<re:report xmlns:re="http://www.vmray.com/2015/report/essential#0004" version="1.8.0">
  <re:samples id="268671">
    <re:sample>
      <re:name>cb91b8695d3990b5b5eae8a714bd357e</re:name>
      <re:hash_sum type="md5">cb91b8695d3990b5b5eae8a714bd357e</re:hash_sum>
    </re:sample>
  </re:samples>
  <re:ioc>
    <re:hosts/>
    <re:registry_keys>
      <re:registry_key>Control Panel\Input Method\Hot Keys</re:registry_key>
      <re:registry_key>\Registry\Machine\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings</re:registry_key>
      <re:registry_key>\Registry\Machine\System\CurrentControlSet\Control\Nls\CustomLocale</re:registry_key>
      <re:registry_key>Software\Microsoft\Windows\CurrentVersion\ThemeManager</re:registry_key>
      <re:registry_key>SOFTWARE\Microsoft\Cryptography\Protect\Providers</re:registry_key>
      <re:registry_key>JD</re:registry_key>
      <re:registry_key>\Registry\Machine\Software\Microsoft\Windows\Tablet PC\</re:registry_key>
      <re:registry_key>Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit</re:registry_key>
      <re:registry_key>\Registry\Machine\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates\2BD63D28D7BCD0E251195AEB519243C13142EBC3</re:registry_key>
      <re:registry_key>\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\CLSID\{75048700-EF1F-11D0-9888-006097DEACF9}</re:registry_key>
      <re:registry_key>Control Panel\Input Method\Hot Keys\00000104</re:registry_key>
      <re:registry_key>Software\Microsoft\Windows\CurrentVersion\NetworkServiceTriggers\Triggers\bc90d167-9470-4139-a9ba-be0bbbf5b74d\2EB08E3E-639F-4fba-97B1-14F878961076\Software\Microsoft\Windows\CurrentVersion\NetworkServiceTriggers\Triggers\bc90d167-9470-4139-a9ba-be0bbbf5b74d\b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86</re:registry_key>
      <re:registry_key>HKEY_CURRENT_USER\\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates\2BD63D28D7BCD0E251195AEB519243C13142EBC3</re:registry_key>
      <re:registry_key>\REGISTRY\MACHINE\Software\Microsoft\Rpc\Extensions</re:registry_key>
      <re:registry_key>Control Panel\Desktop</re:registry_key>
      <re:registry_key>HKEY_CURRENT_USER\\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates\8A334AA8052DD244A647306A76B8178FA215F344</re:registry_key>
      <re:registry_key>System\CurrentControlSet\Control\Lsa\Kerberos\Domains</re:registry_key>
      <re:registry_key>HKEY_USERS\S-1-5-19_Classes</re:registry_key>
      <re:registry_key>Catalog_Entries64\00000001</re:registry_key>
      <re:registry_key>\Registry\MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls</re:registry_key>
      <re:registry_key>\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Control\MiniNT</re:registry_key>
      <re:registry_key>HKEY_USERS\S-1-5-18_Classes</re:registry_key>
      <re:registry_key>System\CurrentControlSet\Control\SecurityProviders\WDigest</re:registry_key>
      <re:registry_key>\Registry\Machine\System\CurrentControlSet\Control\Terminal Server</re:registry_key>
      <re:registry_key>\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\CLSID</re:registry_key>
      <re:registry_key>\REGISTRY\USER\S-1-5-18\Keyboard Layout\Preload</re:registry_key>
      <re:registry_key>\Registry\Machine\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts</re:registry_key>
      <re:registry_key>Control Panel\International</re:registry_key>
      <re:registry_key>Software\Microsoft\SystemCertificates</re:registry_key>
      <re:registry_key>Software\Microsoft\Windows\CurrentVersion\NetworkServiceTriggers\Triggers\bc90d167-9470-4139-a9ba-be0bbbf5b74d\5c9a4cd7-ba75-45d2-9898-1773b3d1e5f1</re:registry_key>
      <re:registry_key>GBG</re:registry_key>
      <re:registry_key>\Registry\Machine\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings\Software\Classes\Local Settings\MuiCache\Software\Classes\Local Settings\MuiCache\1\52C64B7E</re:registry_key>
      <re:registry_key>00000001</re:registry_key>
      <re:registry_key>\Registry\Machine\Software\Microsoft\Windows\Windows Error Reporting\WMR\Control Panel\International</re:registry_key>
      <re:registry_key>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer</re:registry_key>
      <re:registry_key>SOFTWARE\Microsoft\Cryptography</re:registry_key>
      <re:registry_key>Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20</re:registry_key>
      <re:registry_key>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer</re:registry_key>
      <re:registry_key>Software\Microsoft\Windows\CurrentVersion\NetworkServiceTriggers\Triggers\bc90d167-9470-4139-a9ba-be0bbbf5b74d\2EB08E3E-639F-4fba-97B1-14F878961076\Software\Microsoft\Windows\CurrentVersion\NetworkServiceTriggers\Triggers\bc90d167-9470-4139-a9ba-be0bbbf5b74d\b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86\Software\Microsoft\Windows\CurrentVersion\NetworkServiceTriggers\Triggers\bc90d167-9470-4139-a9ba-be0bbbf5b74d\9B008953-F195-4BF9-BDE0-4471971E58ED</re:registry_key>
      <re:registry_key>\REGISTRY\USER\S-1-5-18\Keyboard Layout\Preload\Keyboard Layout\Preload</re:registry_key>
      <re:registry_key>\Registry\Machine\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates\8A334AA8052DD244A647306A76B8178FA215F344</re:registry_key>
      <re:registry_key>Software\Microsoft\Windows\CurrentVersion\NetworkServiceTriggers\Triggers\bc90d167-9470-4139-a9ba-be0bbbf5b74d\2EB08E3E-639F-4fba-97B1-14F878961076\Software\Microsoft\Windows\CurrentVersion\NetworkServiceTriggers\Triggers\bc90d167-9470-4139-a9ba-be0bbbf5b74d\b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86\System\CurrentControlSet\Control\Power\User\PowerSchemes</re:registry_key>
      <re:registry_key>\Registry\MACHINE\System\CurrentControlSet\Control\SafeBoot\Option</re:registry_key>
      <re:registry_key>Software\Microsoft\Windows\CurrentVersion\NetworkServiceTriggers\Triggers\bc90d167-9470-4139-a9ba-be0bbbf5b74d\2EB08E3E-639F-4fba-97B1-14F878961076</re:registry_key>
      <re:registry_key>\Registry\Machine\System\CurrentControlSet\Control\Nls\Language Groups</re:registry_key>
      <re:registry_key>\Registry\Machine\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates\8A334AA8052DD244A647306A76B8178FA215F344</re:registry_key>
