werconcpl.dll
  140. 0x000000007e20e5f0 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\pnidui.dll
  141. 0x000000007e20ea90 10 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\sxs.dll
  142. 0x000000007e20f2f0 17 0 RW-rwd \Device\HarddiskVolume2\$Directory
  143. 0x000000007e22de60 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini
  144. 0x000000007e2305f0 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wlanutil.dll
  145. 0x000000007e232a90 17 0 RW-rwd \Device\HarddiskVolume2\$Directory
  146. 0x000000007e233770 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wlanapi.dll
  147. 0x000000007e2344c0 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\mssprxy.dll
  148. 0x000000007e242070 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  149. 0x000000007e242500 33 1 -W-r-- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
  150. 0x000000007e245dd0 18 1 RW-rw- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
  151. 0x000000007e249570 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\SyncCenter.dll
  152. 0x000000007e24a070 5 0 R--r-- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
  153. 0x000000007e256950 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\ieframe.dll
  154. 0x000000007e256aa0 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx
  155. 0x000000007e257ac0 11 0 R--rwd \Device\HarddiskVolume2\Windows\System32\fms.dll
  156. 0x000000007e257dd0 1 1 RW---- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
  157. 0x000000007e257f20 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\QAGENT.DLL
  158. 0x000000007e258ad0 3 0 R--r-d \Device\HarddiskVolume2\Windows\System32\bthprops.cpl
  159. 0x000000007e259200 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  160. 0x000000007e259390 1 1 RW---- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
  161. 0x000000007e259b00 19 1 RWD--- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
  162. 0x000000007e25aa20 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\mdminst.dll
  163. 0x000000007e25c9c0 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk
  164. 0x000000007e25d180 2 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wmdrmdev.dll
  165. 0x000000007e25d8c0 17 1 RW-rw- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
  166. 0x000000007e25e070 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  167. 0x000000007e26ab40 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
  168. 0x000000007e26b070 4 0 RW-rwd \Device\HarddiskVolume2\$Directory
  169. 0x000000007e26b9f0 2 1 ------ \Device\Afd\Endpoint
  170. 0x000000007e26c6f0 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\McxDriv.dll
  171. 0x000000007e26f6d0 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wmpmde.dll
  172. 0x000000007e270070 3 0 R--r-d \Device\HarddiskVolume2\Windows\System32\imapi2.dll
  173. 0x000000007e271070 1 1 ------ \Device\Afd\Endpoint
  174. 0x000000007e273460 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\MSMPEG2ENC.DLL
  175. 0x000000007e27c670 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
  176. 0x000000007e27dc90 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\devenum.dll
  177. 0x000000007e281070 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\mapi32.dll
  178. 0x000000007e2816b0 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wmp.dll
  179. 0x000000007e281dd0 18 0 RW-rwd \Device\HarddiskVolume2\$Directory
  180. 0x000000007e282870 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  181. 0x000000007e283de0 3 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\SystemCertificates\My
  182. 0x000000007e2899f0 7 0 R--rwd \Device\HarddiskVolume2\Windows\System32\control.exe
  183. 0x000000007e289d20 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\hgcpl.dll
  184. 0x000000007e289e70 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\SearchProtocolHost.exe
  185. 0x000000007e28bd00 10 0 R--rwd \Device\HarddiskVolume2\Windows\System32\sud.dll
  186. 0x000000007e28d640 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\msshooks.dll
  187. 0x000000007e28e350 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\fdSSDP.dll
  188. 0x000000007e28e4a0 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\fdPHost.dll
  189. 0x000000007e28f170 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\fdWSD.dll
  190. 0x000000007e29aab0 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  191. 0x000000007e29b8d0 8 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\ncrypt.dll
  192. 0x000000007e29eb70 16 0 R--r-- \Device\HarddiskVolume2\Windows\winsxs\Manifests\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_es-es_57e82fa3584ccf8e.manifest
  193. 0x000000007e29f2c0 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\SearchFilterHost.exe
  194. 0x000000007e2a05a0 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\mscoree.dll
  195. 0x000000007e2a25c0 19 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
  196. 0x000000007e2a38c0 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\mlang.dll
  197. 0x000000007e2a82f0 2 1 ------ \Device\Afd\Endpoint
  198. 0x000000007e2a8630 12 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\samcli.dll
  199. 0x000000007e2aa900 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wmploc.DLL
  200. 0x000000007e2ac230 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\fdProxy.dll
  201. 0x000000007e2acce0 1 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\KernelBase.dll.mui
  202. 0x000000007e2af7e0 13 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\msimg32.dll
  203. 0x000000007e2b9320 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\certCredProvider.dll
  204. 0x000000007e2bce10 2 1 ------ \Device\Afd\Endpoint
  205. 0x000000007e2bddd0 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\FXSST.dll
  206. 0x000000007e2be2f0 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.19061_none_2b299db671e86e03
  207. 0x000000007e2bf070 2 1 ------ \Device\Afd\Endpoint
  208. 0x000000007e2bf6d0 2 1 ------ \Device\Afd\Endpoint
  209. 0x000000007e2c03e0 2 1 ------ \Device\Afd\Endpoint
  210. 0x000000007e2c0f20 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\FXSAPI.dll
  211. 0x000000007e2c1070 2 1 ------ \Device\Afd\Endpoint
  212. 0x000000007e2c1a30 2 1 ------ \Device\Afd\Endpoint
  213. 0x000000007e2c3dd0 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\telephon.cpl
  214. 0x000000007e2c5070 1 0 RW-rwd \Device\HarddiskVolume2\$PrepareToShrinkFileSize
  215. 0x000000007e2c64b0 8 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\srvcli.dll
  216. 0x000000007e2c8070 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\P2P.dll
  217. 0x000000007e2c8290 13 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\ieframe.dll
  218. 0x000000007e2c86d0 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\ListSvc.dll
  219. 0x000000007e2c98a0 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  220. 0x000000007e2cbba0 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\blackbox.dll
  221. 0x000000007e2cc890 3 0 R--r-d \Device\HarddiskVolume2\Windows\System32\p2pcollab.dll
  222. 0x000000007e2ccc80 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\FXSRESM.dll
  223. 0x000000007e2ccf20 1 1 -W-rw- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Temp\FXSAPIDebugLogFile.txt
  224. 0x000000007e2cd270 1 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\FirewallAPI.dll.mui
  225. 0x000000007e2cedd0 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\IdListen.dll
  226. 0x000000007e2d12d0 14 0 R--rwd \Device\HarddiskVolume2\Windows\System32\mshtml.dll
  227. 0x000000007e2d2190 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\upnphost.dll
  228. 0x000000007e2d2f20 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  229. 0x000000007e2d6c80 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\hgprint.dll
  230. 0x000000007e2d9070 6 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-Known Folders API Service.evtx
  231. 0x000000007e2da070 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\pnrpsvc.dll
  232. 0x000000007e2e5120 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\mssvp.dll
  233. 0x000000007e2e5bf0 1 1 ------ \Device\Afd\Endpoint
  234. 0x000000007e2e8570 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\jscript.dll
  235. 0x000000007e2ea510 9 0 R--rwd \Device\HarddiskVolume2\Windows\System32\msfeeds.dll
  236. 0x000000007e2eb170 9 0 R--rwd \Device\HarddiskVolume2\Windows\System32\rasplap.dll
  237. 0x000000007e2ece80 1 1 ------ \Device\Afd\Endpoint
  238. 0x000000007e2ef2b0 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  239. 0x000000007e2ef820 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\WinSATAPI.dll
  240. 0x000000007e2f0070 2 1 ------ \Device\NamedPipe\wkssvc
  241. 0x000000007e2f99e0 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wu.upgrade.ps.dll
  242. 0x000000007e2faf20 2 1 ------ \Device\Afd\Endpoint
  243. 0x000000007e2fbf20 1 1 ------ \Device\Afd\Endpoint
  244. 0x000000007e2fdb80 1 1 R--rwd \Device\HarddiskVolume2\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\Icon Files
  245. 0x000000007e2fe260 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wbem\WmiPrvSE.exe
  246. 0x000000007e2fe470 14 0 R--rwd \Device\HarddiskVolume2\Windows\System32\devmgmt.msc
  247. 0x000000007e301890 17 0 RW-rw- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb
  248. 0x000000007e301dd0 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\upnp.dll
  249. 0x000000007e30df20 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\msdmo.dll
  250. 0x000000007e30e4a0 2 1 ------ \Device\Afd\Endpoint
  251. 0x000000007e310230 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\P2PGraph.dll
  252. 0x000000007e310890 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\p2psvc.dll
  253. 0x000000007e311860 1 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\ieframe.dll.mui
  254. 0x000000007e311b10 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
  255. 0x000000007e3176d0 17 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\WinSATAPI.dll.mui
  256. 0x000000007e3178c0 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\ssdpsrv.dll
  257. 0x000000007e320140 1 1 ------ \Device\Afd\Endpoint
  258. 0x000000007e3205a0 6 0 R--r-d \Device\HarddiskVolume2\Program Files\Internet Explorer\ieproxy.dll
  259. 0x000000007e320b10 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  260. 0x000000007e3211e0 2 1 ------ \Device\Afd\Endpoint
  261. 0x000000007e3213e0 2 1 ------ \Device\Afd\Endpoint
  262. 0x000000007e323290 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\sccls.dll
  263. 0x000000007e323a90 6 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\winhttp.dll
  264. 0x000000007e324600 1 1 ------ \Device\Afd\Endpoint
  265. 0x000000007e324cc0 1 1 ------ \Device\Afd\Endpoint
  266. 0x000000007e326cc0 1 1 ------ \Device\Afd\Endpoint
  267. 0x000000007e327930 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
  268. 0x000000007e32cf20 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  269. 0x000000007e32d350 16 0 R--rwd \Device\HarddiskVolume2\Windows\System32\wbem\cimwin32.dll
  270. 0x000000007e32e290 2 1 ------ \Device\Afd\Endpoint
  271. 0x000000007e32ff20 1 1 RW-rw- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb
  272. 0x000000007e343f20 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\msxml3r.dll
  273. 0x000000007e347ca0 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wbem\wmiprov.dll
  274. 0x000000007e3487f0 14 0 R--rwd \Device\HarddiskVolume2\Windows\System32\SensorsCpl.dll
  275. 0x000000007e349420 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\odbcad32.exe
  276. 0x000000007e34bc00 15 0 R--rwd \Device\HarddiskVolume2\Windows\assembly\Desktop.ini
  277. 0x000000007e354c80 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wups.dll
  278. 0x000000007e355070 16 0 R--rwd \Device\HarddiskVolume2\Windows\Cursors\aero_nesw.cur
  279. 0x000000007e355d20 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\msxml3.dll
  280. 0x000000007e3599e0 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx
  281. 0x000000007e363100 1 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\FirewallAPI.dll.mui
  282. 0x000000007e3633c0 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\iscsicpl.exe
  283. 0x000000007e365f20 15 0 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini
  284. 0x000000007e36a070 17 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\urlmon.dll.mui
  285. 0x000000007e36aae0 12 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\propsys.dll
  286. 0x000000007e38bc90 3 0 RW-rwd \Device\HarddiskVolume2\$Directory
  287. 0x000000007e398b60 16 0 R--rw- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
  288. 0x000000007e398cb0 4 0 R--r-d \Device\HarddiskVolume2\Program Files\Internet Explorer\IEShims.dll
  289. 0x000000007e39a480 13 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\nlaapi.dll
  290. 0x000000007e3a0a70 1 1 R--rw- \Device\HarddiskVolume2\Windows
  291. 0x000000007e3a19e0 1 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\audiodg.exe.mui
  292. 0x000000007e3ab410 16 0 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini
  293. 0x000000007e3aff20 15 0 R--rwd \Device\HarddiskVolume2\Users\USER01\Pictures\desktop.ini
  294. 0x000000007e3bcf20 11 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\wkscli.dll
  295. 0x000000007e3ccb00 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\udhisapi.dll
  296. 0x000000007e3cf130 13 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\netprofm.dll
  297. 0x000000007e3d4070 5 0 R--r-- \Device\HarddiskVolume2\Windows\AppPatch\sysmain.sdb
  298. 0x000000007e3faa10 1 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\KernelBase.dll.mui
  299. 0x000000007e4117b0 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\localspl.dll
  300. 0x000000007e411f20 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\dwmredir.dll
  301. 0x000000007e413aa0 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\EhStorShell.dll
  302. 0x000000007e414340 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\d3d10_1.dll
  303. 0x000000007e414d50 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\spoolss.dll
  304. 0x000000007e4156e0 18 0 RW-rwd \Device\HarddiskVolume2\$Directory
  305. 0x000000007e417a30 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini
  306. 0x000000007e417d40 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\EhStorAPI.dll
  307. 0x000000007e418dd0 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  308. 0x000000007e4193e0 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\d3d10_1core.dll
  309. 0x000000007e419f20 8 0 R--r-d \Device\HarddiskVolume2\Windows\explorer.exe
  310. 0x000000007e41bdd0 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\dxgi.dll
  311. 0x000000007e41bf20 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\ExplorerFrame.dll
  312. 0x000000007e41c890 3 0 R--r-d \Device\HarddiskVolume2\Windows\System32\d3d11.dll
  313. 0x000000007e41d070 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\icaapi.dll
  314. 0x000000007e41e2a0 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
  315. 0x000000007e41e850 19 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx
  316. 0x000000007e4274d0 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.19061_none_2b299db671e86e03
  317. 0x000000007e42c370 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\msutb.dll
  318. 0x000000007e42cb40 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\PrintIsolationProxy.dll
  319. 0x000000007e42cf20 3 0 R--r-d \Device\HarddiskVolume2\Windows\System32\MsCtfMonitor.dll
  320. 0x000000007e42d580 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\tcpmon.dll
  321. 0x000000007e42e4f0 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\FXSMON.dll
  322. 0x000000007e42ef20 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\HotStartUserAgent.dll
  323. 0x000000007e42f660 1 1 RW---- \Device\HarddiskVolume2\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
  324. 0x000000007e430640 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\usbmon.dll
  325. 0x000000007e430970 1 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\KernelBase.dll.mui
  326. 0x000000007e432c80 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  327. 0x000000007e440dd0 1 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\KernelBase.dll.mui
  328. 0x000000007e443340 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
  329. 0x000000007e4438b0 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wsnmp32.dll
  330. 0x000000007e443b50 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\snmpapi.dll
  331. 0x000000007e444b10 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  332. 0x000000007e444f20 2 1 ------ \Device\Afd\Endpoint
  333. 0x000000007e446470 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\cscui.dll
  334. 0x000000007e449070 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\esent.dll
  335. 0x000000007e449530 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\inetpp.dll
  336. 0x000000007e44af20 12 0 R--rwd \Device\HarddiskVolume2\Windows\System32\sysclass.dll
  337. 0x000000007e44be80 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\IconCodecService.dll
  338. 0x000000007e44c8b0 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\fdPnp.dll
  339. 0x000000007e44d980 12 0 R--rwd \Device\HarddiskVolume2\Windows\System32\cmd.exe
  340. 0x000000007e457a30 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\cscdll.dll
  341. 0x000000007e457e60 2 1 R--rwd \Device\HarddiskVolume2\Users\Public\Desktop
  342. 0x000000007e45b760 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\cscapi.dll
  343. 0x000000007e45bf20 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  344. 0x000000007e45c3a0 8 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\dllhost.exe
  345. 0x000000007e45dcd0 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
  346. 0x000000007e463880 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wbem\wbemess.dll
  347. 0x000000007e467a40 16 0 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
  348. 0x000000007e468540 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wmi.dll
  349. 0x000000007e468ba0 14 0 R--rwd \Device\HarddiskVolume2\Windows\System32\comres.dll
  350. 0x000000007e469a10 2 1 ------ \Device\NamedPipe\srvsvc
  351. 0x000000007e46ba30 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\win32spl.dll
  352. 0x000000007e46bba0 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  353. 0x000000007e46cd10 5 0 R--rwd \Device\HarddiskVolume2\Windows\System32\fontext.dll
  354. 0x000000007e48a830 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk
  355. 0x000000007e48e630 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  356. 0x000000007e48fb30 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  357. 0x000000007e490f20 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  358. 0x000000007e491430 15 0 R--r-- \Device\HarddiskVolume2\Windows\winsxs\Manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest
  359. 0x000000007e491d80 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\timedate.cpl
  360. 0x000000007e492dd0 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  361. 0x000000007e49c070 1 1 R--r-d \Device\HarddiskVolume2\Windows\Fonts\StaticCache.dat
  362. 0x000000007e49c540 17 1 R--r-d \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_es-es_103af8cc43d0a688\comctl32.dll.mui
  363. 0x000000007e49cc80 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\themeui.dll
  364. 0x000000007e49cde0 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_es-es_103af8cc43d0a688
  365. 0x000000007e49d6a0 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\actxprxy.dll
  366. 0x000000007e49d7f0 33 1 -W-r-- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
  367. 0x000000007e49e490 18 0 RW-rwd \Device\HarddiskVolume2\$Directory
  368. 0x000000007e49e790 30 0 RW-rwd \Device\HarddiskVolume2\$Directory
  369. 0x000000007e4a0070 17 0 R--r-- \Device\HarddiskVolume2\Windows\System32\catroot2\edb.log
  370. 0x000000007e4a0e60 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk
