Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: US charges Samourai cryptomixer founders for laundering $100 million

Featured Deal: A one-year Sam's Club membership is only $14 now

Latest Buyer's Guide: How to setup a VPN on your router: Detailed walkthrough

CryptoSearch - Find Files Encrypted by Ransomware

Started by Demonslay335 , Jan 15 2017 02:36 PM

Please log in to reply

69 replies to this topic

#1 Demonslay335

Ransomware Hunter

Security Colleague
4,770 posts
OFFLINE

Gender:Male
Location:USA
Local time:11:44 PM

Posted 15 January 2017 - 02:36 PM

CryptoSearch

CryptoSearch (beta) is a program I have created to help find what files were encrypted by a particular ransomware, and allow the user to copy/move the files to another location for archiving (for hopes of future decryption).

This program is powered by my service ID Ransomware, and thus is always updated with definitions on the latest known ransomwares and their signatures. This also allows it to be flexible in detecting the encrypted files, as it uses the exact same data ID Ransomware uses for identifying variants. It will identify files by known filename pattern or extension, or for some variants, the hex pattern in the encrypted file.

When CryptoSearch is first launched, it will contact the website, and pull down the latest information on known extensions and byte patterns; this is the only network activity done with the program, and no information about your system is uploaded or stored at all. If you have a network issue with reaching the website, the "Refresh Network" button is available to try again.

As of v0.9.2.0, CryptoSearch will save the definitions it uses to a local file in the same directory as the program. The next time you run the program, it will load this file for offline use if it cannot reach ID Ransomware. This will allow you to use it on a computer that has been quarantined and is offline.

You may also use the tool to manually search for a particular extension or byte pattern by use of the Search Options.

The following options are also available via the checkboxes on the right, and the radio buttons next to Search:

List Files - lists the encrypted files, uncheck to only list folders that include encrypted files
List Clean folders - will also list folders that are clean and do not have encrypted files
Search Directory - search a specified directory
Search Computer - search the whole computer (all drive letters found, including mapped drives)

Once the scan has completed, the File menu will allow the following options:

Export List - saves a list of the encrypted files to a text file
Archive Files - allows you to copy or move the encrypted files to another location for archiving

The archived files retain the full folder structure, including the drive letter. For example, these files were moved to "C:\Backup\C\Test".

Please note that this program does not decrypt data. It is simply a tool for users to find exactly what files were encrypted, and optionally move them to another location before cleaning or formatting a system.

You may download CryptoSearch here: https://download.bleepingcomputer.com/demonslay335/CryptoSearch.zip

Please note, the password for the zip file is "false-positive". This is a temporary response to false positives being triggered by Google SafeBrowsing and antivirus.

Please let me know if you run into any issues, or any recommendations for the program. I hope it is of some use to helping victims cleanup their systems, and for sysadmins to determine the extent of damages on servers (my original inspiration for this project).

Edited by Demonslay335, 17 January 2017 - 06:46 PM.

ID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

CryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Amigo-A

Security specialist and Ransomware expert

Members
3,057 posts
OFFLINE

Gender:Male
Location:Bering Strait
Local time:10:44 AM

Posted 15 January 2017 - 03:33 PM

Great news! Thanks!

My site: The Digest "Crypto-Ransomware" + Google Translate

#3 quietman7

Bleepin' Gumshoe

Global Moderator
61,920 posts
OFFLINE

Gender:Male
Location:Virginia, USA
Local time:01:44 AM

Posted 15 January 2017 - 04:16 PM

Another great idea. :thumbup2:

.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click

#4 al1963

Members
1,181 posts
OFFLINE

Local time:12:44 PM

Posted 15 January 2017 - 10:40 PM

@Demonslay335,

tested the search for files on the example of Crysis / xtbl, but were still searching for files and by Ransom.Shade.

The idea must be different Ransom.Shade Crysis and files, even if they have a finite extension and the same: xtbl

-----------------

Demonslay335,

I realized my mistake, I did it myself on the definition of the search by specifying search for files by extension.

I think it will not prevent another function - to clear the search result.

To a new search did not get the results of the previous search.

Edited by al1963, 15 January 2017 - 10:50 PM.

#5 Colin1963

Members
3 posts
OFFLINE

Gender:Male
Location:United Kingdom
Local time:05:44 AM

Posted 16 January 2017 - 04:52 PM

Hi all

Just downloaded the above and ran the program on the Cryt0L0cker setting and got the list below.

how do you know whats bad if any and what is just normal machine code. Had a Zepto infection months ago so just picked the Crypt0Locker setting at random to see what would come up.

Retrieving data from ID Ransomware...
Definitions saved to: C:\Users\Colin Beckman\AppData\Local\Temp\7zO6D8F.tmp\cryptosearch-definitions.bin
Loaded data on 240 ransomwares
Searching for files encrypted by Crypt0L0cker...