      <re:registry_key>\REGISTRY\MACHINE\SOFTWARE\CLASSES</re:registry_key>
      <re:registry_key>System\CurrentControlSet\Control\Power\SecurityDescriptors</re:registry_key>
      <re:registry_key>\REGISTRY\MACHINE\Software\Classes\ActivatableClasses\CLSID</re:registry_key>
      <re:registry_key>System\CurrentControlSet\Services\Tcpip\Parameters</re:registry_key>
      <re:registry_key>Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19</re:registry_key>
      <re:registry_key>Control Panel\Input Method\Hot Keys\00000203</re:registry_key>
      <re:registry_key>Control Panel\Input Method\Hot Keys\00000202</re:registry_key>
      <re:registry_key>Control Panel\Input Method\Hot Keys\00000201</re:registry_key>
      <re:registry_key>Control Panel\Input Method\Hot Keys\00000200</re:registry_key>
      <re:registry_key>\Registry\Machine\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings\Software\Classes\Local Settings\MuiCache\1</re:registry_key>
      <re:registry_key>\Registry\Machine\System\CurrentControlSet\Control\Nls\Locale</re:registry_key>
      <re:registry_key>Keyboard Layout\Preload</re:registry_key>
      <re:registry_key>Catalog_Entries64\Catalog_Entries64\000000000001</re:registry_key>
      <re:registry_key>\Registry\Machine\System\Setup</re:registry_key>
      <re:registry_key>\Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters</re:registry_key>
      <re:registry_key>System\CurrentControlSet\Control\Lsa\Audit</re:registry_key>
      <re:registry_key>Software\Microsoft\Windows</re:registry_key>
      <re:registry_key>Software\Microsoft\Windows\CurrentVersion\NetworkServiceTriggers</re:registry_key>
      <re:registry_key>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System</re:registry_key>
      <re:registry_key>\Registry\Machine\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings\Software\Classes\Local Settings\MuiCache</re:registry_key>
      <re:registry_key>Catalog_Entries64</re:registry_key>
      <re:registry_key>HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}</re:registry_key>
      <re:registry_key>Skew1</re:registry_key>
      <re:registry_key>\Registry\Machine\System\CurrentControlSet\Control\Error Message Instrument\</re:registry_key>
      <re:registry_key>\Registry\Machine\System\CurrentControlSet\Control\Nls\Sorting\Versions</re:registry_key>
      <re:registry_key>\REGISTRY\MACHINE\Software\Classes\ActivatableClasses\CLSID\{7E5FE3D9-985F-4908-91F9-EE19F9FD1514}</re:registry_key>
      <re:registry_key>SOFTWARE\Microsoft</re:registry_key>
      <re:registry_key>Software\Microsoft\Cryptography</re:registry_key>
      <re:registry_key>Data</re:registry_key>
      <re:registry_key>\Registry\Machine\System\CurrentControlSet\Control\Nls\Sorting\Ids</re:registry_key>
      <re:registry_key>\Registry\Machine\System\CurrentControlSet\Control\ComputerName</re:registry_key>
      <re:registry_key>HKEY_CURRENT_USER</re:registry_key>
      <re:registry_key>\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\CLSID\{7E5FE3D9-985F-4908-91F9-EE19F9FD1514}</re:registry_key>
      <re:registry_key>\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}</re:registry_key>
      <re:registry_key>SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb</re:registry_key>
      <re:registry_key>\REGISTRY\MACHINE\Software\Classes\ActivatableClasses\CLSID\{75048700-EF1F-11D0-9888-006097DEACF9}</re:registry_key>
      <re:registry_key>Software</re:registry_key>
      <re:registry_key>\REGISTRY\MACHINE\Software\Classes\ActivatableClasses\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}</re:registry_key>
      <re:registry_key>\Registry\Machine\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings\Software\Classes\Local Settings\MuiCache\1\52C64B7E</re:registry_key>
      <re:registry_key>\REGISTRY\MACHINE</re:registry_key>
      <re:registry_key>Software\Microsoft\Windows\CurrentVersion\NetworkServiceTriggers\Triggers</re:registry_key>
      <re:registry_key>Control Panel\Input Method\Hot Keys\00000012</re:registry_key>
      <re:registry_key>Control Panel\Input Method\Hot Keys\00000010</re:registry_key>
      <re:registry_key>Control Panel\Input Method\Hot Keys\00000011</re:registry_key>
      <re:registry_key>\Registry\Machine\Software\Microsoft\Windows\Windows Error Reporting\WMR</re:registry_key>
      <re:registry_key>\REGISTRY\MACHINE\Software\Microsoft\EmbeddedNT\Security</re:registry_key>
      <re:registry_key>\Registry\Machine\System\CurrentControlSet\Control\Nls\ExtendedLocale\Control Panel\International</re:registry_key>
      <re:registry_key>\Registry\Machine\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates\2BD63D28D7BCD0E251195AEB519243C13142EBC3</re:registry_key>
      <re:registry_key>Software\Microsoft\Windows\CurrentVersion</re:registry_key>
      <re:registry_key>\REGISTRY\USER\S-1-5-18</re:registry_key>
      <re:registry_key>\Registry\Machine\System\CurrentControlSet\Control\ComputerName\ComputerName</re:registry_key>
      <re:registry_key>\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\CLSID\{317D06E8-5F24-433D-BDF7-79CE68D8ABC2}</re:registry_key>
      <re:registry_key>Catalog_Entries64\Catalog_Entries64</re:registry_key>
      <re:registry_key>\REGISTRY\MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall</re:registry_key>
      <re:registry_key>System\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System</re:registry_key>
      <re:registry_key>Software\Microsoft</re:registry_key>
      <re:registry_key>\Registry\Machine\System\CurrentControlSet\Control\ComputerName\ActiveComputerName</re:registry_key>
      <re:registry_key>SOFTWARE\Microsoft\Cryptography\Protect</re:registry_key>
      <re:registry_key>\REGISTRY\USER\S-1-5-18\Keyboard Layout\Substitutes</re:registry_key>
      <re:registry_key>\Registry\Machine\System\CurrentControlSet\Control\Keyboard Layouts\00000409</re:registry_key>
      <re:registry_key>SOFTWARE</re:registry_key>
      <re:registry_key>\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize</re:registry_key>
      <re:registry_key>\REGISTRY\MACHINE\System\Setup</re:registry_key>
      <re:registry_key>System\CurrentControlSet\Control\Lsa\SspiCache</re:registry_key>