  371. 0x000000007e4a2c10 13 0 R--r-- \Device\HarddiskVolume2\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
  372. 0x000000007e4a5070 14 0 R--rwd \Device\HarddiskVolume2\Windows\System32\regapi.dll
  373. 0x000000007e4a7b10 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  374. 0x000000007e4a9700 13 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\SensApi.dll
  375. 0x000000007e4ac570 1 1 RW---- \Device\HarddiskVolume2\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
  376. 0x000000007e4ad8d0 1 1 RW---- \Device\HarddiskVolume2\Windows\System32\catroot2\edb.log
  377. 0x000000007e4bfd50 2 1 ------ \Device\Afd\Endpoint
  378. 0x000000007e4c18c0 18 0 RW-rwd \Device\HarddiskVolume2\$Directory
  379. 0x000000007e4c1d40 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  380. 0x000000007e4c34e0 16 0 R--r-- \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Caches\{4E18B4FD-F87F-47FE-82F8-F10B2A9ED1C8}.2.ver0x0000000000000001.db
  381. 0x000000007e4c4f20 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\bthci.dll
  382. 0x000000007e4ccd00 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\KMSVC.DLL
  383. 0x000000007e4e4610 2 1 ------ \Device\Afd\Endpoint
  384. 0x000000007e4e4860 14 0 R--rwd \Device\HarddiskVolume2\Windows\System32\certprop.dll
  385. 0x000000007e4e4bf0 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
  386. 0x000000007e4e4f20 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Burn
  387. 0x000000007e4e6470 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  388. 0x000000007e4e65c0 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\shdocvw.dll
  389. 0x000000007e4e6a10 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
  390. 0x000000007e4e6d00 5 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\bcryptprimitives.dll
  391. 0x000000007e4e8bb0 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\fontsub.dll
  392. 0x000000007e4ea3f0 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\thumbcache.dll
  393. 0x000000007e4eadd0 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  394. 0x000000007e4eb2d0 16 0 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
  395. 0x000000007e4ebd00 17 0 RW-rwd \Device\HarddiskVolume2\$Directory
  396. 0x000000007e4ecf20 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  397. 0x000000007e4ed2c0 16 0 R--r-d \Device\HarddiskVolume2\Windows\WindowsShell.Manifest
  398. 0x000000007e4ed4a0 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  399. 0x000000007e4ed5f0 11 0 R--rwd \Device\HarddiskVolume2\Windows\System32\WindowsCodecsExt.dll
  400. 0x000000007e4ee070 16 0 R--rwd \Device\HarddiskVolume2\Windows\Cursors\aero_arrow.cur
  401. 0x000000007e4eed50 15 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
  402. 0x000000007e4efc00 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wbem\WmiPrvSD.dll
  403. 0x000000007e4eff20 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\ncobjapi.dll
  404. 0x000000007e4f07a0 17 0 RW-rwd \Device\HarddiskVolume2\$Directory
  405. 0x000000007e4f1b70 5 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\apphelp.dll
  406. 0x000000007e4f2cd0 15 0 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
  407. 0x000000007e4f39d0 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\Windows\Start Menu
  408. 0x000000007e4f3dd0 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\msls31.dll
  409. 0x000000007e4f3f20 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\msftedit.dll
  410. 0x000000007e4f5130 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\iscsicpl.dll
  411. 0x000000007e4f5a30 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\rascfg.dll
  412. 0x000000007e4ff1a0 13 0 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
  413. 0x000000007e500570 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk
  414. 0x000000007e500dc0 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\VaultCredProvider.dll
  415. 0x000000007e502f20 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\winbio.dll
  416. 0x000000007e5057d0 12 0 R--rwd \Device\HarddiskVolume2\Windows\System32\SensApi.dll
  417. 0x000000007e505920 5 0 R--rwd \Device\HarddiskVolume2\Windows\System32\PhotoMetadataHandler.dll
  418. 0x000000007e505a70 3 0 R--r-d \Device\HarddiskVolume2\Windows\System32\gameux.dll
  419. 0x000000007e506410 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\mprapi.dll
  420. 0x000000007e506f20 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\ndiscapCfg.dll
  421. 0x000000007e509280 16 0 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
  422. 0x000000007e509d10 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  423. 0x000000007e50ad10 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\tcpipcfg.dll
  424. 0x000000007e50baf0 16 0 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
  425. 0x000000007e50d730 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  426. 0x000000007e50d9a0 13 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\credssp.dll
  427. 0x000000007e50df20 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\Windows\Start Menu
  428. 0x000000007e50e2b0 6 0 R--r-d \Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
  429. 0x000000007e510620 3 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\SystemCertificates\My
  430. 0x000000007e510770 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  431. 0x000000007e514f20 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  432. 0x000000007e522790 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\WWanAPI.dll
  433. 0x000000007e5249d0 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\prnfldr.dll
  434. 0x000000007e52a4d0 15 0 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
  435. 0x000000007e52a8c0 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
  436. 0x000000007e52c950 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\netshell.dll
  437. 0x000000007e52d250 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  438. 0x000000007e531880 18 0 RW-rwd \Device\HarddiskVolume2\$Directory
  439. 0x000000007e531b30 16 0 R--rwd \Device\HarddiskVolume2\Windows\System32\Sens.dll
  440. 0x000000007e53b070 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\Windows\Libraries
  441. 0x000000007e53bf20 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\Windows\Libraries
  442. 0x000000007e53d290 15 0 R--rwd \Device\HarddiskVolume2\Users\Public\Music\desktop.ini
  443. 0x000000007e53f5f0 15 0 R--rwd \Device\HarddiskVolume2\Users\Public\Pictures\desktop.ini
  444. 0x000000007e540070 15 0 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
  445. 0x000000007e541c90 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\SearchFolder.dll
  446. 0x000000007e542ca0 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  447. 0x000000007e543a80 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\drprov.dll
  448. 0x000000007e544720 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\ntlanman.dll
  449. 0x000000007e5448b0 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\ActionCenter.dll
  450. 0x000000007e545650 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\davhlpr.dll
  451. 0x000000007e547700 11 0 R--rwd \Device\HarddiskVolume2\Windows\System32\QAGENTRT.DLL
  452. 0x000000007e547e90 2 1 ------ \Device\Afd\Endpoint
  453. 0x000000007e549f20 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wwapi.dll
  454. 0x000000007e54ad40 14 0 R--r-d \Device\HarddiskVolume2\Program Files\Windows Media Player\wmpnetwk.exe
  455. 0x000000007e54c8b0 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wsock32.dll
  456. 0x000000007e54dd00 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\davclnt.dll
  457. 0x000000007e556a80 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  458. 0x000000007e558a30 2 1 R--rwd \Device\CdRom0\
  459. 0x000000007e5598c0 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  460. 0x000000007e55b7c0 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wbem\NCProv.dll
  461. 0x000000007e55cc70 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\Desktop
  462. 0x000000007e569070 1 1 ------ \Device\NamedPipe\MsFteWds
  463. 0x000000007e5692f0 1 1 RW-rw- \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\DRM\drmstore.hds
  464. 0x000000007e5698c0 7 0 R--rwd \Device\HarddiskVolume2\Windows\Fonts\arialbd.ttf
  465. 0x000000007e56c3f0 11 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\mscoree.dll
  466. 0x000000007e56cc70 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  467. 0x000000007e56cf20 10 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\cryptsp.dll
  468. 0x000000007e56d2a0 8 0 R--rwd \Device\HarddiskVolume2\Windows\System32\cdd.dll
  469. 0x000000007e56d3f0 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  470. 0x000000007e56d540 5 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\msi.dll
  471. 0x000000007e56da20 18 1 RW-rw- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000
  472. 0x000000007e571ba0 17 0 RW-rw- \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\DRM\drmstore.hds
  473. 0x000000007e571dd0 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  474. 0x000000007e57d280 1 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\KernelBase.dll.mui
  475. 0x000000007e586aa0 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\mssrch.dll
  476. 0x000000007e586d40 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\rasdlg.dll
  477. 0x000000007e58c070 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\netman.dll
  478. 0x000000007e5a28e0 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\srchadmin.dll
  479. 0x000000007e5d65b0 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\stobject.dll
  480. 0x000000007e5d6bb0 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\drmv2clt.dll
  481. 0x000000007e5d9070 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\sppc.dll
  482. 0x000000007e5dadd0 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\tquery.dll
  483. 0x000000007e5dc070 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  484. 0x000000007e5dc1e0 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\zipfldr.dll
  485. 0x000000007e5dc3f0 10 0 R--rwd \Device\HarddiskVolume2\Windows\System32\certcli.dll
  486. 0x000000007e5dd2f0 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
  487. 0x000000007e5dd440 1 1 ------ \Device\NamedPipe\srvsvc
  488. 0x000000007e5e5220 3 0 R--r-d \Device\HarddiskVolume2\Windows\System32\DXP.dll
  489. 0x000000007e5e5370 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\WER\ReportArchive
  490. 0x000000007e5e5f20 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk
  491. 0x000000007e5ec5f0 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\AltTab.dll
  492. 0x000000007e5ec880 2 1 ------ \Device\Afd\Endpoint
  493. 0x000000007e5ed9d0 11 0 R--r-d \Device\HarddiskVolume2\Windows\ehome\ehSSO.dll
  494. 0x000000007e5f4d20 3 1 ------ \Device\Afd\Endpoint
  495. 0x000000007e5fb070 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\wuapp.exe
  496. 0x000000007e5fb1d0 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
  497. 0x000000007e5fb890 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  498. 0x000000007e5fbc80 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  499. 0x000000007e5fbdd0 16 0 R--r-- \Device\HarddiskVolume2\Windows\System32\rundll32.exe
  500. 0x000000007e5fbf20 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
  501. 0x000000007e5ff6a0 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  502. 0x000000007e601590 3 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
  503. 0x000000007e6024f0 10 0 R--rwd \Device\HarddiskVolume2\Windows\System32\mycomput.dll
  504. 0x000000007e6027a0 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\provsvc.dll
  505. 0x000000007e603070 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
  506. 0x000000007e603840 18 0 RW-rwd \Device\HarddiskVolume2\$Directory
  507. 0x000000007e605b30 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\msconfig.exe
  508. 0x000000007e605d00 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk
  509. 0x000000007e607f20 16 0 R--rwd \Device\HarddiskVolume2\Windows\System32\wscui.cpl
  510. 0x000000007e60d6a0 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\synceng.dll
  511. 0x000000007e60d930 2 1 R--rwd \Device\HarddiskVolume2\$Extend\$ObjId
  512. 0x000000007e60e670 1 1 R--rw- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.ci
  513. 0x000000007e60f070 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk
  514. 0x000000007e60f3f0 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\winhttp.dll
  515. 0x000000007e610860 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\sysmain.dll
  516. 0x000000007e61cc50 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\msidle.dll
  517. 0x000000007e61df20 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\wbem\Repository\MAPPING2.MAP
  518. 0x000000007e61e6b0 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\trkwks.dll
  519. 0x000000007e61ea20 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\KernelBase.dll.mui
  520. 0x000000007e61f410 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\taskhost.exe
  521. 0x000000007e61fdd0 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\iphlpsvc.dll
  522. 0x000000007e624070 19 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx
  523. 0x000000007e628720 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\msxml6r.dll
  524. 0x000000007e62a9f0 14 0 R--rwd \Device\HarddiskVolume2\Windows\System32\imgutil.dll
  525. 0x000000007e62ab40 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\wbem\Repository\MAPPING3.MAP
  526. 0x000000007e62b660 16 0 R--rwd \Device\HarddiskVolume2\Windows\Web\Wallpaper\Nature\Desktop.ini
  527. 0x000000007e62e070 15 0 R--rwd \Device\HarddiskVolume2\Users\Public\Desktop\desktop.ini
  528. 0x000000007e6307f0 3 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
  529. 0x000000007e6326c0 14 0 R--rwd \Device\HarddiskVolume2\Windows\System32\AuthFWGP.dll
  530. 0x000000007e632f20 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx
  531. 0x000000007e633970 20 1 RWDr-- \Device\HarddiskVolume2\System Volume Information\tracking.log
  532. 0x000000007e6354d0 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  533. 0x000000007e636070 3 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\rsaenh.dll
  534. 0x000000007e6372d0 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\msi.dll
  535. 0x000000007e6383d0 17 0 RW-rwd \Device\HarddiskVolume2\$Directory
  536. 0x000000007e639a10 12 0 R--rwd \Device\HarddiskVolume2\Windows\System32\wshext.dll
  537. 0x000000007e63af20 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  538. 0x000000007e63b610 16 0 R--rwd \Device\HarddiskVolume2\Windows\System32\vmictimeprovider.dll
  539. 0x000000007e63c410 1 1 ------ \Device\NamedPipe\trkwks
  540. 0x000000007e63c560 2 1 ------ \Device\NamedPipe\trkwks
  541. 0x000000007e63c800 1 1 ------ \Device\NamedPipe\trkwks
  542. 0x000000007e63de60 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\twext.dll
  543. 0x000000007e63e9f0 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Inventory.evtx
  544. 0x000000007e63eb40 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
  545. 0x000000007e6402a0 12 0 R--rwd \Device\HarddiskVolume2\Windows\System32\scrrun.dll
  546. 0x000000007e640830 16 0 R--rwd \Device\HarddiskVolume2\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
  547. 0x000000007e6414d0 3 1 R--rwd \Device\HarddiskVolume2\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My
  548. 0x000000007e6419b0 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\SearchIndexer.exe
  549. 0x000000007e6421d0 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\Windows\Network Shortcuts
  550. 0x000000007e644400 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\NapiNSP.dll
  551. 0x000000007e647f20 13 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\wbem\Repository\INDEX.BTR
  552. 0x000000007e64a740 1 1 RW---- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
  553. 0x000000007e64d650 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\browser.dll
  554. 0x000000007e64f8c0 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx
  555. 0x000000007e650940 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\httpapi.dll
  556. 0x000000007e651a70 16 0 RW-rw- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.ci
  557. 0x000000007e6533f0 13 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\msimtf.dll
  558. 0x000000007e653910 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Troubleshooter.evtx
  559. 0x000000007e653d10 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Problem-Steps-Recorder.evtx
  560. 0x000000007e65e5c0 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\syncui.dll
  561. 0x000000007e661670 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\d3d10.dll
  562. 0x000000007e661c70 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\ssdpapi.dll
  563. 0x000000007e6645a0 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wdscore.dll
  564. 0x000000007e664850 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
  565. 0x000000007e664e20 12 0 R--rwd \Device\HarddiskVolume2\Windows\System32\drvinst.exe
  566. 0x000000007e668460 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\fveui.dll
  567. 0x000000007e669db0 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wbem\wbemcore.dll
  568. 0x000000007e66ba60 14 0 R--rwd \Device\HarddiskVolume2\Windows\System32\comsvcs.dll
  569. 0x000000007e66bf20 1 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\KernelBase.dll.mui
  570. 0x000000007e66e520 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\dispci.dll
  571. 0x000000007e66f320 15 0 R--r-- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
  572. 0x000000007e66ff20 10 0 R--rwd \Device\HarddiskVolume2\Windows\System32\odbc32.dll
  573. 0x000000007e670070 2 1 ------ \Device\Afd\Endpoint
  574. 0x000000007e670740 2 1 ------ \Device\Afd\Endpoint
  575. 0x000000007e672070 9 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\ntmarta.dll
  576. 0x000000007e673860 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\oleacc.dll
  577. 0x000000007e673f20 16 0 R--rwd \Device\HarddiskVolume2\Windows\Cursors\aero_move.cur
  578. 0x000000007e6759c0 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  579. 0x000000007e6779f0 16 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\PerfCenterCpl.ico
  580. 0x000000007e6797c0 2 1 ------ \Device\NamedPipe\PIPE_EVENTROOT\CIMV2SCM EVENT PROVIDER
  581. 0x000000007e67a250 18 1 RW---- \Device\HarddiskVolume2\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  582. 0x000000007e67c270 8 0 R--rwd \Device\HarddiskVolume2\Windows\System32\credui.dll
  583. 0x000000007e6863d0 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
  584. 0x000000007e686d10 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  585. 0x000000007e6896e0 16 0 R--rwd \Device\HarddiskVolume2\Windows\Cursors\aero_ew.cur
  586. 0x000000007e68a070 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\msxml6.dll
  587. 0x000000007e68a3e0 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\vsstrace.dll
  588. 0x000000007e68a530 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\srvsvc.dll
  589. 0x000000007e68c910 15 0 R--rwd \Device\HarddiskVolume2\Users\USER01\Links\desktop.ini
  590. 0x000000007e68ec70 1 1 RW-r-d \Device\HarddiskVolume2\Windows\System32\LogFiles\SQM\SQMLogger.etl.003
  591. 0x000000007e68f6f0 1 1 RW-rwd \Device\clfs\Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\UsrClass.dat{52c3b903-83fa-11e6-9fa7-080027a90394}.TM
  592. 0x000000007e68f9b0 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx
  593. 0x000000007e6958f0 1 1 ------ \Device\NamedPipe\lsass
  594. 0x000000007e6969d0 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
  595. 0x000000007e697720 1 1 RW---- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\UsrClass.dat
  596. 0x000000007e697b20 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wbem\WinMgmtR.dll
  597. 0x000000007e698070 5 0 R--rwd \Device\HarddiskVolume2\Windows\System32\wow64cpu.dll
  598. 0x000000007e6987f0 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
  599. 0x000000007e69b930 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wbem\esscli.dll