[-] Encrypted folder: C:\$Recycle.Bin\S-1-5-21-1712161201-1026542196-2576081904-1001
[-] Encrypted file: C:\$Recycle.Bin\S-1-5-21-1712161201-1026542196-2576081904-1001\$I7OSGVM.locked
[-] Encrypted file: C:\$Recycle.Bin\S-1-5-21-1712161201-1026542196-2576081904-1001\$IVTMQS1.locked
[-] Encrypted file: C:\$Recycle.Bin\S-1-5-21-1712161201-1026542196-2576081904-1001\$R7OSGVM.locked
[-] Encrypted file: C:\$Recycle.Bin\S-1-5-21-1712161201-1026542196-2576081904-1001\$RVTMQS1.locked
[-] Encrypted folder: C:\$Recycle.Bin\S-1-5-21-1712161201-1026542196-2576081904-1001\$R5B1VUG
[-] Encrypted file: C:\$Recycle.Bin\S-1-5-21-1712161201-1026542196-2576081904-1001\$R5B1VUG\ModuleManager.csproj
[-] Encrypted file: C:\$Recycle.Bin\S-1-5-21-1712161201-1026542196-2576081904-1001\$R5B1VUG\packages.config
[-] Encrypted folder: C:\Program Files\Acer\Acer eRecovery Management
[-] Encrypted file: C:\Program Files\Acer\Acer eRecovery Management\Recovery Management.exe.config
[-] Encrypted folder: C:\Program Files\Autodesk\DWG TrueView 2012
[-] Encrypted file: C:\Program Files\Autodesk\DWG TrueView 2012\AmberCore.IsdCodecAPI.Core.dll.config
[-] Encrypted file: C:\Program Files\Autodesk\DWG TrueView 2012\AmberCore.LidarAccessAPI.dll.config
[-] Encrypted file: C:\Program Files\Autodesk\DWG TrueView 2012\dwgviewr.exe.config
[-] Encrypted folder: C:\Program Files\Common Files\microsoft shared\VSTO\10.0
[-] Encrypted file: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.config
[-] Encrypted folder: C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.resources
[-] Encrypted file: C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.resources\CFCharacterSetBitmaps.bitmap
[-] Encrypted folder: C:\Program Files\WindowsPowerShell\Modules\Pester\3.3.5
[-] Encrypted file: C:\Program Files\WindowsPowerShell\Modules\Pester\3.3.5\Pester.nuspec
[-] Encrypted folder: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0
[-] Encrypted file: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.nuspec
[-] Encrypted folder: C:\Program Files (x86)\Avanquest\InPixio Photo\Photo Clip
[-] Encrypted file: C:\Program Files (x86)\Avanquest\InPixio Photo\Photo Clip\PhotoClip.exe.config
[-] Encrypted folder: C:\Program Files (x86)\Avanquest\InPixio Photo\Photo Eraser
[-] Encrypted file: C:\Program Files (x86)\Avanquest\InPixio Photo\Photo Eraser\PhotoEraser.exe.config
[-] Encrypted folder: C:\Program Files (x86)\Avanquest\InPixio Photo\Photo Explosion
[-] Encrypted file: C:\Program Files (x86)\Avanquest\InPixio Photo\Photo Explosion\Photo Explosion.exe.config
[-] Encrypted folder: C:\Program Files (x86)\Avanquest\InstaCards
[-] Encrypted file: C:\Program Files (x86)\Avanquest\InstaCards\InstaCards.exe.config
[-] Encrypted folder: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.resources
[-] Encrypted file: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.resources\CFCharacterSetBitmaps.bitmap
[-] Encrypted folder: C:\Program Files (x86)\Hewlett-Packard\HP Ceement
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe.config
[-] Encrypted folder: C:\Program Files (x86)\Hewlett-Packard\HP Customer Feedback
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Customer Feedback\HPCF.exe.config
[-] Encrypted folder: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPCF.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPHelpUpdater.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSALauncher.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSALauncher.exe.hpsign
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSASearch.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFViewer.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFViewer.exe.hpsign
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\LHAdmin.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\LHAdmin.exe.hpsign
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\PendingActionAlert.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe.hpsign
[-] Encrypted folder: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe.hpsign
[-] Encrypted folder: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\Battery
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\Battery\BatteryTest.exe.hpsign
[-] Encrypted folder: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe.config
[-] Encrypted folder: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\HC_ChangeLocation.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\HC_GuestEnabled.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\HC_HPSFinFocus.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\HC_InstallNCPluginChrome.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\HC_SREnable.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\HC_UACDefaultSettings.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\HC_WindowsUpdateCheck.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\HPSAObjectMetrics.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\HPSAScript.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\LaunchMsHelpTopic.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\NetworkCheckAlert.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\PSGRedirector.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\SetCIP.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\Solution_RecoveryPgm.exe.config
[-] Encrypted folder: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Warranty
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Warranty\HPWSD.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Warranty\HPWSD.exe.hpsign
[-] Encrypted folder: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HP.SSF.WebService.dll.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe.config
[-] Encrypted folder: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\AclmControl.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ACLMInstaller.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPDIA.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe.hpsign
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\UnifiedIoLauncher.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\unzip.exe.config
[-] Encrypted folder: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_AntiVirusDefenderA.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_AntiVirusDefenderB.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_AntiVirusNoAV_A.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_AntiVirusNoAV_B.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_BackupPasswordReminder_v2.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_BackupYourImportantData_v2.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_ChromeNetworkCheckPluginReminder.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_CyberSecurity_v2.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_DisplaysAccessories.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_EliteX3Promo.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_EnableFirewall.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_EOSStatus.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_EOSStatus_AU.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_EOSStatus_Printers.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_GuestAccount_V2.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_HPSmartFriend_v2.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_IENetworkCheckPluginReminder_v2.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_InstantInk.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_InstantInk_Printers.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_InWarrantyCarePack.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_InWarrantyCarePack_AU.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_InWarrantyCarePack_Printers.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_LowDiskSpace_v2.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_PIPMessage.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_PostWarrantyCarePack.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_PostWarrantyCarePack_Printers.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_ProtectYourFamilyOnline.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_RangerWebcamProgram.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_RecoveryDiscReminder_V2.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_SmartBatteryRecall.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_SmartBatteryRecall.exe.hpsign
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_SpectrePreEOL.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_SproutWorkspaceUpdate.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_SystemRestoreCheck_V2.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_UACDisabled.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_USBDockingAccessories.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_WelcomeHPSAv8.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_WindowsUpdateDisabled_v2.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\HPSAObjUtil8.exe.config
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\HPSAObjUtil8.exe.hpsign
[-] Encrypted file: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\WarrantyObjectChecker.exe.config
[-] Encrypted folder: C:\Program Files (x86)\Java\jre1.8.0_111\lib\management