      <re:registry_key>\REGISTRY\MACHINE\Software\Classes\ActivatableClasses\CLSID\{317D06E8-5F24-433D-BDF7-79CE68D8ABC2}</re:registry_key>
      <re:registry_key>\Registry\Machine\System\CurrentControlSet\Control\Nls\ExtendedLocale</re:registry_key>
      <re:registry_key>System\CurrentControlSet\Control\Lsa\Audit\AuditPolicy</re:registry_key>
      <re:registry_key>Software\Microsoft\Windows\CurrentVersion\NetworkServiceTriggers\Triggers\bc90d167-9470-4139-a9ba-be0bbbf5b74d</re:registry_key>
      <re:registry_key>Control Panel\Input Method\Hot Keys\00000070</re:registry_key>
      <re:registry_key>Control Panel\Input Method\Hot Keys\00000071</re:registry_key>
      <re:registry_key>Control Panel\Input Method\Hot Keys\00000072</re:registry_key>
      <re:registry_key>\Registry\MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide</re:registry_key>
      <re:registry_key>\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup</re:registry_key>
      <re:registry_key>\REGISTRY\USER\S-1-5-18\Software\Classes\ActivatableClasses\CLSID</re:registry_key>
    </re:registry_keys>
    <re:file_names>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\appdata\local\microsoft\windows\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\appdata\local\microsoft\windows\history\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\recent</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\stornvme.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\downloads</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\resources\themes\aero\aero.msstyles</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\appdata\roaming\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\fontsetup.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\usbxhci.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\ql2300.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\ialpssi_gpio.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\hiddigi.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\umpass.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\uefi.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\drivers\ws2ifsl.sys</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\inetcache</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\swenum.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\mtconfig.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\drivers\nsiproxy.sys</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\winpeshl.ini</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\hdaudbus.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\netevbda.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\uefi.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\config\systemprofile\appdata\local\microsoft</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\ntuser.dat{2df2d1e8-0b32-11e3-93f4-90b11c2eb9f2}.tmcontainer00000000000000000002.regtrans-ms</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\ql2300.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\apps.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\cdrom.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\ntuser.dat{42b82178-0b2e-11e3-93f4-90b11c2eb9f2}.tm.blf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\cht4vx64.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\samsrv.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\newdev.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\desktop</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\pictures</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\ialpssi_i2c.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\uaspstor.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\saved games</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\winsxs\manifests\amd64_microsoft.windows.i..utomation.proxystub_6595b64144ccf1df_1.0.9600.17415_none_bd4349237a1100f7.manifest</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\drivers\mup.sys</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\appdata\roaming\microsoft\windows\recent\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\firewallapi.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\drivers\verifierext.sys</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\local</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\drivers\ehstorclass.sys</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\favorites</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\drivers\fltmgr.sys</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\vstxraid.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\winpeshl.exe</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\bxfcoe.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\system tools\desktop.ini</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\appdata\roaming\microsoft\windows\network shortcuts\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\music</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\iastorav.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\ql40xx2i.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\errdev.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\roaming</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\ntuser.dat.log1</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\ntuser.dat.log2</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\drivers\ndis.sys</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\drivers\partmgr.sys</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\ql40xx2i.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\ehstortcgdrv.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\svsvc.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\wevtapi.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\winsxs\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\drivers\fsdepends.sys</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\downloads</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\appdata\roaming\microsoft\windows\templates\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\uaspstor.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\vstxraid.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\inetcache</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\machine.