  600. 0x000000007e69e830 16 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\l_intl.nls
  601. 0x000000007e6a2980 16 0 R--rwd \Device\HarddiskVolume2\Windows\Fonts\sserife.fon
  602. 0x000000007e6a5070 3 0 R--rwd \Device\HarddiskVolume2\Windows\System32\PeerDistSvc.dll
  603. 0x000000007e6a5840 19 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx
  604. 0x000000007e6bd1d0 1 1 ------ \Device\NamedPipe\wkssvc
  605. 0x000000007e6bdb10 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\resutils.dll
  606. 0x000000007e6bec50 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk
  607. 0x000000007e6c2700 14 0 R--rwd \Device\HarddiskVolume2\Windows\System32\sdcpl.dll
  608. 0x000000007e6c3340 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\clusapi.dll
  609. 0x000000007e6c5bd0 4 0 RW-rwd \Device\HarddiskVolume2\$Directory
  610. 0x000000007e6c6df0 2 1 ------ \Device\NamedPipe\
  611. 0x000000007e6cc220 17 0 RW-rwd \Device\HarddiskVolume2\$Directory
  612. 0x000000007e6cc370 16 0 R--rw- \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Caches\cversions.2.db
  613. 0x000000007e6cf5f0 9 0 R--r-- \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db
  614. 0x000000007e6d0d10 18 0 RW-rwd \Device\HarddiskVolume2\$Directory
  615. 0x000000007e6d2dd0 2 1 ------ \Device\NamedPipe\
  616. 0x000000007e6d2f20 6 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\dwmapi.dll
  617. 0x000000007e6d8bf0 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
  618. 0x000000007e6daf20 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\hnetcfg.dll
  619. 0x000000007e6dba80 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wbem\wmiutils.dll
  620. 0x000000007e6de210 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\accessibilitycpl.dll
  621. 0x000000007e6de360 16 0 R--r-- \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db
  622. 0x000000007e6de4b0 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\netprofm.dll
  623. 0x000000007e6de8c0 15 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\pngfilt.dll
  624. 0x000000007e6dea10 12 0 R--rwd \Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
  625. 0x000000007e6df070 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wer.dll
  626. 0x000000007e6df280 2 1 ------ \Device\NamedPipe\srvsvc
  627. 0x000000007e6e2bd0 2 1 ------ \Device\Afd\Endpoint
  628. 0x000000007e6e4070 1 1 ------ \Device\NamedPipe\srvsvc
  629. 0x000000007e6e45c0 2 1 ------ \Device\Afd\Endpoint
  630. 0x000000007e6e7360 1 1 ------ \Device\NamedPipe\
  631. 0x000000007e6e77c0 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  632. 0x000000007e6e88c0 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wmpps.dll
  633. 0x000000007e6f2100 2 1 ------ \Device\Afd\Endpoint
  634. 0x000000007e6f2410 2 1 ------ \Device\Afd\Endpoint
  635. 0x000000007e6f2690 1 0 RW-rwd \Device\HarddiskVolume2\$PrepareToShrinkFileSize
  636. 0x000000007e6f2a10 2 1 ------ \Device\NamedPipe\Winsock2\CatalogChangeListener-1e8-0
  637. 0x000000007e6f2c80 2 1 ------ \Device\Afd\Endpoint
  638. 0x000000007e6f3300 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wbem\repdrvfs.dll
  639. 0x000000007e6f34b0 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wdi.dll
  640. 0x000000007e6f5230 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\npmproxy.dll
  641. 0x000000007e6f5dd0 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wpdbusenum.dll
  642. 0x000000007e6f64c0 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\diagperf.dll
  643. 0x000000007e6fb5a0 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\perftrack.dll
  644. 0x000000007e6fbba0 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\aelupsvc.dll
  645. 0x000000007e6fc9e0 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\PortableDeviceApi.dll
  646. 0x000000007e6fd5e0 7 0 R--rwd \Device\HarddiskVolume2\Windows\Fonts\times.ttf
  647. 0x000000007e7007d0 12 0 R--rwd \Device\HarddiskVolume2\Windows\System32\userinit.exe
  648. 0x000000007e7019f0 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\rasadhlp.dll
  649. 0x000000007e702050 1 1 RW---- \Device\HarddiskVolume2\System Volume Information\Syscache.hve.LOG1
  650. 0x000000007e703ac0 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\nci.dll
  651. 0x000000007e706070 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\PortableDeviceConnectApi.dll
  652. 0x000000007e707670 1 1 RW---- \Device\HarddiskVolume2\System Volume Information\Syscache.hve.LOG2
  653. 0x000000007e708220 1 1 RW---- \Device\HarddiskVolume2\System Volume Information\Syscache.hve
  654. 0x000000007e70bf20 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\diskcopy.dll
  655. 0x000000007e716c80 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\pnpts.dll
  656. 0x000000007e718710 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk
  657. 0x000000007e718a80 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Credentials
  658. 0x000000007e7194c0 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\winrnr.dll
  659. 0x000000007e719b80 8 0 R--rwd \Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
  660. 0x000000007e71a100 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\Apphlpdm.dll
  661. 0x000000007e71da60 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
  662. 0x000000007e71dbb0 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx
  663. 0x000000007e721590 2 1 ------ \Device\Afd\Endpoint
  664. 0x000000007e722590 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\pots.dll
  665. 0x000000007e723d40 10 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\mswsock.dll
  666. 0x000000007e726ac0 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wdiasqmmodule.dll
  667. 0x000000007e728760 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  668. 0x000000007e728af0 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk
  669. 0x000000007e729980 9 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx
  670. 0x000000007e72adf0 18 0 RW-rwd \Device\HarddiskVolume2\$Directory
  671. 0x000000007e72c5e0 16 0 R--rwd \Device\HarddiskVolume2\Windows\System32\timedate.cpl
  672. 0x000000007e72e310 11 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
  673. 0x000000007e72e630 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk
  674. 0x000000007e72fde0 16 0 R--rwd \Device\HarddiskVolume2\Windows\explorer.exe
  675. 0x000000007e730720 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\sti_ci.dll
  676. 0x000000007e7359c0 1 1 ------ \Device\Afd\Endpoint
  677. 0x000000007e737070 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\d3d8thk.dll
  678. 0x000000007e73af20 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\mpr.dll
  679. 0x000000007e73b200 2 1 RW-r-- \Device\HarddiskVolume2\Users\USER01\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
  680. 0x000000007e73ba00 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\PortableDeviceTypes.dll
  681. 0x000000007e73dda0 2 1 RW-rw- \Device\clfs\Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\UsrClass.dat{52c3b903-83fa-11e6-9fa7-080027a90394}.TM
  682. 0x000000007e73e070 1 1 RW---- \Device\HarddiskVolume2\Users\USER01\NTUSER.DAT
  683. 0x000000007e73f390 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  684. 0x000000007e741ca0 12 0 R--rwd \Device\HarddiskVolume2\Windows\System32\pautoenr.dll
  685. 0x000000007e744f20 10 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\wevtapi.dll
  686. 0x000000007e752220 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\FXSSVC.exe
  687. 0x000000007e75f1f0 17 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx
  688. 0x000000007e763d00 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
  689. 0x000000007e765f20 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\umb.dll
  690. 0x000000007e7672a0 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\dimsjob.dll
  691. 0x000000007e769340 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk
  692. 0x000000007e76e070 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\SessEnv.dll
  693. 0x000000007e774070 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
  694. 0x000000007e774290 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\wow64.dll
  695. 0x000000007e774b10 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\eappcfg.dll
  696. 0x000000007e775790 16 1 RW-rw- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid
  697. 0x000000007e776bc0 17 0 RW-rwd \Device\HarddiskVolume2\$Directory
  698. 0x000000007e779ce0 1 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\KernelBase.dll.mui
  699. 0x000000007e782dd0 12 0 R--rwd \Device\HarddiskVolume2\Windows\System32\rundll32.exe
  700. 0x000000007e7833b0 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx
  701. 0x000000007e783980 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\pnrpnsp.dll
  702. 0x000000007e785590 12 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\wtsapi32.dll
  703. 0x000000007e78dc70 1 1 RW---- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2
  704. 0x000000007e78e1f0 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  705. 0x000000007e78e480 7 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\d3d9.dll
  706. 0x000000007e794070 16 0 R--rwd \Device\HarddiskVolume2\Windows\Resources\Ease of Access Themes\hcblack.theme
  707. 0x000000007e794650 16 0 R--rwd \Device\HarddiskVolume2\Windows\Resources\Ease of Access Themes\hcwhite.theme
  708. 0x000000007e794d10 14 0 R--rwd \Device\HarddiskVolume2\Windows\System32\DHCPQEC.DLL
  709. 0x000000007e796430 14 0 R--rwd \Device\HarddiskVolume2\Windows\System32\spp.dll
  710. 0x000000007e796f20 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\WSDMon.dll
  711. 0x000000007e799070 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\mssitlb.dll
  712. 0x000000007e79c5c0 2 1 ------ \Device\Afd\Endpoint
  713. 0x000000007e79d6c0 7 1 RW-r-d \Device\HarddiskVolume2\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-System.dat
  714. 0x000000007e7af140 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
  715. 0x000000007e7b04d0 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  716. 0x000000007e7b0dd0 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\PlaySndSrv.dll
  717. 0x000000007e7b1dd0 33 1 RW-rw- \Device\HarddiskVolume2\Windows\WindowsUpdate.log
  718. 0x000000007e7b4f20 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  719. 0x000000007e7b68a0 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\dwmcore.dll
  720. 0x000000007e7b6a00 14 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\iedkcs32.dll
  721. 0x000000007e7b6b50 14 0 R--rwd \Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
  722. 0x000000007e7c05e0 15 0 R--rwd \Device\HarddiskVolume2\Users\Public\desktop.ini
  723. 0x000000007e7c1f20 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  724. 0x000000007e7c8ba0 14 0 R--rwd \Device\HarddiskVolume2\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  725. 0x000000007e7cb070 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\dwm.exe
  726. 0x000000007e7cf320 2 1 ------ \Device\NamedPipe\browser
  727. 0x000000007e7d5070 2 1 RW-r-- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\UsrClass.dat{52c3b903-83fa-11e6-9fa7-080027a90394}.TMContainer00000000000000000001.regtrans-ms
  728. 0x000000007e7d6070 2 1 RW-r-- \Device\HarddiskVolume2\Users\USER01\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
  729. 0x000000007e7d61c0 2 1 RW-r-- \Device\HarddiskVolume2\Users\USER01\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
  730. 0x000000007e7dd880 15 0 R--rwd \Device\HarddiskVolume2\Windows\win.ini
  731. 0x000000007e7deb60 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\ntshrui.dll
  732. 0x000000007e7df070 11 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\version.dll
  733. 0x000000007e7df7c0 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
  734. 0x000000007e7e0070 1 1 RW---- \Device\HarddiskVolume2\Users\USER01\ntuser.dat.LOG1
  735. 0x000000007e7eadd0 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\wpd_ci.dll
  736. 0x000000007e7eaf20 16 1 RW-rw- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wsb
  737. 0x000000007e7eb7f0 1 1 ------ \Device\NamedPipe\browser
  738. 0x000000007e7f1730 14 0 R--rwd \Device\HarddiskVolume2\Windows\System32\KBDUS.DLL
  739. 0x000000007e7f1bb0 19 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx
  740. 0x000000007e7f29f0 1 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\FirewallAPI.dll.mui
  741. 0x000000007e7fa160 2 1 RW-rw- \Device\clfs\Device\HarddiskVolume2\Users\USER01\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM
  742. 0x000000007e7fbf20 1 1 RW-rwd \Device\clfs\Device\HarddiskVolume2\Users\USER01\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM
  743. 0x000000007e808070 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  744. 0x000000007e80b540 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\shacct.dll
  745. 0x000000007e80c370 12 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\shdocvw.dll
  746. 0x000000007e80d2b0 2 1 ------ \Device\Afd\Endpoint
  747. 0x000000007e80d820 3 0 R--r-d \Device\HarddiskVolume2\Windows\System32\FntCache.dll
  748. 0x000000007e80e8e0 22 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\System.evtx
  749. 0x000000007e810f20 2 1 ------ \Device\NamedPipe\Winsock2\CatalogChangeListener-324-0
  750. 0x000000007e8127e0 17 1 RW-rw- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
  751. 0x000000007e813070 2 1 ------ \Device\Afd\Endpoint
  752. 0x000000007e813a20 2 1 ------ \Device\Afd\Endpoint
  753. 0x000000007e813b70 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\samlib.dll
  754. 0x000000007e813dd0 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\mmcss.dll
  755. 0x000000007e814d80 2 1 ------ \Device\Afd\Endpoint
  756. 0x000000007e816810 1 1 -W---- \Device\HarddiskVolume2\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
  757. 0x000000007e817210 1 1 -W---- \Device\HarddiskVolume2\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
  758. 0x000000007e817490 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\avrt.dll
  759. 0x000000007e817b80 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
  760. 0x000000007e819b50 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\upnp.dll
  761. 0x000000007e81b940 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\propsys.dll
  762. 0x000000007e81be60 28 0 RW-rwd \Device\HarddiskVolume2\$Directory
  763. 0x000000007e825620 10 1 RW-r-d \Device\HarddiskVolume2\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-FontFace.dat
  764. 0x000000007e826b40 3 1 R--rwd \Device\HarddiskVolume2\Windows\Fonts
  765. 0x000000007e828050 1 0 RW-rwd \Device\HarddiskVolume2\$PrepareToShrinkFileSize
  766. 0x000000007e8285c0 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\winmm.dll
  767. 0x000000007e828aa0 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Media Center.evtx
  768. 0x000000007e82b490 4 0 R--rwd \Device\HarddiskVolume2\Windows\Fonts\msgothic.ttc
  769. 0x000000007e82c1d0 23 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Security.evtx
  770. 0x000000007e82d230 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Key Management Service.evtx
  771. 0x000000007e82d3e0 1 0 RW-rwd \Device\HarddiskVolume2\$PrepareToShrinkFileSize
  772. 0x000000007e82db00 10 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\mlang.dll
  773. 0x000000007e8304b0 1 1 R--rwd \Device\HarddiskVolume2\Windows\System32
  774. 0x000000007e830a20 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
  775. 0x000000007e831310 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Setup.evtx
  776. 0x000000007e831dc0 11 0 R--rwd \Device\HarddiskVolume2\Windows\System32\d3d10level9.dll
  777. 0x000000007e8322b0 1 1 ------ \Device\00000049\eheadphonetopo
  778. 0x000000007e832d60 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\HardwareEvents.evtx
  779. 0x000000007e834070 16 0 R--rwd \Device\HarddiskVolume2\Windows\Resources\Ease of Access Themes\hc2.theme
  780. 0x000000007e8346d0 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Internet Explorer.evtx
  781. 0x000000007e836780 7 0 R--r-d \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.19061_none_2b299db671e86e03\GdiPlus.dll
  782. 0x000000007e836f20 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\appinfo.dll
  783. 0x000000007e837b00 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\mstask.dll
  784. 0x000000007e838720 19 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx
  785. 0x000000007e8389d0 1 1 ------ \Device\00000049\espeakertopo
  786. 0x000000007e838dd0 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  787. 0x000000007e838f20 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx
  788. 0x000000007e83b4a0 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  789. 0x000000007e83c230 1 1 ------ \Device\00000049\espeakerwave
  790. 0x000000007e83d280 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\cscsvc.dll
  791. 0x000000007e83d7d0 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\audiodg.exe
  792. 0x000000007e83f610 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
  793. 0x000000007e840770 2 1 R--rwd \Device\HarddiskVolume2\
  794. 0x000000007e8408c0 6 0 R--r-- \Device\HarddiskVolume2\Windows\System32\sppwinob.dll
  795. 0x000000007e840a10 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\dui70.dll
  796. 0x000000007e841cb0 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wscsvc.dll
  797. 0x000000007e842250 1 1 ------ \Device\00000049\emicintopo
  798. 0x000000007e8429b0 12 0 R--rwd \Device\HarddiskVolume2\Windows\System32\msimtf.dll
  799. 0x000000007e842f20 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\audiodg.exe.mui
  800. 0x000000007e843590 1 1 ------ \Device\00000049\espeakertopo
  801. 0x000000007e848160 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  802. 0x000000007e84a690 1 1 ------ \Device\00000049\emicinwave
  803. 0x000000007e84b5f0 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx
  804. 0x000000007e855b10 1 1 ------ \Device\00000049\ecdinwave
  805. 0x000000007e859b90 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  806. 0x000000007e85a690 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\imageres.dll
  807. 0x000000007e85ad40 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  808. 0x000000007e866440 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\es.dll
  809. 0x000000007e867640 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\profsvc.dll
  810. 0x000000007e867790 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\gpsvc.dll
  811. 0x000000007e868070 14 0 R--r-- \Device\HarddiskVolume2\Windows\AppPatch\AppPatch64\sysmain.sdb
  812. 0x000000007e868700 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\nlaapi.dll
  813. 0x000000007e86af20 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\atl.dll
  814. 0x000000007e86df20 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\ksuser.dll
  815. 0x000000007e86f070 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\bitsperf.dll
  816. 0x000000007e86f320 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  817. 0x000000007e86ff20 19 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx
  818. 0x000000007e870890 19 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx
  819. 0x000000007e872b90 6 0 R--r-d \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
  820. 0x000000007e872f20 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
  821. 0x000000007e8743f0 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  822. 0x000000007e875660 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\PeerDist.dll
  823. 0x000000007e877870 4 0 RW-rwd \Device\HarddiskVolume2\$Directory
  824. 0x000000007e8779c0 1 1 R--rw- \Device\HarddiskVolume2\Windows\CSC\v2.0.6
  825. 0x000000007e877ea0 1 1 R--rw- \Device\HarddiskVolume2\Windows\CSC
  826. 0x000000007e878070 4 0 RW-rwd \Device\HarddiskVolume2\$MapAttributeValue
  827. 0x000000007e8782e0 3 1 R--rwd \Device\Mup\.\.
  828. 0x000000007e878430 1 1 R--rw- \Device\HarddiskVolume2\Windows\CSC\v2.0.6\namespace
  829. 0x000000007e878a90 1 1 R--rwd \Device\HarddiskVolume2?
  830. 0x000000007e879960 1 1 R--rwd \Device\HarddiskVolume2?