[-] Encrypted file: C:\Program Files (x86)\Java\jre1.8.0_111\lib\management\jmxremote.access
[-] Encrypted folder: C:\Program Files (x86)\Java\jre1.8.0_111\lib\security
[-] Encrypted file: C:\Program Files (x86)\Java\jre1.8.0_111\lib\security\java.policy
[-] Encrypted file: C:\Program Files (x86)\Java\jre1.8.0_111\lib\security\javaws.policy
[-] Encrypted folder: C:\Program Files (x86)\Microsoft Care Suite\Windows Device Recovery Tool
[-] Encrypted file: C:\Program Files (x86)\Microsoft Care Suite\Windows Device Recovery Tool\WindowsDeviceRecoveryTool.exe.config
[-] Encrypted folder: C:\Program Files (x86)\Reason\Should I Remove It
[-] Encrypted file: C:\Program Files (x86)\Reason\Should I Remove It\ShouldIRemoveIt.exe.config
[-] Encrypted folder: C:\Program Files (x86)\Samsung\Kies
[-] Encrypted file: C:\Program Files (x86)\Samsung\Kies\Kies.exe.config
[-] Encrypted file: C:\Program Files (x86)\Samsung\Kies\KiesDriverInstaller.exe.config
[-] Encrypted folder: C:\Program Files (x86)\Samsung\Kies\Common
[-] Encrypted file: C:\Program Files (x86)\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.DeviceDataService.dll.config
[-] Encrypted file: C:\Program Files (x86)\Samsung\Kies\Common\Kies.Common.Multimedia.dll.config
[-] Encrypted folder: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate
[-] Encrypted file: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\Uncompress.exe.config
[-] Encrypted folder: C:\Program Files (x86)\Samsung\Kies\Plugins\BATPlugin
[-] Encrypted file: C:\Program Files (x86)\Samsung\Kies\Plugins\BATPlugin\BATPlugin.dll.config
[-] Encrypted folder: C:\Program Files (x86)\Samsung\Kies\Plugins\ContentsManagerLib
[-] Encrypted file: C:\Program Files (x86)\Samsung\Kies\Plugins\ContentsManagerLib\Kies.Plugin.ContentsManagerLib.dll.config
[-] Encrypted folder: C:\Program Files (x86)\Samsung\Kies\Plugins\DeviceCommonLib
[-] Encrypted file: C:\Program Files (x86)\Samsung\Kies\Plugins\DeviceCommonLib\DeviceCommonLib.dll.config
[-] Encrypted folder: C:\Program Files (x86)\Samsung\Kies\Plugins\DeviceHost
[-] Encrypted file: C:\Program Files (x86)\Samsung\Kies\Plugins\DeviceHost\DeviceHost.dll.config
[-] Encrypted folder: C:\Program Files (x86)\Samsung\Kies\Plugins\DeviceMusic
[-] Encrypted file: C:\Program Files (x86)\Samsung\Kies\Plugins\DeviceMusic\DeviceMusic.dll.config
[-] Encrypted file: C:\Program Files (x86)\Samsung\Kies\Plugins\DeviceMusic\DeviceStoryAlbum.dll.config
[-] Encrypted folder: C:\Program Files (x86)\Samsung\Kies\Plugins\DevicePhoto
[-] Encrypted file: C:\Program Files (x86)\Samsung\Kies\Plugins\DevicePhoto\DevicePhoto.dll.config
[-] Encrypted folder: C:\Program Files (x86)\Samsung\Kies\Plugins\DevicePodcast
[-] Encrypted file: C:\Program Files (x86)\Samsung\Kies\Plugins\DevicePodcast\DevicePodcast.dll.config
[-] Encrypted folder: C:\Program Files (x86)\Samsung\Kies\Plugins\DeviceVideo
[-] Encrypted file: C:\Program Files (x86)\Samsung\Kies\Plugins\DeviceVideo\DeviceVideo.dll.config
[-] Encrypted folder: C:\Program Files (x86)\Samsung\Kies\Plugins\EBookManager
[-] Encrypted file: C:\Program Files (x86)\Samsung\Kies\Plugins\EBookManager\StoryAlbumManager.dll.config
[-] Encrypted folder: C:\Program Files (x86)\Samsung\Kies\Plugins\MusicManager
[-] Encrypted file: C:\Program Files (x86)\Samsung\Kies\Plugins\MusicManager\MusicManager.dll.config
[-] Encrypted folder: C:\Program Files (x86)\Samsung\Kies\Plugins\Phonebook
[-] Encrypted file: C:\Program Files (x86)\Samsung\Kies\Plugins\Phonebook\Phonebook.dll.config
[-] Encrypted folder: C:\Program Files (x86)\Samsung\Kies\Plugins\PhotoAuthorManager
[-] Encrypted file: C:\Program Files (x86)\Samsung\Kies\Plugins\PhotoAuthorManager\PhotoAuthorManager.dll.config
[-] Encrypted folder: C:\Program Files (x86)\Samsung\Kies\Plugins\PhotoManager
[-] Encrypted file: C:\Program Files (x86)\Samsung\Kies\Plugins\PhotoManager\PhotoManager.dll.config
[-] Encrypted folder: C:\Program Files (x86)\Samsung\Kies\Plugins\Podcaster
[-] Encrypted file: C:\Program Files (x86)\Samsung\Kies\Plugins\Podcaster\Podcaster.dll.config
[-] Encrypted folder: C:\Program Files (x86)\Samsung\Kies\Plugins\PodcastService
[-] Encrypted file: C:\Program Files (x86)\Samsung\Kies\Plugins\PodcastService\PodcastService.dll.config
[-] Encrypted folder: C:\Program Files (x86)\Samsung\Kies\Plugins\VideoManager
[-] Encrypted file: C:\Program Files (x86)\Samsung\Kies\Plugins\VideoManager\VideoManager.dll.config
[-] Encrypted folder: C:\Program Files (x86)\Samsung\Kies\UI
[-] Encrypted file: C:\Program Files (x86)\Samsung\Kies\UI\Kies.UI.dll.config
[-] Encrypted folder: C:\Program Files (x86)\Samsung\Kies\Updater
[-] Encrypted file: C:\Program Files (x86)\Samsung\Kies\Updater\Kies.Update.exe.config
[-] Encrypted folder: C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_Data\Mono\etc\mono\1.0
[-] Encrypted file: C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_Data\Mono\etc\mono\1.0\machine.config
[-] Encrypted folder: C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_Data\Mono\etc\mono\2.0
[-] Encrypted file: C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_Data\Mono\etc\mono\2.0\machine.config
[-] Encrypted file: C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_Data\Mono\etc\mono\2.0\web.config
[-] Encrypted folder: C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64_Data\Mono\etc\mono\1.0
[-] Encrypted file: C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64_Data\Mono\etc\mono\1.0\machine.config
[-] Encrypted folder: C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64_Data\Mono\etc\mono\2.0
[-] Encrypted file: C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64_Data\Mono\etc\mono\2.0\machine.config
[-] Encrypted file: C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64_Data\Mono\etc\mono\2.0\web.config
[-] Encrypted folder: C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\Launcher_Data\Mono\etc\mono\1.0
[-] Encrypted file: C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\Launcher_Data\Mono\etc\mono\1.0\machine.config
[-] Encrypted folder: C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\Launcher_Data\Mono\etc\mono\2.0
[-] Encrypted file: C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\Launcher_Data\Mono\etc\mono\2.0\machine.config
[-] Encrypted file: C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\Launcher_Data\Mono\etc\mono\2.0\web.config
[-] Encrypted folder: C:\Program Files (x86)\Stingray\Karaoke Store
[-] Encrypted file: C:\Program Files (x86)\Stingray\Karaoke Store\Karaoke Store.exe.config
[-] Encrypted folder: C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5
[-] Encrypted file: C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.nuspec
[-] Encrypted folder: C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0
[-] Encrypted file: C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Pester.nuspec
[-] Encrypted folder: C:\Program Files (x86)\Wondershare\WAF\2.2.0.5
[-] Encrypted file: C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppClient.exe.config
[-] Encrypted file: C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe.config
[-] Encrypted file: C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsUpdInstaller.exe.config
[-] Encrypted folder: C:\ProgramData\Wondershare\WAF\Update
[-] Encrypted file: C:\ProgramData\Wondershare\WAF\Update\WsUpdateInstaller.exe.config
[-] Encrypted folder: C:\Users\All Users\Wondershare\WAF\Update
[-] Encrypted file: C:\Users\All Users\Wondershare\WAF\Update\WsUpdateInstaller.exe.config
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Avanquest\PhotoClip.exe_StrongName_sfp0sigax0z0hm5zimkvo3syvppx2tra\6.0.5437.18532
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Avanquest\PhotoClip.exe_StrongName_sfp0sigax0z0hm5zimkvo3syvppx2tra\6.0.5437.18532\user.config
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Avanquest\PhotoEraser.exe_StrongName_hg4vkw2155nzejqs2gr0crtvnesrgwhs\6.0.5437.18547
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Avanquest\PhotoEraser.exe_StrongName_hg4vkw2155nzejqs2gr0crtvnesrgwhs\6.0.5437.18547\user.config
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\GARMIN_Corp\BaseCamp.exe_Url_urbejbdz42c555ix3xqbitecusqt0tuj\4.4.6.0
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\GARMIN_Corp\BaseCamp.exe_Url_urbejbdz42c555ix3xqbitecusqt0tuj\4.4.6.0\user.config
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\HP_Development_Company,_L\HPCEE.exe_Url_00owtnlnwlgfxbtoxep5hfsvgwpsfzur\6.0.10.1
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\HP_Development_Company,_L\HPCEE.exe_Url_00owtnlnwlgfxbtoxep5hfsvgwpsfzur\6.0.10.1\user.config
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Intel\DriverUpdateUI.exe_Url_vv1xyy0sb2k3sprgxf404f2ebti1sdf1\2.4.0.15
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Intel\DriverUpdateUI.exe_Url_vv1xyy0sb2k3sprgxf404f2ebti1sdf1\2.4.0.15\user.config
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Karaoke_Store\Karaoke_Store.exe_StrongName_pqpqx0v1omjqfdplxfxx4pacvpfbggne\1.0.0.0
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Karaoke_Store\Karaoke_Store.exe_StrongName_pqpqx0v1omjqfdplxfxx4pacvpfbggne\1.0.0.0\user.config
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Microsoft\DATABASECOMPARE.EXE_StrongName_kbd2ikwdwyf05ukgyik5bmlbv5fhv31p\5.5.0.5