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\bcmfn2.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\ntuser.dat{2df2d1e8-0b32-11e3-93f4-90b11c2eb9f2}.tm.blf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\keyboard.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\vdrvroot.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\config\systemprofile\pictures\desktop.ini</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\swenum.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\defltbase.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\local\microsoft\windows</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\accessories\notepad.lnk</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\vssvc.exe</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\ntuser.dat</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\qlfcoei.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\sdstor.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\disk.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\msmouse.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\acpipagr.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\appdata\roaming\microsoft\windows\start menu\programs\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\cpu.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\winsxs\manifests\amd64_microsoft.windows.isolationautomation_6595b64144ccf1df_1.0.0.0_none_ee2620cf57bc84de.manifest</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\hidi2c.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\lmhsvc.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\links</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\netman.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\bfe.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\documents</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\links\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\mshdc.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\ntuser.dat{2df2d1e8-0b32-11e3-93f4-90b11c2eb9f2}.tmcontainer00000000000000000001.regtrans-ms</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\mlx4_bus.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\config\systemprofile\appdata\local\microsoft\windows\caches\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000000.db</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\wbengine.exe</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\videos</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\pictures</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\videos</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\winhttp.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\ramdisk.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\winsxs\manifests\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9600.17415_none_932b3b5547500489.manifest</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\usbport.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\iscsidsc.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\fonts\segoeuib.ttf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\iastorv.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\ntuser.dat{42b82178-0b2e-11e3-93f4-90b11c2eb9f2}.tmcontainer00000000000000000002.regtrans-ms</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\ikeext.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\volume.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\tpm.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\favorites\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\hiddigi.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\umbus.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\umpass.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\servicing\trustedinstaller.exe</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\config\systemprofile\appdata\local\microsoft\windows</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\pictures\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\system tools</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\desktop.ini</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\config\systemprofile\desktop\desktop.ini</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\arcsas.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\cht4vx64.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\sendto</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\drivers\tcpip.sys</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\ntuser.dat{2df2d1e8-0b32-11e3-93f4-90b11c2eb9f2}.tmcontainer00000000000000000002.regtrans-ms</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\msports.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\config\systemprofile\music\desktop.ini</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\keyiso.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\acpipagr.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\config\systemprofile\downloads\desktop.ini</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\config\systemprofile\appdata\local</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\accessories\desktop.ini</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\downloads\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\umpnpmgr.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\agp.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\polstore.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\1394.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\appdata\roaming\microsoft\windows\start menu\programs\system tools\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\config\systemprofile\videos\desktop.ini</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\mssmbios.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\puwk.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\appdata\local\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\windowsshell.manifest</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\roaming</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\sacsvr.dll</re:file_name>