  831. 0x000000007e87d3b0 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\sppsvc.exe
  832. 0x000000007e87d960 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\tzres.dll
  833. 0x000000007e87e2f0 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\dsrole.dll
  834. 0x000000007e87e440 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\duser.dll
  835. 0x000000007e87e590 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\taskschd.dll
  836. 0x000000007e87f070 1 1 RW-rwd \Device\HarddiskVolume2\Windows\CSC\v2.0.6\temp
  837. 0x000000007e87fa10 4 1 RW-rwd \Device\HarddiskVolume2\Windows\CSC\v2.0.6\pq
  838. 0x000000007e881070 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  839. 0x000000007e883880 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\ELSCore.dll
  840. 0x000000007e883d10 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
  841. 0x000000007e884f20 16 0 R--rwd \Device\HarddiskVolume2\Windows\System32\desk.cpl
  842. 0x000000007e8869d0 6 0 R--r-d \Device\HarddiskVolume2\Users\USER01\Desktop\RamCapturer64\RamCapture64.exe
  843. 0x000000007e8883f0 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\hid.dll
  844. 0x000000007e888d10 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\SndVolSSO.dll
  845. 0x000000007e889ca0 1 1 R--rw- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
  846. 0x000000007e88b540 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\slc.dll
  847. 0x000000007e88bdd0 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\themeservice.dll
  848. 0x000000007e88e170 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  849. 0x000000007e8978d0 12 0 R--rwd \Device\HarddiskVolume2\Windows\System32\vaultcli.dll
  850. 0x000000007e897cd0 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\Query.dll
  851. 0x000000007e8985a0 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\hcproviders.dll
  852. 0x000000007e898d60 16 0 R--rwd \Device\HarddiskVolume2\Windows\Cursors\aero_up.cur
  853. 0x000000007e899360 19 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-OfflineFiles%4Operational.evtx
  854. 0x000000007e899dd0 2 1 ------ \Device\Afd\Endpoint
  855. 0x000000007e899f20 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\Sens.dll
  856. 0x000000007e89cf20 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  857. 0x000000007e89f580 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
  858. 0x000000007e89f6d0 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\uxsms.dll
  859. 0x000000007e89fea0 19 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-BranchCacheSMB%4Operational.evtx
  860. 0x000000007e8a03b0 32 0 RW-rwd \Device\HarddiskVolume2\$Directory
  861. 0x000000007e8a0de0 11 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\winmm.dll
  862. 0x000000007e8a1770 8 0 R--rwd \Device\HarddiskVolume2\Windows\System32\wermgr.exe
  863. 0x000000007e8a1f20 4 0 R--rwd \Device\HarddiskVolume2\Windows\System32\wucltux.dll
  864. 0x000000007e8a2670 16 0 R--rwd \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
  865. 0x000000007e8a3650 12 0 R--rwd \Device\HarddiskVolume2\Windows\System32\IDStore.dll
  866. 0x000000007e8a77b0 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\lmhsvc.dll
  867. 0x000000007e8a7910 10 0 R--rwd \Device\HarddiskVolume2\Windows\System32\aclui.dll
  868. 0x000000007e8a8730 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\xmllite.dll
  869. 0x000000007e8a97c0 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\nsisvc.dll
  870. 0x000000007e8aa970 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx
  871. 0x000000007e8ab7a0 16 0 RW-r-- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.dir
  872. 0x000000007e8acf20 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\nrpsrv.dll
  873. 0x000000007e8ad980 13 0 R--rwd \Device\HarddiskVolume2\Windows\Fonts\gulim.ttc
  874. 0x000000007e8af070 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\dhcpcore.dll
  875. 0x000000007e8b2070 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\eapphost.dll
  876. 0x000000007e8b9490 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\dhcpcore6.dll
  877. 0x000000007e8c2580 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
  878. 0x000000007e8c26d0 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\dnsrslvr.dll
  879. 0x000000007e8c3410 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\FWPUCLNT.DLL
  880. 0x000000007e8c9c40 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
  881. 0x000000007e8cb810 3 0 R--r-d \Device\HarddiskVolume2\Windows\System32\midimap.dll
  882. 0x000000007e8d2cf0 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\msacm32.dll
  883. 0x000000007e8d3980 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx
  884. 0x000000007e8d3d40 3 0 R--r-d \Device\HarddiskVolume2\Windows\System32\msacm32.drv
  885. 0x000000007e8d4290 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\dnsext.dll
  886. 0x000000007e8d5f20 3 1 R--rwd \Device\HarddiskVolume2\Windows\System32\drivers\etc
  887. 0x000000007e8dc350 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  888. 0x000000007e8ddda0 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\shsvcs.dll
  889. 0x000000007e8e0710 1 1 ------ \Device\Afd\Endpoint
  890. 0x000000007e8e1070 6 0 R--rwd \Device\HarddiskVolume2\Windows\System32\loadperf.dll
  891. 0x000000007e8e7cc0 15 0 R--rwd \Device\HarddiskVolume2\Users\desktop.ini
  892. 0x000000007e8ec7b0 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\AudioEng.dll
  893. 0x000000007e8ed2c0 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\ktmw32.dll
  894. 0x000000007e8ed550 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\netapi32.dll
  895. 0x000000007e8ed880 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\schedsvc.dll
  896. 0x000000007e8ee8e0 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\Windows\Network Shortcuts
  897. 0x000000007e8ef710 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\WindowsCodecs.dll
  898. 0x000000007e8fa230 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wkscli.dll
  899. 0x000000007e8fb070 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\AUDIOKSE.dll
  900. 0x000000007e8fb8a0 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\netutils.dll
  901. 0x000000007e8fc3c0 14 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\WindowsCodecs.dll
  902. 0x000000007e8fe070 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\WMALFXGFXDSP.dll
  903. 0x000000007e9004b0 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\tbs.dll
  904. 0x000000007e900820 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\fveapi.dll
  905. 0x000000007e901400 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wiarpc.dll
  906. 0x000000007e9016d0 4 0 R--r-d \Device\HarddiskVolume2\Program Files\Internet Explorer\iexplore.exe
  907. 0x000000007e902f20 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\fvecerts.dll
  908. 0x000000007e9035c0 16 0 R--rwd \Device\HarddiskVolume2\Windows\Cursors\aero_pen.cur
  909. 0x000000007e906f20 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  910. 0x000000007e908480 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\taskcomp.dll
  911. 0x000000007e909540 2 1 ------ \Device\Afd\Endpoint
  912. 0x000000007e909af0 18 1 RW-r-- \Device\HarddiskVolume2\Windows\Tasks\SCHEDLGU.TXT
  913. 0x000000007e909d40 1 1 ------ \Device\NamedPipe\atsvc
  914. 0x000000007e90a890 2 1 ------ \Device\NamedPipe\Winsock2\CatalogChangeListener-380-0
  915. 0x000000007e90af20 2 1 ------ \Device\Afd\Endpoint
  916. 0x000000007e90b330 1 1 ------ \Device\NamedPipe\atsvc
  917. 0x000000007e90b480 2 1 R--rw- \Device\HarddiskVolume2\Windows\Tasks
  918. 0x000000007e90b5d0 2 1 ------ \Device\Afd\Endpoint
  919. 0x000000007e90c070 2 1 ------ \Device\NamedPipe\atsvc
  920. 0x000000007e90c230 2 1 ------ \Device\Afd\Endpoint
  921. 0x000000007e90dd40 12 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\bcrypt.dll
  922. 0x000000007e910070 3 1 R--rwd \Device\HarddiskVolume2\Windows\System32\wbem\MOF
  923. 0x000000007e910f20 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wbem\WmiDcPrv.dll
  924. 0x000000007e913c80 10 0 R--rwd \Device\HarddiskVolume2\Windows\System32\onex.dll
  925. 0x000000007e913dd0 6 0 R--rwd \Device\HarddiskVolume2\Windows\Fonts\segoeuii.ttf
  926. 0x000000007e914740 12 0 R--rwd \Device\HarddiskVolume2\Windows\System32\WinSCard.dll
  927. 0x000000007e916760 14 0 R--rwd \Device\HarddiskVolume2\Windows\System32\wpccpl.dll
  928. 0x000000007e920070 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx
  929. 0x000000007e920720 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  930. 0x000000007e920d40 1 1 R--rw- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci
  931. 0x000000007e921070 2 1 ------ \Device\Afd\Endpoint
  932. 0x000000007e9215c0 2 1 ------ \Device\Afd\Endpoint
  933. 0x000000007e922400 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\dllhost.exe
  934. 0x000000007e9225d0 2 1 ------ \Device\NamedPipe\Winsock2\CatalogChangeListener-1f0-0
  935. 0x000000007e9228a0 2 1 ------ \Device\Afd\Endpoint
  936. 0x000000007e922f20 2 1 ------ \Device\Afd\Endpoint
  937. 0x000000007e923410 16 0 R--rwd \Device\HarddiskVolume2\Windows\Resources\Ease of Access Themes\basic.theme
  938. 0x000000007e924480 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\NlsLexicons000a.dll
  939. 0x000000007e925b40 13 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\rasman.dll
  940. 0x000000007e926070 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\mmsys.cpl
  941. 0x000000007e926280 14 0 R--rwd \Device\HarddiskVolume2\Windows\System32\WFSR.dll
  942. 0x000000007e928990 3 0 R--r-d \Device\HarddiskVolume2\Windows\System32\spoolsv.exe
  943. 0x000000007e928c00 16 0 R--rwd \Device\HarddiskVolume2\Windows\Resources\Ease of Access Themes\hc1.theme
  944. 0x000000007e92eb40 5 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\Wpc.dll
  945. 0x000000007e92fa80 19 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx
  946. 0x000000007e930f20 13 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\msidle.dll
  947. 0x000000007e9346f0 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\Desktop\RamCapturer64
  948. 0x000000007e935070 14 0 R--rwd \Device\HarddiskVolume2\Windows\System32\w32time.dll
  949. 0x000000007e935690 19 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx
  950. 0x000000007e937f20 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk
  951. 0x000000007e939220 10 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
  952. 0x000000007e939950 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  953. 0x000000007e93b070 3 0 R--rwd \Device\HarddiskVolume2\Windows\System32\apds.dll
  954. 0x000000007e93b820 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
  955. 0x000000007e93ee80 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\AuxiliaryDisplayClassInstaller.dll
  956. 0x000000007e941910 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  957. 0x000000007e942940 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk
  958. 0x000000007e943630 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\BFE.DLL
  959. 0x000000007e944070 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  960. 0x000000007e945380 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\dps.dll
  961. 0x000000007e9457b0 6 0 R--rwd \Device\HarddiskVolume2\Program Files\Windows Sidebar\sidebar.exe
  962. 0x000000007e9469b0 13 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\shfolder.dll
  963. 0x000000007e946b40 1 1 ------ \Device\NamedPipe\wkssvc
  964. 0x000000007e946e60 1 1 ------ \Device\NamedPipe\wkssvc
  965. 0x000000007e947540 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
  966. 0x000000007e948630 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\eappprxy.dll
  967. 0x000000007e954070 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\dmocx.dll
  968. 0x000000007e956840 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  969. 0x000000007e960be0 3 0 R--r-d \Device\HarddiskVolume2\Windows\System32\rtutils.dll
  970. 0x000000007e96a070 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
  971. 0x000000007e96b070 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\hidserv.dll
  972. 0x000000007e96d720 16 0 R--rwd \Device\HarddiskVolume2\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
  973. 0x000000007e96e850 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\sfc.dll
  974. 0x000000007e9732e0 16 0 R--r-- \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5afe4de1b92fc382.customDestinations-ms
  975. 0x000000007e975750 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\MPSSVC.dll
  976. 0x000000007e976af0 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
  977. 0x000000007e9776a0 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\samcli.dll
  978. 0x000000007e979070 11 0 R--rwd \Device\HarddiskVolume2\Windows\System32\sc.exe
  979. 0x000000007e9793c0 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
  980. 0x000000007e979d70 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\oleaccrc.dll
  981. 0x000000007e97d9e0 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\rasapi32.dll
  982. 0x000000007e97edd0 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\ifsutil.dll
  983. 0x000000007e980d50 9 0 R--rwd \Device\HarddiskVolume2\Windows\System32\IKEEXT.DLL
  984. 0x000000007e989540 11 0 R--rwd \Device\HarddiskVolume2\Windows\System32\wow64win.dll
  985. 0x000000007e9899f0 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  986. 0x000000007e98b630 13 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\FirewallAPI.dll.mui
  987. 0x000000007e98ba80 3 0 R--r-d \Device\HarddiskVolume2\Windows\System32\tdh.dll
  988. 0x000000007e98ebd0 16 0 R--rwd \Device\HarddiskVolume2\Windows\Cursors\aero_unavail.cur
  989. 0x000000007e98ee60 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\lsmproxy.dll
  990. 0x000000007e98f200 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\rasman.dll
  991. 0x000000007e99bf20 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\sscore.dll
  992. 0x000000007e99c720 1 1 ------ \Device\NamedPipe\keysvc
  993. 0x000000007e99c870 2 1 ------ \Device\NamedPipe\keysvc
  994. 0x000000007e99caa0 5 0 R--rwd \Device\HarddiskVolume2\Windows\System32\CertEnroll.dll
  995. 0x000000007e99d070 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\vssapi.dll
  996. 0x000000007e99fb90 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  997. 0x000000007e99fe60 2 1 ------ \Device\Afd\Endpoint
  998. 0x000000007e9a3b90 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wkssvc.dll
  999. 0x000000007e9a8580 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\sfc_os.dll
  1000. 0x000000007e9a88d0 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\webservices.dll
  1001. 0x000000007e9a8b70 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
  1002. 0x000000007e9a9070 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\sqmapi.dll
  1003. 0x000000007e9abd80 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wpdshext.dll
  1004. 0x000000007e9ae130 15 0 R--r-d \Device\HarddiskVolume2\Program Files (x86)\Internet Explorer\IEShims.dll
  1005. 0x000000007e9af490 14 0 R--rwd \Device\HarddiskVolume2\Windows\System32\MdSched.exe
  1006. 0x000000007e9af5e0 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
  1007. 0x000000007e9b29c0 1 0 RW-rwd \Device\HarddiskVolume2\$PrepareToShrinkFileSize
  1008. 0x000000007e9b4a10 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\pcasvc.dll
  1009. 0x000000007e9b7ec0 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\FDResPub.dll
  1010. 0x000000007e9b8460 11 0 R--r-d \Device\HarddiskVolume2\Windows\Fonts\StaticCache.dat
  1011. 0x000000007e9b8700 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\aepic.dll
  1012. 0x000000007e9ba2d0 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk
  1013. 0x000000007e9ba550 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1014. 0x000000007e9ba7a0 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\StructuredQuery.dll
  1015. 0x000000007e9ba8f0 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\WSDApi.dll
  1016. 0x000000007e9bb900 1 1 ------ \Device\NamedPipe\keysvc
  1017. 0x000000007e9c5f20 5 0 R--rwd \Device\HarddiskVolume2\Windows\System32\Display.dll
  1018. 0x000000007e9c74c0 8 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\wbem\Repository\OBJECTS.DATA
  1019. 0x000000007e9cc070 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\fundisc.dll
  1020. 0x000000007e9cd070 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\nlasvc.dll
  1021. 0x000000007e9cd780 11 0 R--rwd \Device\HarddiskVolume2\Windows\System32\d3d10core.dll
  1022. 0x000000007e9d0070 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\webio.dll
  1023. 0x000000007e9d1f20 16 0 R--rwd \Device\HarddiskVolume2\Windows\Cursors\aero_link.cur
  1024. 0x000000007e9d42e0 13 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\mshta.exe
  1025. 0x000000007e9d7070 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1026. 0x000000007e9d7d50 16 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1027. 0x000000007e9d85c0 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\ncsi.dll
  1028. 0x000000007e9d8a30 16 0 R--rwd \Device\HarddiskVolume2\Windows\System32\d3d9.dll
  1029. 0x000000007e9d9780 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\UXInit.dll
  1030. 0x000000007e9de880 2 1 RW-r-- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\UsrClass.dat{52c3b903-83fa-11e6-9fa7-080027a90394}.TM.blf
  1031. 0x000000007e9deaf0 7 0 R--rwd \Device\HarddiskVolume2\Windows\System32\calc.exe
  1032. 0x000000007e9dfe40 12 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\winsta.dll
  1033. 0x000000007e9e3070 1 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\KernelBase.dll.mui
  1034. 0x000000007e9e31e0 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\Credentials
  1035. 0x000000007e9e3710 2 1 RW-r-- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\UsrClass.dat{52c3b903-83fa-11e6-9fa7-080027a90394}.TMContainer00000000000000000002.regtrans-ms
  1036. 0x000000007e9e5070 1 1 RW---- \Device\HarddiskVolume2\Users\USER01\ntuser.dat.LOG2
  1037. 0x000000007e9e5430 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk
  1038. 0x000000007e9ecbb0 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
  1039. 0x000000007e9f1b40 6 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\winspool.drv
  1040. 0x000000007e9f1dd0 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\wbem\Repository\MAPPING1.MAP
  1041. 0x000000007e9f2c10 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\WindowsPowerShell\v1.0\pwrshsip.dll
  1042. 0x000000007e9f6630 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1043. 0x000000007e9f6780 14 0 R--rwd \Device\HarddiskVolume2\Program Files\Windows Journal\Journal.exe
  1044. 0x000000007e9f7070 13 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\rsaenh.dll