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Microsoft\DATABASECOMPARE.EXE_StrongName_kbd2ikwdwyf05ukgyik5bmlbv5fhv31p\5.5.0.5\user.config
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Microsoft\OffCAT
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Microsoft\OffCAT\Get332.exe.config
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Microsoft\OffCAT\OffCAT.exe.config
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Microsoft\OffCAT\OffCATcmd.exe.config
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Microsoft\OffCAT\OffCAT_RTS.exe.config
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Microsoft\WindowsDeviceRecoveryTool_Url_c3xokh211wv44glkctxt0ileujxvoo0a\3.10.24401.0
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Microsoft\WindowsDeviceRecoveryTool_Url_c3xokh211wv44glkctxt0ileujxvoo0a\3.10.24401.0\user.config
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\OfflineCache
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\OfflineCache\index.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\startupCache
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\startupCache\startupCache.4.little
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Packages\2724ZoltnGubics.SkyCueClub89BallPoolBilliardsSnook_d5xggy273m32g\AC\INetCookies
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\2724ZoltnGubics.SkyCueClub89BallPoolBilliardsSnook_d5xggy273m32g\AC\INetCookies\2WXF7VJT.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\2724ZoltnGubics.SkyCueClub89BallPoolBilliardsSnook_d5xggy273m32g\AC\INetCookies\7QJSVY6O.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\2724ZoltnGubics.SkyCueClub89BallPoolBilliardsSnook_d5xggy273m32g\AC\INetCookies\9RBNB708.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\2724ZoltnGubics.SkyCueClub89BallPoolBilliardsSnook_d5xggy273m32g\AC\INetCookies\DQULDCFW.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\2724ZoltnGubics.SkyCueClub89BallPoolBilliardsSnook_d5xggy273m32g\AC\INetCookies\DROLIIZX.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\2724ZoltnGubics.SkyCueClub89BallPoolBilliardsSnook_d5xggy273m32g\AC\INetCookies\HIMIOTKM.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\2724ZoltnGubics.SkyCueClub89BallPoolBilliardsSnook_d5xggy273m32g\AC\INetCookies\J4CMAOQ2.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\2724ZoltnGubics.SkyCueClub89BallPoolBilliardsSnook_d5xggy273m32g\AC\INetCookies\S5THM0UJ.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\2724ZoltnGubics.SkyCueClub89BallPoolBilliardsSnook_d5xggy273m32g\AC\INetCookies\U0OYWE9L.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\2724ZoltnGubics.SkyCueClub89BallPoolBilliardsSnook_d5xggy273m32g\AC\INetCookies\U5MJSRRW.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\2724ZoltnGubics.SkyCueClub89BallPoolBilliardsSnook_d5xggy273m32g\AC\INetCookies\V4ZBZQUY.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\2724ZoltnGubics.SkyCueClub89BallPoolBilliardsSnook_d5xggy273m32g\AC\INetCookies\WAJXORGM.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\2724ZoltnGubics.SkyCueClub89BallPoolBilliardsSnook_d5xggy273m32g\AC\INetCookies\ZP86I007.cookie
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\LocalState\Cache
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\LocalState\Cache\cachedb.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\LocalState\Cache
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\LocalState\Cache\cachedb.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\LocalState\Cache
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\LocalState\Cache\cachedb.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\LocalState\Cache
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\LocalState\Cache\cachedb.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\0185YU7P.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\30NL50GI.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\35TWL62Q.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\3W8G5BAJ.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\4B9W98I2.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\5P2ENRW8.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6BEY7MUV.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\7RY1OVLN.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\8G2P5RYL.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\8K72C64N.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ENXRJ1K7.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FMDUWGKF.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\G2V6F0E9.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\GOTWSWU1.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\GWIJS4B2.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\HJ7VC8VX.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\I8UFI3DJ.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JRFDE8BG.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\K0ZJ4S7N.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\KGPEKR4K.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\LI5JTJMX.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\MEJNW6GO.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\NU4HP1AB.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\O29QPXD2.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\P0L5A8T9.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\PADXFC7G.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\PPG0A7VR.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\Q6CYV6W2.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\R6V7PZ9L.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\RHSM1NO4.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\RS96GQW3.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\S7FY378F.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\SZ2C9HWD.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\T1ZV84YW.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\UR3XL9BZ.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VD1ZZXBW.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VJNGGPEU.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VR5IF6R4.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\XNOWFJV9.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\XO7AQM98.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\Z2F0XZSU.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ZPLEVY1L.cookie
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\02R5TK9V.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\204TNYFA.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\2XXCVS3O.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\3UC6TFGB.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\4M83U7VV.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\CH3UNXJ3.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\MFJ4FO2V.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\N6JI70LH.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TYZK31GZ.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\W08IT2XH.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\ZVXSU0Q2.cookie
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!121\MicrosoftEdge\Cookies
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!121\MicrosoftEdge\Cookies\LKCKU20S.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!121\MicrosoftEdge\Cookies\O3I53ENU.cookie
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCookies
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCookies\EY12K4G9.cookie
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\TokenBroker\Accounts
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\TokenBroker\Accounts\20e346f0ae9edecb97ef259a45b8f17b178b181c.tbacct
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\6FP23OYV.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\8O8VWAA9.cookie
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{67521f6e-45a6-44ac-8234-93b170de1545}
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{67521f6e-45a6-44ac-8234-93b170de1545}\apps.schema
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{67521f6e-45a6-44ac-8234-93b170de1545}\settings.schema
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\INetCookies
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\INetCookies\1AG27J24.cookie
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\INetCookies\LMD82S4T.cookie
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Samsung\Kies.exe_Url_ko0x2ak3sq03u5zyincc5ku5xygwt3c0\1.0.0.2350
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Samsung\Kies.exe_Url_ko0x2ak3sq03u5zyincc5ku5xygwt3c0\1.0.0.2350\user.config
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Temp
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Temp\ACLMInstaller.exe.config
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Temp\HPSAPatchBackup
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Temp\HPSAPatchBackup\HP.SSF.WebService.dll.config
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\HPWarrantyChecker.exe.config