      <re:file_name>c:\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\errdev.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\ialpssi_gpio.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\ntuser.dat{2df2d1e8-0b32-11e3-93f4-90b11c2eb9f2}.tmcontainer00000000000000000001.regtrans-ms</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\videos\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\local\microsoft</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\config\systemprofile\appdata</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\kbdus.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\network shortcuts</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\volmgr.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\netevbda.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\wbem\wmiapsrv.exe</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\sources\recovery\recenv.exe</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\agp.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\ntuser.dat{2df2d1e8-0b32-11e3-93f4-90b11c2eb9f2}.tmcontainer00000000000000000002.regtrans-ms</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\sbp2.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\iastorv.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\local\temp</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\hidbatt.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\ntuser.dat</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\bxfcoe.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\hidi2c.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\system tools\desktop.ini</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\defragsvc.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\appdata\roaming\microsoft\windows\start menu\programs\system tools\desktop.ini</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\appdata\local\microsoft\windows\gameexplorer\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\netbvbda.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\appdata\roaming\microsoft\windows\start menu\programs\system tools\command prompt.lnk</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\acpitime.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\fdc.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\iscsi.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\config\systemprofile\appdata\local\microsoft\windows\caches</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\vstxraid.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\saved games\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\debug\passwd.log</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\fonts\micross.ttf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\acpitime.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\links</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\appdata\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\documents\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\uaspstor.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\usbstor.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\usb.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\vdrvroot.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\logfiles\scm\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\drivers\pdc.sys</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\usbxhci.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\ntuser.dat.log1</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\system tools</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\cdrom.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\themes</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\globalization\sorting\sortdefault.nls</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\config\systemprofile</re:file_name>
      <re:file_name>\device\harddisk0\dr0</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\tpm.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\recent</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\swprv.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\inetcookies</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\ntuser.dat</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\desktop\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\appdata\local\microsoft\windows\inetcookies\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\usbstor.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\ql2300.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\input.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\combase.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\iastorav.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\cpu.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\cht4vx64.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\ialpssi_gpio.pnf</re:file_name>
      <re:file_name>\device\deviceapi\cmapi</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\disk.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\netevbda.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\ntuser.dat{2df2d1e8-0b32-11e3-93f4-90b11c2eb9f2}.tmcontainer00000000000000000001.regtrans-ms</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\bxois.pnf</re:file_name>
      <re:file_name>c:\users\uwzpa0~1\appdata\local\temp\ff1e.tmp</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\w32time.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\eapsvc.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\msmouse.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\mtconfig.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\ialpssi_i2c.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\local</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\rasmans.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\config\systemprofile\appdata\roaming</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\appdata\roaming\microsoft\windows\sendto\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\flpydisk.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\machine.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\mlx4_bus.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\winsxs\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52.manifest</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\ntuser.dat{42b82178-0b2e-11e3-93f4-90b11c2eb9f2}.tmcontainer00000000000000000001.regtrans-ms</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\bxois.