  1045. 0x000000007e9f7350 3 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wbem\WMIsvc.dll
  1046. 0x000000007e9f8450 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\stdole2.tlb
  1047. 0x000000007e9f8a00 16 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1048. 0x000000007e9faaa0 18 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1049. 0x000000007e9fad10 13 0 R--rwd \Device\HarddiskVolume2\Program Files\Windows NT\TableTextService\TableTextService.dll
  1050. 0x000000007e9fb9f0 16 0 R--rwd \Device\HarddiskVolume2\Windows\Cursors\aero_ns.cur
  1051. 0x000000007e9fe410 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1052. 0x000000007e9fec90 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\radardt.dll
  1053. 0x000000007ea6ada0 9 0 R--rwd \Device\HarddiskVolume2\Windows\Fonts\tahomabd.ttf
  1054. 0x000000007ea7de60 8 1 R--r-d \Device\HarddiskVolume2\Windows\ehome\malgunmc.ttf
  1055. 0x000000007ea7e070 14 0 R--rwd \Device\HarddiskVolume2\Windows\System32\shell32.dll
  1056. 0x000000007ea7e610 1 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\KernelBase.dll.mui
  1057. 0x000000007ea7e760 10 0 R--r-- \Device\HarddiskVolume2\Windows\System32\sppobjs.dll
  1058. 0x000000007ea83d10 11 0 R--rwd \Device\HarddiskVolume2\Windows\System32\browcli.dll
  1059. 0x000000007ea8df20 8 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1060. 0x000000007ea941d0 11 0 R--rwd \Device\HarddiskVolume2\Windows\System32\wlanhlp.dll
  1061. 0x000000007ea94f20 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1062. 0x000000007ea99560 5 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1063. 0x000000007ea9a070 1 1 R--rw- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.dir
  1064. 0x000000007ea9a5e0 12 0 R--rwd \Device\HarddiskVolume2\Windows\System32\SmartcardCredentialProvider.dll
  1065. 0x000000007ea9a890 17 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\win32k.sys.mui
  1066. 0x000000007eaae070 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\winlogon.exe
  1067. 0x000000007eab0d50 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\WER\ERC
  1068. 0x000000007eab24a0 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
  1069. 0x000000007eab3990 19 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx
  1070. 0x000000007eab5bb0 16 0 R--rwd \Device\HarddiskVolume2\Windows\Resources\Ease of Access Themes\classic.theme
  1071. 0x000000007eab85a0 16 0 R--rwd \Device\HarddiskVolume2\Windows\System32\mfc42u.dll
  1072. 0x000000007eaba070 11 0 R--rwd \Device\HarddiskVolume2\Windows\System32\devmgr.dll
  1073. 0x000000007eabab70 2 1 ------ \Device\Afd\Endpoint
  1074. 0x000000007eabb070 7 0 R--rwd \Device\HarddiskVolume2\Windows\System32\uDWM.dll
  1075. 0x000000007eac6c80 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1076. 0x000000007eac6dd0 16 0 R--rwd \Device\HarddiskVolume2\Windows\Web\Wallpaper\Scenes\Desktop.ini
  1077. 0x000000007eac84d0 15 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\msls31.dll
  1078. 0x000000007eacba70 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\advapi32.dll
  1079. 0x000000007ead19a0 4 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1080. 0x000000007ead24a0 11 0 R--rwd \Device\HarddiskVolume2\Windows\System32\control.exe
  1081. 0x000000007ead2d10 10 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\oleacc.dll
  1082. 0x000000007ead33f0 9 0 R--rwd \Device\HarddiskVolume2\Windows\System32\powercpl.dll
  1083. 0x000000007ead3540 16 0 R--rwd \Device\HarddiskVolume2\Windows\System32\oleaccrc.dll
  1084. 0x000000007ead3960 15 0 R--r-- \Device\HarddiskVolume2\Windows\Fonts\segoeui.ttf
  1085. 0x000000007ead3cb0 5 0 R--r-- \Device\HarddiskVolume2\Windows\Fonts\segoeuib.ttf
  1086. 0x000000007ead6920 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
  1087. 0x000000007ead7280 12 0 R--rwd \Device\HarddiskVolume2\Windows\System32\dfscli.dll
  1088. 0x000000007ead8460 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1089. 0x000000007ead9560 13 0 R--r-- \Device\HarddiskVolume2\Windows\Fonts\micross.ttf
  1090. 0x000000007eadace0 3 0 R--r-- \Device\HarddiskVolume2\Windows\Fonts\tahoma.ttf
  1091. 0x000000007eae2e00 14 0 R--rwd \Device\HarddiskVolume2\Windows\System32\pmcsnap.dll
  1092. 0x000000007eae3940 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\WlS0WndH.dll
  1093. 0x000000007eae4700 16 0 R--rwd \Device\HarddiskVolume2\Windows\System32\tzres.dll
  1094. 0x000000007eae5400 11 0 R--rwd \Device\HarddiskVolume2\Windows\System32\regsvr32.exe
  1095. 0x000000007eae6f20 7 0 R--r-- \Device\HarddiskVolume2\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
  1096. 0x000000007eae7510 16 0 R--r-d \Device\HarddiskVolume2\Windows\Fonts\marlett.ttf
  1097. 0x000000007eae81e0 12 0 R--rwd \Device\HarddiskVolume2\Windows\Fonts\simsun.ttc
  1098. 0x000000007eaebdf0 1 1 ------ \Device\NamedPipe\InitShutdown
  1099. 0x000000007eaec3d0 1 1 ------ \Device\NamedPipe\InitShutdown
  1100. 0x000000007eaec520 2 1 ------ \Device\NamedPipe\InitShutdown
  1101. 0x000000007eaed070 5 0 R--r-- \Device\HarddiskVolume2\Windows\Globalization\Sorting\SortDefault.nls
  1102. 0x000000007eaed560 2 1 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu
  1103. 0x000000007eaee820 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\services.exe
  1104. 0x000000007eaef4c0 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\sxs.dll
  1105. 0x000000007eaf0440 5 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1106. 0x000000007eaf3070 18 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1107. 0x000000007eaf3700 3 0 R--r-d \Device\HarddiskVolume2\Windows\System32\lsass.exe
  1108. 0x000000007eaf3910 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\apphelp.dll
  1109. 0x000000007eaf4c70 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
  1110. 0x000000007eaf5b70 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  1111. 0x000000007eaf5cc0 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\lsm.exe
  1112. 0x000000007eaf6070 12 0 R--rwd \Device\HarddiskVolume2\Windows\System32\shgina.dll
  1113. 0x000000007eafd980 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\sspisrv.dll
  1114. 0x000000007eafe540 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\scext.dll
  1115. 0x000000007eafea70 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wmsgapi.dll
  1116. 0x000000007eafedd0 9 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\actxprxy.dll
  1117. 0x000000007eafef20 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  1118. 0x000000007eb07a40 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  1119. 0x000000007eb080d0 3 0 R--r-d \Device\HarddiskVolume2\Windows\System32\cryptdll.dll
  1120. 0x000000007eb09760 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\samsrv.dll
  1121. 0x000000007eb09b40 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\sysntfy.dll
  1122. 0x000000007eb09c90 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx
  1123. 0x000000007eb0a340 12 0 R--rwd \Device\HarddiskVolume2\Windows\System32\spfileq.dll
  1124. 0x000000007eb0bc90 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\scesrv.dll
  1125. 0x000000007eb0ce00 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\srvcli.dll
  1126. 0x000000007eb0d110 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\lsasrv.dll
  1127. 0x000000007eb0e4b0 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\recdisc.exe
  1128. 0x000000007eb0e600 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wevtapi.dll
  1129. 0x000000007eb0edc0 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\secur32.dll
  1130. 0x000000007eb10760 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\authz.dll
  1131. 0x000000007eb10b20 9 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\mpr.dll
  1132. 0x000000007eb11da0 12 0 R--rwd \Device\HarddiskVolume2\Windows\System32\msisip.dll
  1133. 0x000000007eb13dc0 16 0 R--rwd \Device\HarddiskVolume2\Windows\Web\Wallpaper\Landscapes\Desktop.ini
  1134. 0x000000007eb15b80 18 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1135. 0x000000007eb16070 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
  1136. 0x000000007eb16d50 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
  1137. 0x000000007eb17670 15 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log
  1138. 0x000000007eb183b0 1 1 RW---- \Device\HarddiskVolume2\Windows\System32\config\SECURITY.LOG1
  1139. 0x000000007eb18bf0 13 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\wship6.dll
  1140. 0x000000007eb19c90 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\FirewallControlPanel.dll
  1141. 0x000000007eb1aa00 1 1 RWD--- \Device\HarddiskVolume2\Windows\System32\config\RegBack\SECURITY
  1142. 0x000000007eb1af20 1 1 RW---- \Device\HarddiskVolume2\Windows\System32\config\SECURITY.LOG2
  1143. 0x000000007eb1c2c0 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\netjoin.dll
  1144. 0x000000007eb1da10 7 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\dnsapi.dll
  1145. 0x000000007eb1e5a0 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\main.cpl
  1146. 0x000000007eb1ff20 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\elslad.dll
  1147. 0x000000007eb213a0 12 0 R--rwd \Device\HarddiskVolume2\Windows\System32\apss.dll
  1148. 0x000000007eb214f0 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\kerberos.dll
  1149. 0x000000007eb22070 10 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\rasapi32.dll
  1150. 0x000000007eb22ae0 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\negoexts.dll
  1151. 0x000000007eb256a0 11 0 R--rwd \Device\HarddiskVolume2\Windows\System32\CertPolEng.dll
  1152. 0x000000007eb25aa0 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
  1153. 0x000000007eb25f20 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\mswsock.dll
  1154. 0x000000007eb265d0 9 0 R--rwd \Device\HarddiskVolume2\Windows\System32\mmsys.cpl
  1155. 0x000000007eb28f20 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  1156. 0x000000007eb29070 12 0 R--rwd \Device\HarddiskVolume2\Windows\Fonts\mingliu.ttc
  1157. 0x000000007eb2b070 12 0 R--rwd \Device\HarddiskVolume2\Windows\System32\umrdp.dll
  1158. 0x000000007eb2b710 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1159. 0x000000007eb2bc80 12 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\mshtml.dll
  1160. 0x000000007eb34530 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\msv1_0.dll
  1161. 0x000000007eb364c0 14 0 R--r-- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000001.db
  1162. 0x000000007eb36aa0 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wship6.dll
  1163. 0x000000007eb374a0 4 0 R--rwd \Device\HarddiskVolume2\Windows\System32\WMNetMgr.dll
  1164. 0x000000007eb37bb0 1 1 -W-rw- \Device\HarddiskVolume2\Windows\debug\PASSWD.LOG
  1165. 0x000000007eb39b70 16 0 ------ \Device\HarddiskVolume2\Windows\System32\C_28591.NLS
  1166. 0x000000007eb3a5f0 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\logoncli.dll
  1167. 0x000000007eb3a800 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\netlogon.dll
  1168. 0x000000007eb3ac60 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\dnsapi.dll
  1169. 0x000000007eb3cf20 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\schannel.dll
  1170. 0x000000007eb3f070 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1171. 0x000000007eb3f720 16 0 R--rwd \Device\HarddiskVolume2\Windows\Cursors\aero_nwse.cur
  1172. 0x000000007eb40f20 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wdigest.dll
  1173. 0x000000007eb41070 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\mspatcha.dll
  1174. 0x000000007eb41b60 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\acppage.dll
  1175. 0x000000007eb41cb0 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
  1176. 0x000000007eb42380 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\pku2u.dll
  1177. 0x000000007eb42550 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\TSpkg.dll
  1178. 0x000000007eb43670 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
  1179. 0x000000007eb43810 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\efslsaext.dll
  1180. 0x000000007eb43960 1 1 ------ \Device\NamedPipe\lsass
  1181. 0x000000007eb45830 1 1 ------ \Device\NamedPipe\protected_storage
  1182. 0x000000007eb45d00 1 1 ------ \Device\NamedPipe\lsass
  1183. 0x000000007eb462f0 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\credssp.dll
  1184. 0x000000007eb475a0 1 1 ------ \Device\NamedPipe\protected_storage
  1185. 0x000000007eb476f0 2 1 ------ \Device\NamedPipe\protected_storage
  1186. 0x000000007eb488a0 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  1187. 0x000000007eb49da0 1 1 ------ \Device\NamedPipe\scerpc
  1188. 0x000000007eb4a4a0 1 1 ------ \Device\NamedPipe\ntsvcs
  1189. 0x000000007eb4a5f0 2 1 ------ \Device\NamedPipe\ntsvcs
  1190. 0x000000007eb4a890 1 1 ------ \Device\NamedPipe\ntsvcs
  1191. 0x000000007eb4b500 11 0 R--rwd \Device\HarddiskVolume2\Windows\System32\ulib.dll
  1192. 0x000000007eb4c070 1 1 ------ \Device\NamedPipe\scerpc
  1193. 0x000000007eb4c870 6 0 R--rwd \Device\HarddiskVolume2\Program Files\Windows Defender\MpSvc.dll
  1194. 0x000000007eb4cc80 1 1 RWD--- \Device\HarddiskVolume2\Windows\System32\config\RegBack\SAM
  1195. 0x000000007eb4cdd0 2 1 ------ \Device\NamedPipe\scerpc
  1196. 0x000000007eb4cf20 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1197. 0x000000007eb4d680 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\ubpm.dll
  1198. 0x000000007eb4d7b0 1 1 RW---- \Device\HarddiskVolume2\Windows\System32\config\SAM.LOG1
  1199. 0x000000007eb4da10 1 1 RW---- \Device\HarddiskVolume2\Windows\System32\config\SAM
  1200. 0x000000007eb4e050 1 1 RW---- \Device\HarddiskVolume2\Windows\System32\config\SAM.LOG2
  1201. 0x000000007eb50070 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\svchost.exe
  1202. 0x000000007eb507d0 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Burn
  1203. 0x000000007eb51970 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\scecli.dll
  1204. 0x000000007eb523d0 17 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1205. 0x000000007eb52520 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\SPInf.dll
  1206. 0x000000007eb528f0 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\linkinfo.dll
  1207. 0x000000007eb53e20 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\conhost.exe
  1208. 0x000000007eb56270 1 1 ------ \Device\NamedPipe\plugplay
  1209. 0x000000007eb57dd0 1 1 ------ \Device\NamedPipe\plugplay
  1210. 0x000000007eb57f20 2 1 ------ \Device\NamedPipe\plugplay
  1211. 0x000000007eb58070 3 0 R--r-d \Device\HarddiskVolume2\Windows\System32\gpapi.dll
  1212. 0x000000007eb58f20 3 0 R--r-d \Device\HarddiskVolume2\Windows\System32\umpo.dll
  1213. 0x000000007eb63400 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\powrprof.dll
  1214. 0x000000007eb66680 17 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1215. 0x000000007eb67420 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\VBoxMRXNP.dll
  1216. 0x000000007eb68d80 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  1217. 0x000000007eb68f20 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\RpcEpMap.dll
  1218. 0x000000007eb6a600 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\ntmarta.dll
  1219. 0x000000007eb6d6e0 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
  1220. 0x000000007eb6d830 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\version.dll
  1221. 0x000000007eb6d980 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\winnsi.dll
  1222. 0x000000007eb74970 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\VBoxService.exe
  1223. 0x000000007eb75430 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  1224. 0x000000007eb776f0 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\rpcss.dll
  1225. 0x000000007eb78070 1 1 RW---- \Device\HarddiskVolume2\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
  1226. 0x000000007eb7b9e0 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1227. 0x000000007eb7bda0 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1228. 0x000000007eb7c290 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\VBoxTray.exe
  1229. 0x000000007eb7c580 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\VBoxHook.dll
  1230. 0x000000007eb7cb70 2 1 RW-r-- \Device\HarddiskVolume2\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
  1231. 0x000000007eb7d330 2 1 RW-r-- \Device\HarddiskVolume2\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
  1232. 0x000000007eb7d830 1 1 RW---- \Device\HarddiskVolume2\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1
  1233. 0x000000007eb7dae0 1 1 RW---- \Device\HarddiskVolume2\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2
  1234. 0x000000007eb806b0 1 1 RW-rwd \Device\clfs\Device\HarddiskVolume2\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM
  1235. 0x000000007eb808c0 3 1 R--rwd \Device\HarddiskVolume2\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My
  1236. 0x000000007eb83b00 2 1 RW-rw- \Device\clfs\Device\HarddiskVolume2\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM
  1237. 0x000000007eb8f290 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\clfs.sys
  1238. 0x000000007eb975b0 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\tsgqec.dll
  1239. 0x000000007eb9b290 1 1 ------ \Device\NamedPipe\browser
  1240. 0x000000007eba9370 9 0 R--r-d \Device\HarddiskVolume2\Program Files\Windows Defender\MpClient.dll
  1241. 0x000000007ebadbe0 2 1 RW-r-- \Device\HarddiskVolume2\Windows\ServiceProfiles\LocalService\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
  1242. 0x000000007ebb0f20 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\WPDShServiceObj.dll
  1243. 0x000000007ebb3670 2 1 ------ \Device\Afd\Endpoint
  1244. 0x000000007ebb4570 1 1 ------ \Device\Afd\Endpoint
  1245. 0x000000007ebb4ca0 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
  1246. 0x000000007ebb6890 2 1 ------ \Device\Afd\Endpoint
  1247. 0x000000007ebb6f20 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\cabinet.dll
  1248. 0x000000007ebb72e0 2 1 ------ \Device\Afd\Endpoint
  1249. 0x000000007ebb7430 2 1 ------ \Device\Afd\Endpoint
  1250. 0x000000007ebb7610 2 1 ------ \Device\NamedPipe\epmapper
  1251. 0x000000007ebb7b80 2 1 ------ \Device\Afd\Endpoint
  1252. 0x000000007ebb7e00 2 1 ------ \Device\NamedPipe\Winsock2\CatalogChangeListener-2c8-0
  1253. 0x000000007ebb9830 2 1 ------ \Device\Afd\Endpoint
  1254. 0x000000007ebb9b20 16 0 R--rwd \Device\HarddiskVolume2\Windows\Web\Wallpaper\Architecture\Desktop.ini
  1255. 0x000000007ebb9f20 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1256. 0x000000007ebba580 1 1 ------ \Device\Afd\Endpoint
  1257. 0x000000007ebbae10 1 1 ------ \Device\Afd\Endpoint
  1258. 0x000000007ebbb960 1 1 ------ \Device\NamedPipe\epmapper
  1259. 0x000000007ebbbab0 1 1 RW---- \Device\HarddiskVolume2\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2