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\content-prefs.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\cookies.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\formhistory.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\permissions.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\places.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\search.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\signons.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\webappsstore.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\http+++thewebtrovert.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\http+++thewebtrovert.com\idb\12183338011.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\http+++trade.aliexpress.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\http+++trade.aliexpress.com\idb\549607280ubmd.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\http+++www.dealxp.net\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\http+++www.dealxp.net\idb\301792106ttes.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\http+++www.gamesradar.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\http+++www.gamesradar.com\idb\1256665748ftieb.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\http+++www.homedepot.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\http+++www.homedepot.com\idb\766948556cbtd..sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\http+++www.pcadvisor.co.uk\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\http+++www.pcadvisor.co.uk\idb\734840399Aruug.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\https+++answers.yahoo.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\https+++answers.yahoo.com\idb\301792106ttes.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\https+++lpcdn.lpsnmedia.net\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\https+++lpcdn.lpsnmedia.net\idb\713543746LePgSaercoutrSe.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\https+++s.yimg.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\https+++s.yimg.com\idb\12183338011.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\https+++twitter.com\cache
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\https+++twitter.com\cache\caches.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\https+++twitter.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\https+++twitter.com\idb\4185313131nsortoisfriucca_tnio.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\https+++twitter.com\idb\437107801ddma_ethyape.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\https+++web.whatsapp.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\https+++web.whatsapp.com\idb\1119037936ptbc_edte.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\https+++web.whatsapp.com\idb\3166453069wcaw.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\https+++www.leovegas.com\cache
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\https+++www.leovegas.com\cache\caches.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\https+++www.linkedin.com\cache
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\https+++www.linkedin.com\cache\caches.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\https+++www.linkedin.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\https+++www.linkedin.com\idb\485124086SBeDrrveikcreoW.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\https+++www.pinterest.com\cache
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\https+++www.pinterest.com\cache\caches.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\https+++www.vagalume.com.br\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\default\https+++www.vagalume.com.br\idb\2779925287vrPelya.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\permanent\chrome\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\permanent\moz-safe-about+home\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\healiowi.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\content-prefs.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\cookies.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\formhistory.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\kinto.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\permissions.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\places.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\signons.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\webappsstore.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++ads.avocet.io\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++ads.avocet.io\idb\301792106ttes.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++ads.avocet.io\idb\734840399Aruug.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++ams1-ib.adnxs.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++ams1-ib.adnxs.com\idb\12183338011.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++cdn.w55c.net\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++cdn.w55c.net\idb\12183338011.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++fra1-ib.adnxs.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++fra1-ib.adnxs.com\idb\12183338011.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++genius.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++genius.com\idb\12183338011.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++tpc.googlesyndication.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++tpc.googlesyndication.com\idb\12183338011.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++www.bleepingcomputer.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++www.bleepingcomputer.com\idb\12183338011.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++www.dailymotion.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++www.dailymotion.com\idb\12183338011.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++www.guitartabs.cc\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++www.guitartabs.cc\idb\12183338011.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++www.myce.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++www.myce.com\idb\12183338011.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++www.pcgamer.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++www.pcgamer.com\idb\1256665748ftieb.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++www.tasteofhome.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++www.tasteofhome.com\idb\12183338011.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++www.tasteofhome.com\idb\301792106ttes.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++www.techspot.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\http+++www.techspot.com\idb\12183338011.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++aax-eu.amazon-adsystem.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++aax-eu.amazon-adsystem.com\idb\12183338011.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++googleads.g.doubleclick.net\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++googleads.g.doubleclick.net\idb\12183338011.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++lpcdn.lpsnmedia.net\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++lpcdn.lpsnmedia.net\idb\713543746LePgSaercoutrSe.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++message.aliexpress.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++message.aliexpress.com\idb\549607280ubmd.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++mods.curse.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++mods.curse.com\idb\301792106ttes.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++s.yimg.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++s.yimg.com\idb\12183338011.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++secure-ams.adnxs.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++secure-ams.adnxs.com\idb\12183338011.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++secure-fra.adnxs.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++secure-fra.adnxs.com\idb\12183338011.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++secure.ace.advertising.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++secure.ace.advertising.com\idb\12183338011.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++space.onesignal.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++space.onesignal.com\idb\993782502OBNDE__KSDISG_NLA.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++tpc.googlesyndication.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++tpc.googlesyndication.com\idb\12183338011.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++twitter.com\cache
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++twitter.com\cache\caches.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++twitter.com\cache\context_open.marker
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++twitter.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++twitter.com\idb\4185313131nsortoisfriucca_tnio.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++twitter.com\idb\437107801ddma_ethyape.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++www.theguardian.com\cache
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++www.theguardian.com\cache\caches.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++www.theguardian.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++www.theguardian.com\idb\301792106ttes.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++www.ultimate-guitar.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++www.ultimate-guitar.com\idb\12183338011.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++www.yahoo.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++www.yahoo.com\idb\301792106ttes.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++www.youtube.com\cache