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\winpeshl.log</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\accessories\notepad.lnk</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\acpi.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\ntuser.dat{42b82178-0b2e-11e3-93f4-90b11c2eb9f2}.tmcontainer00000000000000000001.regtrans-ms</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\hdaudbus.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\drivers\clfs.sys</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\drivers\mshidkmdf.sys</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\mssmbios.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\dwup.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\keyboard.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\drivers\wdf01000.sys</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\local\temp</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\wmiacpi.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\drivers\volmgrx.sys</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\hdaudbus.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\rpcepmap.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\wbem\wmisvc.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\sceregvl.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\mssmbios.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\config</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\security\logs\scecomp.log</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\sdstor.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\srvsvc.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\desktop</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\ntuser.dat{42b82178-0b2e-11e3-93f4-90b11c2eb9f2}.tmcontainer00000000000000000002.regtrans-ms</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\bcmfn2.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\hiddigi.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\accessories</re:file_name>
      <re:file_name>\device\ndis</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\dhcpcore.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\ehstortcgdrv.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\volume.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\ntuser.dat.log1</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\ntuser.dat.log2</re:file_name>
      <re:file_name>c:\users\uwzpa0~1\appdata\local\temp\3e0d.tmp</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\security\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\fdc.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\accessories</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\netnb.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\profsvc.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\saved games</re:file_name>
      <re:file_name>\device\mountpointmanager</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\swenum.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\bxfcoe.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\acpi.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\msmouse.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\mlx4_bus.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\errata.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\machine.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\appdata\local\microsoft\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\drivers\fileinfo.sys</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\msports.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\notepad.lnk</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\spaceport.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\vmbusres.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\ntuser.dat{2df2d1e8-0b32-11e3-93f4-90b11c2eb9f2}.tm.blf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\sendto</re:file_name>
      <re:file_name>c:</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\accessories\desktop.ini</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\winsxs\manifests\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.9600.16384_en-us_7852a861195d56f0.manifest</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\qlfcoei.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\arcsas.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\system tools\command prompt.lnk</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\drivers\fvevol.sys</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\nlasvc.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\fdc.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\hidbatt.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\documents</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\music</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\stornvme.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\ntuser.dat{2df2d1e8-0b32-11e3-93f4-90b11c2eb9f2}.tm.blf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\cmbatt.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\stornvme.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\usbhub3.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\config\systemprofile\documents\desktop.ini</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\local\microsoft</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\winsxs\manifests\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.9600.16384_en-us_4ab3da74c23648d7.manifest</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\bcmfn2.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\favorites</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\wmiacpi.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\sbp2.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\hidbatt.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\cmbatt.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\flpydisk.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\sstpsvc.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\roaming\microsoft</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\iscsi.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\usbxhci.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\gameexplorer</re:file_name>