  1260. 0x000000007ebbc7f0 2 1 ------ \Device\Afd\Endpoint
  1261. 0x000000007ebbd320 1 1 ------ \Device\NamedPipe\LSM_API_service
  1262. 0x000000007ebbdf20 2 1 ------ \Device\Afd\Endpoint
  1263. 0x000000007ebbe070 2 1 ------ \Device\Afd\Endpoint
  1264. 0x000000007ebc0070 1 1 ------ \Device\NamedPipe\epmapper
  1265. 0x000000007ebc0b00 2 1 ------ \Device\NamedPipe\Winsock2\CatalogChangeListener-190-0
  1266. 0x000000007ebc5c60 1 1 RW---- \Device\HarddiskVolume2\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1
  1267. 0x000000007ebc5ea0 1 1 RW---- \Device\HarddiskVolume2\Windows\ServiceProfiles\LocalService\NTUSER.DAT
  1268. 0x000000007ebc6a10 2 1 ------ \Device\Afd\Endpoint
  1269. 0x000000007ebc7070 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll
  1270. 0x000000007ebca070 2 1 ------ \Device\NamedPipe\LSM_API_service
  1271. 0x000000007ebca3c0 14 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\sfc.dll
  1272. 0x000000007ebcad50 1 1 ------ \Device\NamedPipe\LSM_API_service
  1273. 0x000000007ebcd260 2 1 RW-r-- \Device\HarddiskVolume2\Windows\ServiceProfiles\LocalService\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
  1274. 0x000000007ebcdd10 1 1 RW-r-- \Device\HarddiskVolume2\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
  1275. 0x000000007ebce2c0 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx
  1276. 0x000000007ebce640 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1277. 0x000000007ebd0a60 2 1 RW-r-- \Device\HarddiskVolume2\Windows\ServiceProfiles\LocalService\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
  1278. 0x000000007ebd3b80 2 1 RW-rw- \Device\clfs\Device\HarddiskVolume2\Windows\ServiceProfiles\LocalService\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM
  1279. 0x000000007ebd3f20 18 1 RW-r-- \Device\HarddiskVolume2\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
  1280. 0x000000007ebd4100 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx
  1281. 0x000000007ebd4310 1 1 RW-rwd \Device\clfs\Device\HarddiskVolume2\Windows\ServiceProfiles\LocalService\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM
  1282. 0x000000007ebd4e60 14 0 R--rwd \Device\HarddiskVolume2\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
  1283. 0x000000007ebd5470 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
  1284. 0x000000007ebd7f20 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  1285. 0x000000007ebe4320 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\cryptui.dll
  1286. 0x000000007ebe4530 17 1 RW-r-- \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log
  1287. 0x000000007ebe4680 23 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Application.evtx
  1288. 0x000000007ebe54a0 9 0 R--r-d \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
  1289. 0x000000007ebe8d10 1 1 ------ \Device\NamedPipe\eventlog
  1290. 0x000000007ebeb3d0 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\consent.exe
  1291. 0x000000007ebeb680 13 0 R--rwd \Device\HarddiskVolume2\Windows\Cursors\aero_busy.ani
  1292. 0x000000007ebec450 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\rdpcorekmts.dll
  1293. 0x000000007ebed450 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
  1294. 0x000000007ebee5a0 11 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\IPHLPAPI.DLL
  1295. 0x000000007ebeef20 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\audiosrv.dll
  1296. 0x000000007ebef770 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wevtsvc.dll
  1297. 0x000000007ebf05a0 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\authui.dll
  1298. 0x000000007ebf33a0 14 0 R--rwd \Device\HarddiskVolume2\Windows\System32\KBDSP.DLL
  1299. 0x000000007ebf36e0 10 0 R--rwd \Device\HarddiskVolume2\Windows\System32\termsrv.dll
  1300. 0x000000007ebf4f20 9 0 R--rwd \Device\HarddiskVolume2\Windows\System32\ActionCenterCPL.dll
  1301. 0x000000007ebf5340 1 1 ------ \Device\NamedPipe\eventlog
  1302. 0x000000007ebf5490 2 1 ------ \Device\NamedPipe\eventlog
  1303. 0x000000007ebf5b90 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  1304. 0x000000007ebf6f20 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wuapi.dll
  1305. 0x000000007ebf8070 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  1306. 0x000000007ec9c8e0 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
  1307. 0x000000007eca82c0 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
  1308. 0x000000007ecaf2c0 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
  1309. 0x000000007ecb32c0 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\devobj.dll
  1310. 0x000000007ecb52c0 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wintrust.dll
  1311. 0x000000007eccb2c0 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
  1312. 0x000000007ecdb2c0 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
  1313. 0x000000007ed06560 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\devrtl.dll
  1314. 0x000000007ed33c30 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\crypt32.dll
  1315. 0x000000007ed36470 14 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
  1316. 0x000000007ed4bc00 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
  1317. 0x000000007ed4bd50 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\sspicli.dll
  1318. 0x000000007ed4c350 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini
  1319. 0x000000007ed51c50 2 1 RW-r-- \Device\HarddiskVolume2\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
  1320. 0x000000007ed5f7d0 1 1 ------ \Device\HarddiskVolume2\Windows\bootstat.dat
  1321. 0x000000007ed60830 8 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\nsi.dll
  1322. 0x000000007ed60c60 15 0 R--rwd \Device\HarddiskVolume2\Users\USER01\Documents\desktop.ini
  1323. 0x000000007ed6c590 1 1 RW-rw- \Device\HarddiskVolume2\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log
  1324. 0x000000007ed6cc90 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1325. 0x000000007ed6ded0 18 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1326. 0x000000007ed72890 18 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1327. 0x000000007ed73c20 1 1 ------ \Device\NamedPipe\MsFteWds
  1328. 0x000000007ed76070 15 0 R--rwd \Device\HarddiskVolume2\Program Files\desktop.ini
  1329. 0x000000007ed766f0 10 0 R--rwd \Device\HarddiskVolume2\Windows\System32\adsldpc.dll
  1330. 0x000000007ed77620 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1331. 0x000000007ed78230 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\cngaudit.dll
  1332. 0x000000007ed79400 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\pngfilt.dll
  1333. 0x000000007ed79530 18 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1334. 0x000000007ed7b6d0 1 1 RWDrwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Temp\~DF15111422860F0DD7.TMP
  1335. 0x000000007ed7ca00 14 0 R--rwd \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll
  1336. 0x000000007ed7e930 14 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\comdlg32.dll
  1337. 0x000000007ed86c10 11 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
  1338. 0x000000007f026bc0 17 0 R--r-- \Device\HarddiskVolume2\Windows\SERVIC~2\LOCALS~1\AppData\Roaming\PEERNE~1\801DE2~1.HOM\932124~1\grouping\edb.log
  1339. 0x000000007f028070 1 1 RW---- \Device\HarddiskVolume2\Windows\SERVIC~2\LOCALS~1\AppData\Roaming\PEERNE~1\801DE2~1.HOM\932124~1\grouping\db.mdb
  1340. 0x000000007f028570 1 1 RW---- \Device\HarddiskVolume2\Windows\SERVIC~2\LOCALS~1\AppData\Roaming\PEERNE~1\801DE2~1.HOM\932124~1\grouping\edb.log
  1341. 0x000000007f0286c0 7 0 R--r-- \Device\HarddiskVolume2\Windows\SERVIC~2\LOCALS~1\AppData\Roaming\PEERNE~1\801DE2~1.HOM\932124~1\grouping\db.mdb
  1342. 0x000000007f028b20 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1343. 0x000000007f02a7b0 16 0 RW-r-- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.dir
  1344. 0x000000007f02b8e0 19 1 RWD--- \Device\HarddiskVolume2\Windows\SERVIC~2\LOCALS~1\AppData\Roaming\PEERNE~1\801DE2~1.HOM\932124~1\grouping\tmp.edb
  1345. 0x000000007f02db40 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\drttransport.dll
  1346. 0x000000007f02f900 1 1 ------ \Device\Afd\Endpoint
  1347. 0x000000007f031860 101 1 ------ \Device\Afd\Endpoint
  1348. 0x000000007f031c10 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\drt.dll
  1349. 0x000000007f0322a0 11 0 R--rwd \Device\HarddiskVolume2\Windows\System32\advpack.dll
  1350. 0x000000007f03a300 6 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\jscript.dll
  1351. 0x000000007f0688c0 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
  1352. 0x000000007f068a10 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  1353. 0x000000007f080610 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local
  1354. 0x000000007f0a2c40 15 0 R--rwd \Device\HarddiskVolume2\Program Files (x86)\desktop.ini
  1355. 0x000000007f0ab510 15 1 R--r-- \Device\HarddiskVolume2\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
  1356. 0x000000007f0ab850 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  1357. 0x000000007f0b8f20 3 0 R--rwd \Device\HarddiskVolume2\Windows\System32\themecpl.dll
  1358. 0x000000007f0be440 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\desk.cpl
  1359. 0x000000007f0c8f20 1 1 R--r-d \Device\HarddiskVolume2\Windows\Fonts\StaticCache.dat
  1360. 0x000000007f0ca730 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1361. 0x000000007f0ca9e0 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\framedynos.dll
  1362. 0x000000007f203ed0 13 0 RW-rwd \Device\HarddiskVolume1\$LogFile
  1363. 0x000000007f204070 14 0 R--rwd \Device\HarddiskVolume2\Program Files\DVD Maker\DVDMaker.exe
  1364. 0x000000007f205e30 2 1 RW-r-- \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
  1365. 0x000000007f20aa50 4 0 RW-rwd \Device\HarddiskVolume1\$BitMap
  1366. 0x000000007f20ba20 10 0 R--rwd \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
  1367. 0x000000007f20bf20 18 0 RW-rwd \Device\HarddiskVolume1\$Mft
  1368. 0x000000007f20c490 2 1 RWDrwd \Device\clfs\Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog
  1369. 0x000000007f20c6a0 2 1 RW-r-- \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
  1370. 0x000000007f20d2b0 2 1 RW-r-- \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
  1371. 0x000000007f221820 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
  1372. 0x000000007f221aa0 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\msprivs.dll
  1373. 0x000000007f222420 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
  1374. 0x000000007f223920 5 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\ws2_32.dll
  1375. 0x000000007f2247c0 2 1 RW-r-- \Device\clfsTxfLog
  1376. 0x000000007f2269b0 1 1 RW---- \Device\HarddiskVolume1\Boot\BCD
  1377. 0x000000007f226ae0 1 1 RW---- \Device\HarddiskVolume2\Windows\System32\config\SOFTWARE.LOG1
  1378. 0x000000007f226f20 29 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1379. 0x000000007f2271c0 1 1 RW-rwd \Device\clfs\Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog
  1380. 0x000000007f228250 2 1 RW-rw- \Device\clfsKtmLog
  1381. 0x000000007f228640 2 1 RWDrwd \Device\clfs\Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog
  1382. 0x000000007f22a530 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
  1383. 0x000000007f22b350 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\urlmon.dll
  1384. 0x000000007f22b6f0 1 1 RW---- \Device\HarddiskVolume2\Windows\System32\config\SYSTEM.LOG2
  1385. 0x000000007f2322a0 18 0 RW-rwd \Device\HarddiskVolume1\$Directory
  1386. 0x000000007f232910 33 1 RWDr-d \Device\HarddiskVolume2\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
  1387. 0x000000007f232cc0 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk
  1388. 0x000000007f232df0 1 0 RW-rwd \Device\HarddiskVolume1\$Directory
  1389. 0x000000007f232f20 1 1 RW---- \Device\HarddiskVolume2\Windows\System32\config\SOFTWARE
  1390. 0x000000007f237540 1 1 RW-r-d \Device\HarddiskVolume2\Windows\System32\wdi\LogFiles\WdiContextLog.etl.001
  1391. 0x000000007f23d670 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\setupapi.dll
  1392. 0x000000007f240050 1 1 RW---- \Device\HarddiskVolume2\Windows\System32\config\SYSTEM.LOG1
  1393. 0x000000007f240340 4 1 RWDr-d \Device\HarddiskVolume2\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
  1394. 0x000000007f240750 33 1 RWDr-d \Device\HarddiskVolume2\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
  1395. 0x000000007f240c10 1 1 RW---- \Device\HarddiskVolume2\Windows\System32\config\SOFTWARE.LOG2
  1396. 0x000000007f242070 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\user32.dll
  1397. 0x000000007f243760 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
  1398. 0x000000007f243d00 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
  1399. 0x000000007f245070 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\nsi.dll
  1400. 0x000000007f246a20 16 0 R--rwd \Device\HarddiskVolume2\Windows\Cursors\aero_helpsel.cur
  1401. 0x000000007f247070 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\psapi.dll
  1402. 0x000000007f2483b0 12 0 R--rwd \Device\HarddiskVolume2\Windows\System32\prncache.dll
  1403. 0x000000007f248670 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1404. 0x000000007f249070 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\sechost.dll
  1405. 0x000000007f24cf20 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
  1406. 0x000000007f24e070 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
  1407. 0x000000007f24ed70 12 0 R--r-d \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
  1408. 0x000000007f24f070 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\difxapi.dll
  1409. 0x000000007f255070 15 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
  1410. 0x000000007f255670 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\userenv.dll
  1411. 0x000000007f26ebb0 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
  1412. 0x000000007f270bf0 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\ole32.dll
  1413. 0x000000007f2a3d70 27 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1414. 0x000000007f2a4f20 7 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\comctl32.dll
  1415. 0x000000007f2a6070 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
  1416. 0x000000007f2a6d70 18 1 RW---- \Device\HarddiskVolume2\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  1417. 0x000000007f2a8800 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\comctl32.dll
  1418. 0x000000007f2a92c0 6 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
  1419. 0x000000007f2a9570 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\profapi.dll
  1420. 0x000000007f2a9f20 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\msasn1.dll
  1421. 0x000000007f2aa070 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
  1422. 0x000000007f2aa690 26 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1423. 0x000000007f2ac6d0 18 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1424. 0x000000007f2ad050 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1425. 0x000000007f2aef20 8 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\devobj.dll
  1426. 0x000000007f2afe10 18 0 R----- \Device\CdRom0\
  1427. 0x000000007f2b0670 4 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1428. 0x000000007f2b2070 3 1 RW--w- \Device\HarddiskVolume2\pagefile.sys
  1429. 0x000000007f2b32f0 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1430. 0x000000007f2b3540 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
  1431. 0x000000007f2b4070 10 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\msasn1.dll
  1432. 0x000000007f2b4630 12 0 R--rwd \Device\HarddiskVolume2\Windows\System32\taskbarcpl.dll
  1433. 0x000000007f2b5070 6 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\oleaut32.dll
  1434. 0x000000007f2b5540 15 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
  1435. 0x000000007f2b6070 13 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
  1436. 0x000000007f2b6570 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1437. 0x000000007f2b7670 13 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
  1438. 0x000000007f2b7db0 11 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
  1439. 0x000000007f2b8070 9 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
  1440. 0x000000007f2b8800 5 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\crypt32.dll
  1441. 0x000000007f2b9420 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  1442. 0x000000007f2b9570 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wuaueng.dll
  1443. 0x000000007f2b9870 12 0 R--rwd \Device\HarddiskVolume2\Windows\System32\BioCredProv.dll
  1444. 0x000000007f2ba070 15 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
  1445. 0x000000007f2ba4c0 12 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\msacm32.dll
  1446. 0x000000007f2bb070 13 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
  1447. 0x000000007f2bcbe0 15 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
  1448. 0x000000007f2bd420 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\NaturalLanguage6.dll
  1449. 0x000000007f2bd610 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\winbrand.dll
  1450. 0x000000007f2bdc00 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\mydocs.dll
  1451. 0x000000007f2be070 8 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\Wldap32.dll
  1452. 0x000000007f2be460 11 1 R--r-d \Device\HarddiskVolume2\Windows\ehome\WTVGOTHIC-S.ttc
  1453. 0x000000007f2beb10 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1454. 0x000000007f2c0070 5 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\urlmon.dll
  1455. 0x000000007f2c1070 3 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\iertutil.dll
  1456. 0x000000007f2c14c0 16 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1457. 0x000000007f2c1710 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\imageres.dll
  1458. 0x000000007f2c37d0 2 1 R--rwd \Device\HarddiskVolume2\Users\Public\Desktop
  1459. 0x000000007f2c5070 11 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
  1460. 0x000000007f2c7070 6 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\wintrust.dll
  1461. 0x000000007f2c8bb0 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\winspool.drv
  1462. 0x000000007f2c9070 11 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\wininet.dll
  1463. 0x000000007f2c9b00 7 0 ------ \Device\HarddiskVolume2\Windows\System32\locale.nls
  1464. 0x000000007f2ca6d0 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\winsrv.dll
  1465. 0x000000007f2cc070 14 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
  1466. 0x000000007f2ccaa0 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\basesrv.dll
  1467. 0x000000007f2ccdc0 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\csrsrv.dll
  1468. 0x000000007f2cd4c0 11 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