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\default\https+++www.youtube.com\cache\caches.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\permanent\chrome\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\permanent\chrome\idb\2918063365piupsah.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\permanent\moz-safe-about+home\idb
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\Mozilla\Firefox\Profiles\vyjlr7hk.default-1474826034025\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\AppData\Roaming\www.shadowexplorer.com\ShadowExplorerPortable.ex_StrongName_xtjupzqizfvrswisywb5m1z43nbxsnce\0.9.462.0
[-] Encrypted file: C:\Users\Colin Beckman\AppData\Roaming\www.shadowexplorer.com\ShadowExplorerPortable.ex_StrongName_xtjupzqizfvrswisywb5m1z43nbxsnce\0.9.462.0\user.config
[-] Encrypted folder: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\content-prefs.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\cookies.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\formhistory.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\permissions.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\places.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\search.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\signons.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\webappsstore.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\OfflineCache
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\OfflineCache\index.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\startupCache
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\startupCache\startupCache.4.little
[-] Encrypted folder: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\http+++thewebtrovert.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\http+++thewebtrovert.com\idb\12183338011.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\http+++trade.aliexpress.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\http+++trade.aliexpress.com\idb\549607280ubmd.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\http+++www.dealxp.net\idb
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\http+++www.dealxp.net\idb\301792106ttes.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\http+++www.gamesradar.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\http+++www.gamesradar.com\idb\1256665748ftieb.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\http+++www.homedepot.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\http+++www.homedepot.com\idb\766948556cbtd..sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\http+++www.pcadvisor.co.uk\idb
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\http+++www.pcadvisor.co.uk\idb\734840399Aruug.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\https+++answers.yahoo.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\https+++answers.yahoo.com\idb\301792106ttes.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\https+++lpcdn.lpsnmedia.net\idb
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\https+++lpcdn.lpsnmedia.net\idb\713543746LePgSaercoutrSe.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\https+++s.yimg.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\https+++s.yimg.com\idb\12183338011.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\https+++twitter.com\cache
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\https+++twitter.com\cache\caches.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\https+++twitter.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\https+++twitter.com\idb\4185313131nsortoisfriucca_tnio.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\https+++twitter.com\idb\437107801ddma_ethyape.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\https+++web.whatsapp.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\https+++web.whatsapp.com\idb\1119037936ptbc_edte.sqlite
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\https+++web.whatsapp.com\idb\3166453069wcaw.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\https+++www.leovegas.com\cache
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\https+++www.leovegas.com\cache\caches.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\https+++www.linkedin.com\cache
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\https+++www.linkedin.com\cache\caches.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\https+++www.linkedin.com\idb
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\https+++www.linkedin.com\idb\485124086SBeDrrveikcreoW.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\https+++www.pinterest.com\cache
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\https+++www.pinterest.com\cache\caches.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\https+++www.vagalume.com.br\idb
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\default\https+++www.vagalume.com.br\idb\2779925287vrPelya.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\permanent\chrome\idb
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\permanent\moz-safe-about+home\idb
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Old Firefox Data\healiowi.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.sqlite
[-] Encrypted folder: C:\Users\Colin Beckman\Desktop\Recovery Software\ShadowExplorerPortable-0.9
[-] Encrypted file: C:\Users\Colin Beckman\Desktop\Recovery Software\ShadowExplorerPortable-0.9\ShadowExplorerPortable.exe.config
[-] Encrypted folder: C:\Users\Colin Beckman\Documents\CINEMA 4D R12\resource\modules\python\res\Python.osx.framework\lib\python2.6\config
[-] Encrypted file: C:\Users\Colin Beckman\Documents\CINEMA 4D R12\resource\modules\python\res\Python.osx.framework\lib\python2.6\config\Setup.config
[-] Encrypted folder: C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a
[-] Encrypted file: C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config
[-] Encrypted folder: C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35
[-] Encrypted file: C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config
[-] Encrypted folder: C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a
[-] Encrypted file: C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config
[-] Encrypted folder: C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35
[-] Encrypted file: C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Access\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Access\15.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Excel\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Excel\15.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Graph\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Graph\15.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.InfoPath\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.InfoPath\15.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\15.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Outlook\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Outlook\15.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\15.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.PowerPoint\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.PowerPoint\15.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Publisher\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Publisher\15.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.SmartTag\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.SmartTag\15.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Word\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Word\15.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Vbe.Interop\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Vbe.Interop\15.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.11.0.office\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.11.0.office\15.0.0.0__71e9bce111e9429c\Policy.11.0.office.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.InfoPath\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.InfoPath\15.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.InfoPath.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.InfoPath.Client.Internal.Host\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.InfoPath.Client.Internal.Host\15.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.InfoPath.Client.Internal.Host.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.InfoPath.FormControl\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.InfoPath.FormControl\15.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.InfoPath.FormControl.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.InfoPath.Permission\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.InfoPath.Permission\15.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.InfoPath.Permission.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Access\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Access\15.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Access.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Access.Dao\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Access.Dao\15.