      <re:file_name>\device\namedpipe\lsarpc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\umbus.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\win.ini</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\temp</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\volume.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\ntuser.dat.log2</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\usb.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\drivers\afd.sys</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\spaceport.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\wevtsvc.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\errdev.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\umpo.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\sbp2.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\netbvbda.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\network shortcuts</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\appdata\local\microsoft\windows\inetcache\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\acpitime.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\defltwk.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\drivers\filetrace.sys</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\cdrom.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\acpipagr.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\iscsi.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\systemeventsbrokerserver.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\umbus.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\usbhub3.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\1394.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\volmgr.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\inetcookies</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\usbport.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\drivers\netbt.sys</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\vds.exe</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\sdstor.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\iastorv.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\ntuser.dat{42b82178-0b2e-11e3-93f4-90b11c2eb9f2}.tmcontainer00000000000000000001.regtrans-ms</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\arcsas.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\uefi.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\drivers\ndisvirtualbus.sys</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\acpi.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\mtconfig.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\hidi2c.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\bxois.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\efssvc.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\wkssvc.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\fonts\tahoma.ttf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\input.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\input.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\microsoft\protect\s-1-5-18\user\preferred</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\winsxs\manifests\amd64_microsoft.windows.systemcompatible_6595b64144ccf1df_6.0.9600.16384_none_69e3a25fa94e130a.manifest</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\qlfcoei.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\ntuser.dat{42b82178-0b2e-11e3-93f4-90b11c2eb9f2}.tm.blf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\appdata\roaming\microsoft\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\drivers\mountmgr.sys</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\dnsapi.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\spaceport.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\ntuser.dat{42b82178-0b2e-11e3-93f4-90b11c2eb9f2}.tmcontainer00000000000000000002.regtrans-ms</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\mshdc.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\cpu.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\logfiles</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\system tools\command prompt.lnk</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\cryptsvc.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\flpydisk.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\vdrvroot.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\netlogon.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\appdata\roaming\microsoft\windows\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\rasauto.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\iastorav.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\mshdc.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\keyboard.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\usb.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\reagent.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\fonts\segoeui.ttf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\usbport.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\volmgr.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\music\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\lsm.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\agp.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\microsoft\protect\s-1-5-18\user\968b739e-d207-46ed-a53d-aed260dbc1d6</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\resources\themes\aero\vscache\aero.msstyles_1033_96.mss</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\ialpssi_i2c.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\appdata\roaming\microsoft\windows\start menu\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\smphost.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\wmiacpi.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\secrecs.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\usbstor.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\ehstortcgdrv.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\netbvbda.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\gpapi.