  1469. 0x000000007f2cdc20 13 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
  1470. 0x000000007f2ce070 8 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\profapi.dll
  1471. 0x000000007f2ce3b0 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  1472. 0x000000007f2cedc0 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\csrss.exe
  1473. 0x000000007f2cf070 12 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\setupapi.dll
  1474. 0x000000007f2d2070 16 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
  1475. 0x000000007f2d27c0 9 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\userenv.dll
  1476. 0x000000007f2d2c20 3 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
  1477. 0x000000007f2d2f20 15 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\difxapi.dll
  1478. 0x000000007f2d3070 10 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
  1479. 0x000000007f2d3670 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\imm32.dll
  1480. 0x000000007f2d4750 1 1 RW---- \Device\HarddiskVolume2\Windows\System32\config\DEFAULT.LOG2
  1481. 0x000000007f2d4bd0 1 1 RW---- \Device\HarddiskVolume2\Windows\System32\config\DEFAULT.LOG1
  1482. 0x000000007f2d4d00 1 1 RWD--- \Device\HarddiskVolume2\Windows\System32\config\RegBack\DEFAULT
  1483. 0x000000007f2d5070 9 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
  1484. 0x000000007f2d5980 3 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
  1485. 0x000000007f2d5c80 15 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
  1486. 0x000000007f2d6070 6 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\clbcatq.dll
  1487. 0x000000007f2d8560 1 1 RW---- \Device\HarddiskVolume2\Windows\System32\config\DEFAULT
  1488. 0x000000007f301f20 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wups2.dll
  1489. 0x000000007f302e60 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\colorcpl.exe
  1490. 0x000000007f3033b0 8 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\webio.dll
  1491. 0x000000007f304f20 6 0 R--r-d \Device\HarddiskVolume2\Program Files (x86)\KidLogger\uriqwe.exeexe
  1492. 0x000000007f305600 18 0 R----- \Device\CdRom0$PATH_TABLE$
  1493. 0x000000007f306600 15 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\imagehlp.dll
  1494. 0x000000007f30e4b0 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
  1495. 0x000000007f30f070 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\HelpPaneProxy.dll
  1496. 0x000000007f318400 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
  1497. 0x000000007f319130 14 0 R--rwd \Device\HarddiskVolume2\Windows\System32\xpsrchvw.exe
  1498. 0x000000007f319600 14 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\normaliz.dll
  1499. 0x000000007f31c4b0 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\msctf.dll
  1500. 0x000000007f31d1f0 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\gdi32.dll
  1501. 0x000000007f31f400 3 1 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates
  1502. 0x000000007f320600 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\security.dll
  1503. 0x000000007f323600 14 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
  1504. 0x000000007f326600 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\iertutil.dll
  1505. 0x000000007f328be0 2 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\config\TxR\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
  1506. 0x000000007f328f20 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1507. 0x000000007f32a600 2 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\config\TxR\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
  1508. 0x000000007f32b600 18 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1509. 0x000000007f32c3b0 1 1 RW-rwd \Device\clfs\SystemRoot\System32\Config\TxR\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TM
  1510. 0x000000007f32cb30 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\networkexplorer.dll
  1511. 0x000000007f32e220 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\miguiresource.dll
  1512. 0x000000007f330280 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1513. 0x000000007f330c10 19 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1514. 0x000000007f332600 33 1 RWDr-d \Device\HarddiskVolume2\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
  1515. 0x000000007f371f20 19 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx
  1516. 0x000000007f3737f0 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\WFS.exe
  1517. 0x000000007f376940 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\batmeter.dll
  1518. 0x000000007f3781e0 11 0 R--rwd \Device\HarddiskVolume2\Windows\System32\newdev.dll
  1519. 0x000000007f378d10 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wscui.cpl
  1520. 0x000000007f379c80 17 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1521. 0x000000007f37bdd0 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1522. 0x000000007f37bf20 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\advapi32.dll
  1523. 0x000000007f37c850 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\spool\prtprocs\x64\winprint.dll
  1524. 0x000000007f37f8b0 2 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\config\TxR\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
  1525. 0x000000007f384780 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk
  1526. 0x000000007f400aa0 18 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1527. 0x000000007f405de0 2 1 RW-r-- \Device\HarddiskVolume2\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
  1528. 0x000000007f46f840 8 0 RW-rwd \Device\HarddiskVolume2\$LogFile
  1529. 0x000000007f476730 2 1 RW-r-- \Device\HarddiskVolume2\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
  1530. 0x000000007f4c7970 18 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1531. 0x000000007f4c9dd0 11 0 R--rwd \Device\HarddiskVolume2\Windows\Fonts\ariali.ttf
  1532. 0x000000007f4c9f20 17 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1533. 0x000000007f4cd5f0 2 1 RWDrwd \Device\clfs\Device\HarddiskVolume2\$Extend\$RmMetadata\$TxfLog\$TxfLog
  1534. 0x000000007f4cd8f0 31 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1535. 0x000000007f4cddf0 12 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\RpcRtRemote.dll
  1536. 0x000000007f4ce640 1 1 R----- \Device\HarddiskVolume2\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
  1537. 0x000000007f4cfcf0 33 1 RWDr-d \Device\HarddiskVolume2\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
  1538. 0x000000007f4cfe20 31 0 RW-rwd \Device\HarddiskVolume2\$Mft
  1539. 0x000000007f4d0f20 33 0 RW-rwd \Device\HarddiskVolume2\$BitMap
  1540. 0x000000007f4d1bd0 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wscapi.dll
  1541. 0x000000007f4d1d50 31 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1542. 0x000000007f4d2b10 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\schedcli.dll
  1543. 0x000000007f4d3690 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\qmgr.dll
  1544. 0x000000007f4d38f0 1 1 -WD--- \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock
  1545. 0x000000007f4d4b70 18 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1546. 0x000000007f4d8870 18 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\winevt\Logs\Windows PowerShell.evtx
  1547. 0x000000007f4da850 3 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1548. 0x000000007f4df260 3 1 RW-r-- \Device\clfsTxfLog
  1549. 0x000000007f4e0420 1 1 R----- \Device\HarddiskVolume2\System Volume Information\{1f355e89-83fb-11e6-bfcd-080027a90394}{3808876b-c176-4e48-b7ae-04046e6cc752}
  1550. 0x000000007f4e3420 1 1 RWD--- \Device\HarddiskVolume2\Windows\System32\config\RegBack\SYSTEM
  1551. 0x000000007f4e4050 2 1 RW-r-- \Device\HarddiskVolume2\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
  1552. 0x000000007f4e4f20 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1553. 0x000000007f4e5220 11 0 R--r-d \Device\HarddiskVolume2\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll
  1554. 0x000000007f4e5510 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\Links
  1555. 0x000000007f4e5d10 1 1 RW-r-- \Device\HarddiskVolume2\Windows\SoftwareDistribution\ReportingEvents.log
  1556. 0x000000007f4fea90 16 0 R--rwd \Device\HarddiskVolume2\Windows\Web\Wallpaper\Characters\Desktop.ini
  1557. 0x000000007f509380 33 0 RW-rwd \Device\HarddiskVolume2\$Mft
  1558. 0x000000007f50e900 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1559. 0x000000007f50f420 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1560. 0x000000007f511360 24 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1561. 0x000000007f5116a0 1 1 R----- \Device\HarddiskVolume2\System Volume Information\{1f355e85-83fb-11e6-bfcd-080027a90394}{3808876b-c176-4e48-b7ae-04046e6cc752}
  1562. 0x000000007f512ba0 17 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1563. 0x000000007f513550 15 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
  1564. 0x000000007f514b50 2 1 RWDrwd \Device\clfs\Device\HarddiskVolume2\$Extend\$RmMetadata\$TxfLog\$TxfLog
  1565. 0x000000007f517550 1 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1566. 0x000000007f5184e0 2 1 RW-rw- \Device\clfsKtmLog
  1567. 0x000000007f518790 1 1 RW-rwd \Device\clfs\Device\HarddiskVolume2\$Extend\$RmMetadata\$TxfLog\$TxfLog
  1568. 0x000000007f51cc80 12 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\powrprof.dll
  1569. 0x000000007f51cdd0 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\Desktop
  1570. 0x000000007f51fe20 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1571. 0x000000007f525050 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1572. 0x000000007f5253d0 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
  1573. 0x000000007f52b660 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\clb.dll
  1574. 0x000000007f52cf20 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\QUTIL.DLL
  1575. 0x000000007f5358b0 14 0 R--r-- \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  1576. 0x000000007f5359e0 10 0 R--r-- \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
  1577. 0x000000007f537440 10 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\xmllite.dll
  1578. 0x000000007f537ca0 10 0 R--rwd \Device\HarddiskVolume2\Windows\System32\filemgmt.dll
  1579. 0x000000007f537df0 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll
  1580. 0x000000007f53c250 2 1 RW-rw- \Device\clfs\SystemRoot\System32\Config\TxR\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TM
  1581. 0x000000007f5408b0 11 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\imgutil.dll
  1582. 0x000000007f541d00 6 0 R--rwd \Device\HarddiskVolume2\Windows\System32\UIAutomationCore.dll
  1583. 0x000000007f550660 9 0 R--rwd \Device\HarddiskVolume2\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
  1584. 0x000000007f555350 12 0 R--rwd \Device\HarddiskVolume2\Windows\System32\LogonUI.exe
  1585. 0x000000007f55cc40 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1586. 0x000000007f55d9a0 16 0 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini
  1587. 0x000000007f55f420 4 0 R--r-d \Device\HarddiskVolume2\Windows\System32\mfplat.dll
  1588. 0x000000007f56c610 1 1 ------ \Device\00000049\emicintopo
  1589. 0x000000007f56c9a0 1 1 ------ \Device\00000049\ecdintopo
  1590. 0x000000007f56e8f0 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  1591. 0x000000007f574f20 8 0 R--rwd \Device\HarddiskVolume2\Windows\System32\mmcbase.dll
  1592. 0x000000007f579250 13 0 R--r-d \Device\HarddiskVolume2\Windows\Branding\Basebrd\basebrd.dll
  1593. 0x000000007f5793a0 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1594. 0x000000007f582740 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\odbcint.dll
  1595. 0x000000007f5834f0 4 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
  1596. 0x000000007f5874d0 9 0 R--rwd \Device\HarddiskVolume2\Windows\System32\PerfCenterCPL.dll
  1597. 0x000000007f587d60 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1598. 0x000000007f59a070 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\eapsvc.dll
  1599. 0x000000007f5a4430 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk
  1600. 0x000000007f5a7440 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\wsecedit.dll
  1601. 0x000000007f5c4f20 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
  1602. 0x000000007f5c9070 5 0 R--rwd \Device\HarddiskVolume2\Windows\System32\vbscript.dll
  1603. 0x000000007f5c98a0 13 0 R--rwd \Device\HarddiskVolume2\Windows\Cursors\aero_working.ani
  1604. 0x000000007f5d1f20 13 0 R--rwd \Device\HarddiskVolume2\Windows\System32\DiagCpl.dll
  1605. 0x000000007f5d7e60 16 0 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk
  1606. 0x000000007f5e1370 8 0 R--r-- \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
  1607. 0x000000007f5ea260 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\smss.exe
  1608. 0x000000007f5ea700 16 0 R--rwd \Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe
  1609. 0x000000007f5ebef0 1 1 R--rw- \Device\HarddiskVolume2\Windows
  1610. 0x000000007f5ec650 1 1 ------ \Device\Mailslot\ProtectedPrefix\LocalService
  1611. 0x000000007f5ec7a0 1 1 ------ \Device\NamedPipe\ProtectedPrefix\LocalService
  1612. 0x000000007f5ec8f0 1 1 ------ \Device\Mailslot\ProtectedPrefix\Administrators
  1613. 0x000000007f5eca40 1 1 ------ \Device\NamedPipe\ProtectedPrefix\Administrators
  1614. 0x000000007f5ecb90 1 1 ------ \Device\Mailslot\ProtectedPrefix
  1615. 0x000000007f5ecce0 1 1 ------ \Device\NamedPipe\ProtectedPrefix
  1616. 0x000000007f5ef780 1 1 R--rw- \Device\HarddiskVolume2\Windows\System32
  1617. 0x000000007f5efc80 1 1 RWDr-d \Device\HarddiskVolume2\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl
  1618. 0x000000007f5f0bc0 17 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1619. 0x000000007f5f0df0 7 0 R--rwd \Device\HarddiskVolume2\Windows\System32\msimg32.dll
  1620. 0x000000007f5f2f20 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\cryptsvc.dll
  1621. 0x000000007f5f4be0 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
  1622. 0x000000007f5f7070 1 1 ------ \Device\NamedPipe\ProtectedPrefix\NetWorkService
  1623. 0x000000007f5f7f20 1 1 ------ \Device\Mailslot\ProtectedPrefix\NetWorkService
  1624. 0x000000007f5f8310 14 0 R--r-d \Device\HarddiskVolume2\Program Files\Windows Defender\MpRTP.dll
  1625. 0x000000007f5faf20 1 1 RW---- \Device\HarddiskVolume2\Windows\System32\config\SYSTEM
  1626. 0x000000007f5fbd70 1 1 RW---- \Device\HarddiskVolume1\Boot\BCD.LOG
  1627. 0x000000007f5ff3c0 26 0 RW-rwd \Device\HarddiskVolume1\$Mft
  1628. 0x000000007f5ff750 4 0 RW-rwd \Device\HarddiskVolume1\$MftMirr
  1629. 0x000000007f728770 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wfapigp.dll
  1630. 0x000000007f7f2d60 7 0 R--rwd \Device\HarddiskVolume2\Windows\System32\wdc.dll
  1631. 0x000000007f7f3520 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\shell32.dll
  1632. 0x000000007f7f3a20 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\kernel32.dll
  1633. 0x000000007f7f3f20 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\normaliz.dll
  1634. 0x000000007f7f4f20 16 0 R--r-d \Device\HarddiskVolume2\Windows\System32\usp10.dll
  1635. 0x000000007f7f5890 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\batt.dll
  1636. 0x000000007f7f5dc0 1 1 RWD--- \Device\HarddiskVolume2\Windows\System32\config\RegBack\SOFTWARE
  1637. 0x000000007f7fdf20 25 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1638. 0x000000007f7fe390 3 0 RW-rwd \Device\HarddiskVolume2\$MftMirr
  1639. 0x000000007f7fef20 9 0 R--rwd \Device\HarddiskVolume2\Windows\System32\ieframe.dll
  1640. 0x000000007f808e60 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
  1641. 0x000000007f811f20 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  1642. 0x000000007f815070 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
  1643. 0x000000007f815200 1 1 ------ \Device\NamedPipe\srvsvc
  1644. 0x000000007f81e4b0 16 1 RW-rw- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid
  1645. 0x000000007f81f070 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\ieapfltr.dll
  1646. 0x000000007f81fe50 3 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\SystemCertificates\My
  1647. 0x000000007f823070 1 1 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\es-ES\jscript9.dll.mui
  1648. 0x000000007f825b00 12 0 R--r-d \Device\HarddiskVolume2\Program Files\Windows Defender\MpOAV.dll
  1649. 0x000000007f837820 3 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1650. 0x000000007f837a10 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
  1651. 0x000000007f837f20 11 0 R--r-d \Device\HarddiskVolume2\Windows\System32\msfeedsbs.dll
  1652. 0x000000007f838690 1 1 R--rw- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8VA9ZP1F\msn[1].htm
  1653. 0x000000007f83b380 3 0 RW-rw- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.ci
  1654. 0x000000007f83f6d0 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
  1655. 0x000000007f84f070 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
  1656. 0x000000007f859960 1 1 R--r-d \Device\HarddiskVolume2\Windows\Fonts\StaticCache.dat
  1657. 0x000000007f859cc0 17 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\hgcpl.dll.mui
  1658. 0x000000007f85b520 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.19061_none_2b299db671e86e03
  1659. 0x000000007f883b20 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
  1660. 0x000000007f883c70 17 1 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\en-US\mlang.dll.mui
  1661. 0x000000007f88fbb0 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
  1662. 0x000000007f894f20 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
  1663. 0x000000007f897870 1 1 R--rw- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8VA9ZP1F\like[1].htm
  1664. 0x000000007f8a0350 1 1 R--rw- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PGNXEPD9\P5DLcu0KGJB[2].htm
  1665. 0x000000007f8b2f20 2 2 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
  1666. 0x000000007f8c6070 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
  1667. 0x000000007f8cc310 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
  1668. 0x000000007f8d7a60 1 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2SPW5JC
  1669. 0x000000007f8daf20 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
  1670. 0x000000007f8f2070 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1671. 0x000000007f8f2c80 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
  1672. 0x000000007f8f3070 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
  1673. 0x000000007f8f3240 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
  1674. 0x000000007f8f3d10 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
  1675. 0x000000007f8f4490 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
  1676. 0x000000007f9027f0 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  1677. 0x000000007f903f20 2 1 ------ \Device\NamedPipe?????