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Access.Dao.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Excel\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Excel\15.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Excel.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Graph\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Graph\15.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Graph.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.InfoPath\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.InfoPath\15.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.InfoPath.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.InfoPath.Xml\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.InfoPath.Xml\15.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.InfoPath.Xml.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Outlook\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Outlook\15.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Outlook.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl\15.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.PowerPoint\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.PowerPoint\15.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.PowerPoint.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Publisher\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Publisher\15.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Publisher.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.SmartTag\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.SmartTag\15.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.SmartTag.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Word\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Word\15.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Word.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Vbe.Interop\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Vbe.Interop\15.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Vbe.Interop.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.12.0.office\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.12.0.office\15.0.0.0__71e9bce111e9429c\Policy.12.0.office.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.InfoPath\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.InfoPath\15.0.0.0__71e9bce111e9429c\Policy.14.0.Microsoft.Office.InfoPath.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.InfoPath.Client.Internal.Host\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.InfoPath.Client.Internal.Host\15.0.0.0__71e9bce111e9429c\Policy.14.0.Microsoft.Office.InfoPath.Client.Internal.Host.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.InfoPath.FormControl\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.InfoPath.FormControl\15.0.0.0__71e9bce111e9429c\Policy.14.0.Microsoft.Office.InfoPath.FormControl.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.InfoPath.Permission\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.InfoPath.Permission\15.0.0.0__71e9bce111e9429c\Policy.14.0.Microsoft.Office.InfoPath.Permission.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.Access\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.Access\15.0.0.0__71e9bce111e9429c\Policy.14.0.Microsoft.Office.Interop.Access.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.Access.Dao\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.Access.Dao\15.0.0.0__71e9bce111e9429c\Policy.14.0.Microsoft.Office.Interop.Access.Dao.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.Excel\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.Excel\15.0.0.0__71e9bce111e9429c\Policy.14.0.Microsoft.Office.Interop.Excel.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.Graph\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.Graph\15.0.0.0__71e9bce111e9429c\Policy.14.0.Microsoft.Office.Interop.Graph.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.InfoPath\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.InfoPath\15.0.0.0__71e9bce111e9429c\Policy.14.0.Microsoft.Office.Interop.InfoPath.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.InfoPath.Xml\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.InfoPath.Xml\15.0.0.0__71e9bce111e9429c\Policy.14.0.Microsoft.Office.Interop.InfoPath.Xml.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.OneNote\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.OneNote\15.0.0.0__71e9bce111e9429c\Policy.14.0.Microsoft.Office.Interop.OneNote.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.Outlook\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.Outlook\15.0.0.0__71e9bce111e9429c\Policy.14.0.Microsoft.Office.Interop.Outlook.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.OutlookViewCtl\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.OutlookViewCtl\15.0.0.0__71e9bce111e9429c\Policy.14.0.Microsoft.Office.Interop.OutlookViewCtl.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.PowerPoint\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.PowerPoint\15.0.0.0__71e9bce111e9429c\Policy.14.0.Microsoft.Office.Interop.PowerPoint.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.Publisher\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.Publisher\15.0.0.0__71e9bce111e9429c\Policy.14.0.Microsoft.Office.Interop.Publisher.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.SmartTag\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.SmartTag\15.0.0.0__71e9bce111e9429c\Policy.14.0.Microsoft.Office.Interop.SmartTag.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.Word\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.Word\15.0.0.0__71e9bce111e9429c\Policy.14.0.Microsoft.Office.Interop.Word.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Vbe.Interop\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Vbe.Interop\15.0.0.0__71e9bce111e9429c\Policy.14.0.Microsoft.Vbe.Interop.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.14.0.office\15.0.0.0__71e9bce111e9429c
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.14.0.office\15.0.0.0__71e9bce111e9429c\Policy.14.0.office.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\policy.3.5.System.Data.SqlServerCe\3.5.0.0__89845dcd8080cc91
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\policy.3.5.System.Data.SqlServerCe\3.5.0.0__89845dcd8080cc91\publisher.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\policy.3.5.System.Data.SqlServerCe.Entity\3.5.0.0__89845dcd8080cc91
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\policy.3.5.System.Data.SqlServerCe.Entity\3.5.0.0__89845dcd8080cc91\entitypub.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.6.0.ehRecObj\6.1.0.0__31bf3856ad364e35
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.6.0.ehRecObj\6.1.0.0__31bf3856ad364e35\Policy.6.0.ehRecObj.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.config
[-] Encrypted folder: C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35
[-] Encrypted file: C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.UI.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\assembly\GAC_32\MSBuild\v4.0_4.0.0.0__b03f5f7f11d50a3a
[-] Encrypted file: C:\Windows\Microsoft.NET\assembly\GAC_32\MSBuild\v4.0_4.0.0.0__b03f5f7f11d50a3a\msbuild.exe.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\v4.0_10.0.14393.0__31bf3856ad364e35
[-] Encrypted file: C:\Windows\Microsoft.NET\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\v4.0_10.0.14393.0__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\v4.0_10.0.14393.0__31bf3856ad364e35
[-] Encrypted file: C:\Windows\Microsoft.NET\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\v4.0_10.0.14393.0__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\assembly\GAC_64\MSBuild\v4.0_4.0.0.0__b03f5f7f11d50a3a
[-] Encrypted file: C:\Windows\Microsoft.NET\assembly\GAC_64\MSBuild\v4.0_4.0.0.0__b03f5f7f11d50a3a\msbuild.exe.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\v4.0_10.0.14393.0__31bf3856ad364e35
[-] Encrypted file: C:\Windows\Microsoft.NET\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\v4.0_10.0.14393.0__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\v4.0_10.0.14393.0__31bf3856ad364e35
[-] Encrypted file: C:\Windows\Microsoft.NET\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\v4.0_10.0.14393.0__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\dfsvc\v4.0_4.0.0.0__b03f5f7f11d50a3a
[-] Encrypted file: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\dfsvc\v4.0_4.0.0.0__b03f5f7f11d50a3a\dfsvc.exe.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Policy.1.0.Microsoft.PowerShell.Commands.Management\v4.0_1.0.0.0__31bf3856ad364e35
[-] Encrypted file: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Policy.1.0.Microsoft.PowerShell.Commands.Management\v4.0_1.0.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Powershell.Commands.Management.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Policy.1.0.Microsoft.PowerShell.Commands.Utility\v4.0_1.0.0.0__31bf3856ad364e35
[-] Encrypted file: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Policy.1.0.Microsoft.PowerShell.Commands.Utility\v4.0_1.0.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Powershell.Commands.Utility.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Policy.1.0.Microsoft.PowerShell.ConsoleHost\v4.0_1.0.0.0__31bf3856ad364e35