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\config\systemprofile\appdata\local\microsoft\windows\caches\cversions.1.db</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\hidserv.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\usbhub3.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\ntuser.dat{42b82178-0b2e-11e3-93f4-90b11c2eb9f2}.tm.blf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\roaming\microsoft</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\ql40xx2i.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\cmbatt.pnf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\disk.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\winre.jpg</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\umpass.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\nsisvc.dll</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\msports.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\users\default\appdata\local\temp\</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\tpm.inf</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\driverstore\en-us\1394.inf_loc</re:file_name>
      <re:file_name>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\gameexplorer</re:file_name>
    </re:file_names>
    <re:mutex_names>
      <re:mutex_name>CicLoadWinStaWinSta0</re:mutex_name>
      <re:mutex_name>WinPEProfilingMutex</re:mutex_name>
      <re:mutex_name>Global\{A3BD3259-3E4F-428a-84C8-F0463A9D3EB5}</re:mutex_name>
      <re:mutex_name>Local\MSCTF.Asm.MutexDefault1</re:mutex_name>
    </re:mutex_names>
  </re:ioc>
  <re:severity version="1.09">
    <re:artifacts>
      <re:artifact amount="125">
        <re:category>Process</re:category>
        <re:operation>install_ipc_endpoint</re:operation>
        <re:description>Creates nameless mutex</re:description>
        <re:score>1</re:score>
      </re:artifact>
      <re:artifact amount="63">
        <re:category>Process</re:category>
        <re:operation>install_ipc_endpoint</re:operation>
        <re:description>Creates nameless mutex</re:description>
        <re:score>1</re:score>
      </re:artifact>
      <re:artifact amount="32">
        <re:category>Process</re:category>
        <re:operation>install_ipc_endpoint</re:operation>
        <re:description>Creates nameless mutex</re:description>
        <re:score>1</re:score>
      </re:artifact>
      <re:artifact amount="15">
        <re:category>Process</re:category>
        <re:operation>install_ipc_endpoint</re:operation>
        <re:description>Creates nameless mutex</re:description>
        <re:score>1</re:score>
      </re:artifact>
      <re:artifact amount="8">
        <re:category>Process</re:category>
        <re:operation>install_ipc_endpoint</re:operation>
        <re:description>Creates nameless mutex</re:description>
        <re:score>1</re:score>
      </re:artifact>
      <re:artifact amount="4">
        <re:category>Process</re:category>
        <re:operation>install_ipc_endpoint</re:operation>
        <re:description>Creates nameless mutex</re:description>
        <re:score>1</re:score>
      </re:artifact>
      <re:artifact amount="2">
        <re:category>Process</re:category>
        <re:operation>install_ipc_endpoint</re:operation>
        <re:description>Creates nameless mutex</re:description>
        <re:score>1</re:score>
      </re:artifact>
      <re:artifact>
        <re:category>Anti Analysis</re:category>
        <re:operation>illegitimate_api_usage</re:operation>
        <re:description>Internal API "CreateProcessInternalW" used to start ""</re:description>
        <re:score>4</re:score>
      </re:artifact>
      <re:artifact>
        <re:category>Device</re:category>
        <re:operation>write_mbr</re:operation>
        <re:description></re:description>
        <re:score>5</re:score>
      </re:artifact>
      <re:artifact>
        <re:category>File System</re:category>
        <re:operation>create_many_files</re:operation>
        <re:description>Create more than 50 files</re:description>
        <re:score>1</re:score>
      </re:artifact>
      <re:artifact amount="30">
        <re:category>Injection</re:category>
        <re:operation>modify_memory</re:operation>
        <re:description>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\csrss.exe modifies memory of \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\services.exe</re:description>
        <re:score>3</re:score>
      </re:artifact>
      <re:artifact amount="15">
        <re:category>Injection</re:category>
        <re:operation>modify_memory</re:operation>
        <re:description>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\csrss.exe modifies memory of \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\services.exe</re:description>
        <re:score>3</re:score>
      </re:artifact>
      <re:artifact amount="8">
        <re:category>Injection</re:category>
        <re:operation>modify_memory</re:operation>
        <re:description>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\services.exe modifies memory of \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\svchost.exe</re:description>
        <re:score>3</re:score>
      </re:artifact>
      <re:artifact amount="4">
        <re:category>Injection</re:category>
        <re:operation>modify_memory</re:operation>
        <re:description>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\csrss.exe modifies memory of \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\svchost.exe</re:description>
        <re:score>3</re:score>
      </re:artifact>
      <re:artifact amount="2">
        <re:category>Injection</re:category>
        <re:operation>modify_memory</re:operation>
        <re:description>\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\csrss.exe modifies memory of \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\winpeshl.exe</re:description>
        <re:score>3</re:score>
      </re:artifact>
      <re:artifact>
        <re:category>Kernel</re:category>
        <re:operation>kernelcode_execution</re:operation>
        <re:description>See kernel behavior tab for detailed information</re:description>
        <re:score>5</re:score>
      </re:artifact>
    </re:artifacts>
    <re:total_score>100</re:total_score>
  </re:severity>
</re:report>