  1678. 0x000000007f91d590 10 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\UIAutomationCore.dll
  1679. 0x000000007f92dc00 16 0 RW-r-- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.dir
  1680. 0x000000007fa00680 1 1 R--rw- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PGNXEPD9\0H8T56ZN.htm
  1681. 0x000000007fa00990 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
  1682. 0x000000007fa02070 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
  1683. 0x000000007fa0af20 10 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\d3d11.dll
  1684. 0x000000007fa0ff20 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
  1685. 0x000000007faacf20 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wininet.dll
  1686. 0x000000007faad070 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\lpk.dll
  1687. 0x000000007faaf070 6 0 R--r-d \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
  1688. 0x000000007fab08c0 8 0 R--r-d \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
  1689. 0x000000007fab0dc0 11 0 R--rwd \Device\HarddiskVolume2\Windows\System32\DeviceCenter.dll
  1690. 0x000000007fad1f20 1 1 RWDrwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Temp\~DF67D4F7E6D1D4277B.TMP
  1691. 0x000000007fad33d0 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
  1692. 0x000000007fad3dc0 17 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1693. 0x000000007fad5f20 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
  1694. 0x000000007fada070 1 1 R--r-d \Device\HarddiskVolume2\Windows\Fonts\StaticCache.dat
  1695. 0x000000007fadaa90 11 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\netapi32.dll
  1696. 0x000000007fadb5f0 1 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N8VU3OR7
  1697. 0x000000007fae5f20 5 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\dxgi.dll
  1698. 0x000000007fae6070 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
  1699. 0x000000007fae6800 12 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\netutils.dll
  1700. 0x000000007faec2b0 2 2 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
  1701. 0x000000007faecdd0 1 1 R--rw- \Device\HarddiskVolume2\Users\USER01\Desktop
  1702. 0x000000007faecf20 1 1 R--rw- \Device\HarddiskVolume2\Windows
  1703. 0x000000007fb10580 3 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\SystemCertificates\My
  1704. 0x000000007fb17570 3 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\SystemCertificates\My
  1705. 0x000000007fb17f20 11 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\gpapi.dll
  1706. 0x000000007fb18070 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
  1707. 0x000000007fb18aa0 15 0 R--rwd \Device\HarddiskVolume2\Windows\IME\SPTIP.DLL
  1708. 0x000000007fb1a3f0 1 1 R--r-d \Device\HarddiskVolume2\Windows\Fonts\StaticCache.dat
  1709. 0x000000007fb1ec80 3 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\d2d1.dll
  1710. 0x000000007fb27070 9 0 R--rwd \Device\HarddiskVolume2\Windows\System32\input.dll
  1711. 0x000000007fb2ac70 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
  1712. 0x000000007fb32070 3 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
  1713. 0x000000007fb35f20 1 1 R--r-d \Device\HarddiskVolume2\Windows\Fonts\StaticCache.dat
  1714. 0x000000007fb37820 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
  1715. 0x000000007fb37c70 33 1 -W-r-- \Device\HarddiskVolume2\Users\USER01\Desktop\RamCapturer64\20160926.mem
  1716. 0x000000007fb37dc0 1 1 R--rw- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PGNXEPD9\756a2e[1].woff
  1717. 0x000000007fb3a5a0 2 2 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
  1718. 0x000000007fb3a6f0 1 1 R--rw- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
  1719. 0x000000007fb3ab20 7 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\UIAnimation.dll
  1720. 0x000000007fb3d7c0 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  1721. 0x000000007fb403a0 9 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\schannel.dll
  1722. 0x000000007fb44810 2 1 ------ \Device\NamedPipe\MsFteWds
  1723. 0x000000007fb449e0 2 2 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
  1724. 0x000000007fb44b30 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.19061_none_72d6d48d86649709
  1725. 0x000000007fb45480 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
  1726. 0x000000007fb479e0 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1727. 0x000000007fb48240 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1728. 0x000000007fb49590 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
  1729. 0x000000007fb4b830 1 1 R--rw- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.ci
  1730. 0x000000007fb4d070 16 0 RW-r-- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.dir
  1731. 0x000000007fb4da80 1 1 R--rw- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ABAI7SR9\async_usersync[1].htm
  1732. 0x000000007fb52070 16 1 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\es-ES\jscript9.dll.mui
  1733. 0x000000007fb56d00 1 1 R--rw- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.ci
  1734. 0x000000007fb5aba0 16 1 RW-rw- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid
  1735. 0x000000007fb6ba00 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\Desktop\RamCapturer64
  1736. 0x000000007fb6c210 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
  1737. 0x000000007fb6e3b0 17 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\timedate.cpl.mui
  1738. 0x000000007fb6f860 1 0 RW-rwd \Device\HarddiskVolume2\$PrepareToShrinkFileSize
  1739. 0x000000007fb77070 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
  1740. 0x000000007fb824f0 1 1 R--rw- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.dir
  1741. 0x000000007fb83f20 2 2 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
  1742. 0x000000007fb8e4a0 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1743. 0x000000007fbc1070 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
  1744. 0x000000007fbc1c70 5 0 R--r-d \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.19061_none_72d6d48d86649709\GdiPlus.dll
  1745. 0x000000007fbc1dc0 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1746. 0x000000007fbc9a60 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
  1747. 0x000000007fbced50 1 0 RW-rwd \Device\HarddiskVolume2\$ConvertToNonresident
  1748. 0x000000007fbceea0 18 0 -W-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8VA9ZP1F\like[1].htm
  1749. 0x000000007fbd0280 1 1 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\es-ES\ieframe.dll.mui
  1750. 0x000000007fbd08a0 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
  1751. 0x000000007fbd0ab0 1 1 R--rw- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.dir
  1752. 0x000000007fbd17a0 1 1 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\es-ES\urlmon.dll.mui
  1753. 0x000000007fbde110 1 1 R--rw- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PGNXEPD9\P5DLcu0KGJB[1].htm
  1754. 0x000000007fbe3780 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
  1755. 0x000000007fbe3990 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
  1756. 0x000000007fbe46f0 10 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\t2embed.dll
  1757. 0x000000007fbe56a0 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
  1758. 0x000000007fbe5c20 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
  1759. 0x000000007fbe6070 1 1 R--rw- \Device\HarddiskVolume2\Users\USER01\Desktop
  1760. 0x000000007fbe6ab0 1 1 R--rw- \Device\HarddiskVolume2\Windows
  1761. 0x000000007fbf5070 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
  1762. 0x000000007fbf5200 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
  1763. 0x000000007fbfd660 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
  1764. 0x000000007fbfdba0 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
  1765. 0x000000007fbfe070 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
  1766. 0x000000007fbff620 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1767. 0x000000007fc1bf20 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\ksuser.dll
  1768. 0x000000007fc9a3d0 1 1 ------ \Device\NamedPipe\InitShutdown
  1769. 0x000000007fc9a520 2 1 ------ \Device\NamedPipe\InitShutdown
  1770. 0x000000007fc9b2c0 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\ktmw32.dll
  1771. 0x000000007fc9b550 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\netapi32.dll
  1772. 0x000000007fc9b880 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\schedsvc.dll
  1773. 0x000000007fd15360 1 1 ------ \Device\NamedPipe\
  1774. 0x000000007fd157c0 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1775. 0x000000007fd1b720 16 0 R--rwd \Device\HarddiskVolume2\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
  1776. 0x000000007fd90e00 14 0 R--rwd \Device\HarddiskVolume2\Windows\System32\pmcsnap.dll
  1777. 0x000000007fd952a0 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\dimsjob.dll
  1778. 0x000000007fd96570 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\jscript.dll
  1779. 0x000000007fd9a450 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\rdpcorekmts.dll
  1780. 0x000000007fe95640 15 0 R--r-d \Device\HarddiskVolume2\Windows\System32\profsvc.dll
  1781. 0x000000007fe95790 14 0 R--r-d \Device\HarddiskVolume2\Windows\System32\gpsvc.dll
  1782. 0x000000007fe9b070 5 0 R--r-- \Device\HarddiskVolume2\Windows\Globalization\Sorting\SortDefault.nls
  1783. 0x000000007fe9b560 2 1 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu
  1784. 0x000000007ff8f690 1 1 R--rw- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8VA9ZP1F\msn[1].htm
  1785. 0x000000007ff95420 5 0 R--r-d \Device\HarddiskVolume2\Windows\System32\VBoxMRXNP.dll
  1786. 0x0000000080016460 15 0 R--rwd \Device\HarddiskVolume2\Windows\System32\fveui.dll
  1787. 0x0000000080018b40 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
  1788. 0x00000000800968c0 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\wmpps.dll
  1789. 0x0000000080098510 9 0 R--rwd \Device\HarddiskVolume2\Windows\System32\msfeeds.dll
  1790. 0x0000000080223180 15 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\tzres.dll
  1791. 0x00000000802261d0 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6
  1792. 0x0000000080226bc0 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  1793. 0x0000000080228340 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1794. 0x000000008022ae60 13 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\WSHTCPIP.DLL
  1795. 0x0000000080232800 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_es-es_103af8cc43d0a688
  1796. 0x000000008023e870 9 0 R--rwd \Device\HarddiskVolume2\Windows\Fonts\timesbd.ttf
  1797. 0x0000000080242b80 9 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\imageres.dll
  1798. 0x0000000080243f20 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  1799. 0x00000000802472d0 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\NlsLexicons0416.dll
  1800. 0x000000008024b320 8 0 R--rwd \Device\HarddiskVolume2\Windows\Fonts\arial.ttf
  1801. 0x0000000080252f20 16 0 R--rwd \Device\HarddiskVolume2\Windows\System32\C_20127.NLS
  1802. 0x00000000802548a0 11 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\samlib.dll
  1803. 0x0000000080261970 17 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\ntshrui.dll.mui
  1804. 0x000000008026a740 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Temp
  1805. 0x0000000080276070 9 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\msrating.dll
  1806. 0x00000000802971d0 15 0 R--rwd \Device\HarddiskVolume2\Users\USER01\Music\desktop.ini
  1807. 0x00000000802a0070 10 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\d3d10warp.dll
  1808. 0x00000000802a0800 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local
  1809. 0x00000000802a5f20 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
  1810. 0x00000000802ab8d0 1 1 R--rw- \Device\HarddiskVolume2\Users\USER01\Desktop\RamCapturer64
  1811. 0x00000000802b0510 1 1 RW---- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\WebCache\V01.log
  1812. 0x00000000802b6610 13 1 RW-r-d \Device\HarddiskVolume2\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-S-1-5-21-558000974-3005012555-2968909072-1001.dat
  1813. 0x00000000802b7c80 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  1814. 0x00000000802bf340 14 0 R--rwd \Device\HarddiskVolume2\Windows\Fonts\verdanab.ttf
  1815. 0x00000000802c6be0 11 0 R--rwd \Device\HarddiskVolume2\Windows\Fonts\seguisym.ttf
  1816. 0x00000000802c9e60 10 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\shdocvw.dll
  1817. 0x00000000802ca490 16 0 R--rwd \Device\HarddiskVolume2\Windows\SysWOW64\oleaccrc.dll
  1818. 0x00000000802cc940 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
  1819. 0x00000000802cd530 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1820. 0x00000000802d1070 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  1821. 0x00000000802d3540 2 1 R--rwd \Device\HarddiskVolume2\
  1822. 0x00000000802dc810 15 0 R--rwd \Device\HarddiskVolume2\Windows\Fonts\desktop.ini
  1823. 0x00000000802dcda0 11 0 R--rwd \Device\HarddiskVolume2\Windows\Fonts\seguisb.ttf
  1824. 0x00000000802e2070 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  1825. 0x00000000802e38b0 2 1 RWD--- \Device\clfs\SystemRoot\System32\Config\TxR\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR
  1826. 0x00000000802e4360 2 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\config\TxR\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.blf
  1827. 0x00000000802e4540 1 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2SPW5JC
  1828. 0x00000000802e7670 2 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\config\TxR\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.2.regtrans-ms
  1829. 0x00000000802e79e0 2 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\config\TxR\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.1.regtrans-ms
  1830. 0x00000000802e7d50 2 1 RW-r-- \Device\HarddiskVolume2\Windows\System32\config\TxR\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.0.regtrans-ms
  1831. 0x00000000802e9170 7 0 R--r-d \Device\HarddiskVolume2\Windows\System32\ieui.dll
  1832. 0x00000000802ee070 9 0 R--r-d \Device\HarddiskVolume2\Program Files\Internet Explorer\sqmapi.dll
  1833. 0x00000000802efd10 1 1 R----- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\WebCacheLock.dat
  1834. 0x00000000802f3f20 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
  1835. 0x00000000802f9e50 3 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\SystemCertificates\My
  1836. 0x00000000802fdf20 14 0 R--r-d \Device\HarddiskVolume2\Program Files (x86)\Internet Explorer\iexplore.exe
  1837. 0x0000000080301530 13 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\secur32.dll
  1838. 0x0000000080308f20 14 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
  1839. 0x0000000080309a80 9 0 R--r-d \Device\HarddiskVolume2\Windows\System32\NlsData0000.dll
  1840. 0x000000008030eb70 1 1 RW---- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
  1841. 0x00000000803107a0 17 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1842. 0x0000000080311c70 19 1 RWD--- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp
  1843. 0x0000000080312c30 1 1 RW---- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
  1844. 0x0000000080315bb0 15 0 RW---- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
  1845. 0x000000008031f760 19 0 RW-rwd \Device\HarddiskVolume2\$ConvertToNonresident
  1846. 0x0000000080322df0 15 0 RW-rw- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
  1847. 0x0000000080328b60 15 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\ieframe.dll.mui
  1848. 0x00000000803299d0 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  1849. 0x000000008032a6a0 31 1 RW---- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{9E706F7B-8401-11E6-8F40-080027A90394}.dat
  1850. 0x0000000080333690 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
  1851. 0x00000000803369d0 17 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1852. 0x0000000080339070 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
  1853. 0x0000000080339240 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1854. 0x0000000080339550 33 1 RW---- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{9E706F7D-8401-11E6-8F40-080027A90394}.dat
  1855. 0x0000000080341070 12 0 R--r-d \Device\HarddiskVolume2\Windows\System32\NlsLexicons0003.dll
  1856. 0x00000000803445e0 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1857. 0x0000000080345210 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\Favorites
  1858. 0x0000000080345420 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1859. 0x0000000080345630 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\Favorites
  1860. 0x0000000080345840 16 1 RW-rw- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid
  1861. 0x0000000080345a50 3 0 RW-rw- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci
  1862. 0x0000000080346b70 15 1 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\es-ES\KernelBase.dll.mui
  1863. 0x0000000080346cc0 10 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\cryptnet.dll
  1864. 0x000000008034b070 19 0 RW-rwd \Device\HarddiskVolume2\$ConvertToNonresident
  1865. 0x000000008034b330 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1866. 0x000000008034b480 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
  1867. 0x000000008034c320 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
  1868. 0x000000008034c470 1 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N8VU3OR7
  1869. 0x0000000080351660 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Temp
  1870. 0x0000000080352780 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\NlsData0416.dll
  1871. 0x00000000803578d0 18 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1872. 0x00000000803586e0 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  1873. 0x0000000080359b20 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  1874. 0x000000008035a070 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1875. 0x000000008035f460 1 1 R--r-d \Device\HarddiskVolume2\Windows\System32\es-ES\KernelBase.dll.mui
  1876. 0x0000000080361070 1 1 R--rw- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.dir
  1877. 0x00000000803613a0 33 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1878. 0x0000000080364550 1 1 R--rw- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8VA9ZP1F\es-es[1].htm
  1879. 0x000000008036a070 1 1 R--rw- \Device\HarddiskVolume2\Windows
  1880. 0x000000008036a240 1 1 ------ \Device\Afd\Endpoint
  1881. 0x00000000803703e0 1 1 R--rw- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8VA9ZP1F\silentpassport[1].htm
  1882. 0x0000000080372070 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
  1883. 0x0000000080372d10 1 1 RWDrwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Temp\~DF6A5AAE71E0971BA7.TMP
  1884. 0x0000000080375d00 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
  1885. 0x0000000080377500 1 1 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\es-ES\KernelBase.dll.mui
  1886. 0x00000000803a5070 13 0 R--r-d \Device\HarddiskVolume2\Users\USER01\AppData\Local\Temp\wget.exe
  1887. 0x00000000803ac6e0 10 0 R--r-d \Device\HarddiskVolume2\Windows\System32\mtxoci.dll
  1888. 0x00000000803b4e90 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
  1889. 0x00000000803ba070 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
  1890. 0x00000000803bb780 15 0 R--rwd \Device\HarddiskVolume2\Users\USER01\Videos\desktop.ini
  1891. 0x00000000803bf070 2 1 R--rwd \Device\HarddiskVolume2\ProgramData\Microsoft\Windows\Start Menu
  1892. 0x00000000803c12c0 33 0 RW-rwd \Device\HarddiskVolume2\$ConvertToNonresident
  1893. 0x00000000803c2dd0 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  1894. 0x00000000803c5070 2 1 R--rwd \Device\HarddiskVolume2\Users\USER01\Links
  1895. 0x00000000803c67d0 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1896. 0x00000000803c8720 3 0 RW-rw- \Device\HarddiskVolume2\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.ci
  1897. 0x00000000803c96a0 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
  1898. 0x00000000803c97f0 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
  1899. 0x00000000803ca2c0 33 1 RW---- \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{A6AF35FB-8401-11E6-8F40-080027A90394}.dat
  1900. 0x00000000803cb240 12 0 R--r-d \Device\HarddiskVolume2\Program Files (x86)\Windows Search\kidlog.dll
  1901. 0x00000000803d2460 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
  1902. 0x00000000803d2c30 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
  1903. 0x00000000803d9840 15 0 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
  1904. 0x00000000803d9a60 1 1 R--r-d \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_es-es_103af8cc43d0a688\comctl32.dll.mui
  1905. 0x00000000803d9e60 1 1 R--rw- \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
  1906. 0x00000000803da920 1 1 R--rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N8VU3OR7
  1907. 0x00000000803db480 10 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\DWrite.dll
  1908. 0x00000000803db5d0 2 0 RW-rwd \Device\HarddiskVolume2\$Directory
  1909. 0x00000000803dbf20 8 1 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\es-ES\ieframe.dll.mui
  1910. 0x00000000803df5b0 1 1 R--rw- \Device\HarddiskVolume2\Users\USER01\Desktop
  1911. 0x00000000803e0c80 13 0 R--r-d \Device\HarddiskVolume2\Program Files\Windows Sidebar\sbdrop.dll
  1912. 0x00000000803e0f20 2 1 ------ \Device\NamedPipe\lsass
  1913. 0x00000000803f0700 13 0 R--r-d \Device\HarddiskVolume2\Windows\System32\NlsData0003.dll
  1914. 0x00000000803f2280 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
  1915. 0x00000000803f2490 1 1 RW-rwd \Device\HarddiskVolume2\Users\USER01\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
  1916. 0x00000000803f4e20 5 0 R--r-d \Device\HarddiskVolume2\Windows\SysWOW64\ieui.dll
  1917. 0x00000000803f87d0 1 1 R--rw- \Device\HarddiskVolume2\Program Files (x86)\Windows Search
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!