[-] Encrypted file: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Policy.1.0.Microsoft.PowerShell.ConsoleHost\v4.0_1.0.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Powershell.ConsoleHost.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Policy.1.0.Microsoft.PowerShell.Security\v4.0_1.0.0.0__31bf3856ad364e35
[-] Encrypted file: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Policy.1.0.Microsoft.PowerShell.Security\v4.0_1.0.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Powershell.Security.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Policy.1.0.System.Management.Automation\v4.0_1.0.0.0__31bf3856ad364e35
[-] Encrypted file: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Policy.1.0.System.Management.Automation\v4.0_1.0.0.0__31bf3856ad364e35\Policy.1.0.System.Management.Automation.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Policy.3.0.Microsoft.BackgroundIntelligentTransfer.Management\v4.0_10.0.0.0__31bf3856ad364e35
[-] Encrypted file: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Policy.3.0.Microsoft.BackgroundIntelligentTransfer.Management\v4.0_10.0.0.0__31bf3856ad364e35\Policy.3.0.Microsoft.BackgroundIntelligentTransfer.Management.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\Framework\v1.0.3705
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\Framework\v1.1.4322
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\Framework\v2.0.50727
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v2.0.50727\Aspnet.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v2.0.50727\msbuild.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\web.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdmin.master
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminButtonRow.master
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoButtonRow.master
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\WebAdminWithConfirmation.master
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\WebAdminWithConfirmationNoButtonRow.master
[-] Encrypted folder: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_hightrust.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_lowtrust.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_mediumtrust.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_minimaltrust.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\Framework\v3.0\WPF
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\Framework\v3.5
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v3.5\EdmGen.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v3.5\msbuild.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v3.5\vbc.exe.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\Framework\v4.0.30319
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\applaunch.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Aspnet.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\web.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\webAdmin.master
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\webAdminButtonRow.master
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\webAdminNoButtonRow.master
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\webAdminNoNavBar.master
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\WebAdminWithConfirmation.master
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\WebAdminWithConfirmationNoButtonRow.master
[-] Encrypted folder: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\legacy.web_hightrust.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\legacy.web_lowtrust.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\legacy.web_mediumtrust.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\legacy.web_minimaltrust.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\web.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\web_hightrust.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\web_lowtrust.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\web_mediumtrust.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\web_minimaltrust.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\Framework64\v2.0.50727
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Aspnet.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Aspnet_regsql.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\caspol.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ieexec.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ilasm.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\jsc.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\msbuild.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\regasm.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\regsvcs.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\web.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\webAdmin.master
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\webAdminButtonRow.master
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoButtonRow.master
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminWithConfirmation.master
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminWithConfirmationNoButtonRow.master
[-] Encrypted folder: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\web.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\web_hightrust.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\web_lowtrust.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\web_mediumtrust.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\web_minimaltrust.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\Framework64\v3.0\WPF
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\Framework64\v3.5
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess32.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v3.5\AddInUtil.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v3.5\csc.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v3.5\DataSvcUtil.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v3.5\EdmGen.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v3.5\msbuild.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v3.5\vbc.exe.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\Framework64\v4.0.30319
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\applaunch.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Aspnet.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\caspol.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regasm.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regsvcs.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe.config
[-] Encrypted folder: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\web.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\webAdmin.master
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\webAdminButtonRow.master
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\webAdminNoButtonRow.master
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\webAdminNoNavBar.master
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\WebAdminWithConfirmation.master
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\WebAdminWithConfirmationNoButtonRow.master
[-] Encrypted folder: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\legacy.web_hightrust.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\legacy.web_lowtrust.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\legacy.web_mediumtrust.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\legacy.web_minimaltrust.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web_hightrust.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web_lowtrust.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web_mediumtrust.config
[-] Encrypted file: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web_minimaltrust.config
[-] Encrypted folder: C:\Windows\Registration
[-] Encrypted file: C:\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{B0C056C0-9D39-440A-9C31-AE663015B94A}.crmlog
[-] Encrypted folder: C:\Windows\System32
[-] Encrypted file: C:\Windows\System32\AppVStreamingUX.exe.config
[-] Encrypted file: C:\Windows\System32\GfxUI.exe.config
[-] Encrypted file: C:\Windows\System32\UevAppMonitor.exe.config
[-] Encrypted folder: C:\Windows\System32\drivers\etc
[-] Encrypted file: C:\Windows\System32\drivers\etc\hosts.20150508-213838.backup
[-] Encrypted file: C:\Windows\System32\drivers\etc\hosts.20150526-181721.backup
[-] Encrypted file: C:\Windows\System32\drivers\etc\hosts.20150624-161121.backup
[-] Encrypted file: C:\Windows\System32\drivers\etc\hosts.20150701-215942.backup
[-] Encrypted file: C:\Windows\System32\drivers\etc\hosts.20150729-175528.backup
[-] Encrypted file: C:\Windows\System32\drivers\etc\hosts.20151122-235106.backup
[-] Encrypted file: C:\Windows\System32\drivers\etc\hosts.20160513-222309.backup
[-] Encrypted file: C:\Windows\System32\drivers\etc\hosts.20160913-081207.backup
[-] Encrypted file: C:\Windows\System32\drivers\etc\hosts.20160929-220756.backup
[-] Encrypted file: C:\Windows\System32\drivers\etc\hosts.20161014-174845.backup
[-] Encrypted file: C:\Windows\System32\drivers\etc\hosts.20161026-005337.backup
[-] Encrypted file: C:\Windows\System32\drivers\etc\hosts.20161105-172652.backup
[-] Encrypted file: C:\Windows\System32\drivers\etc\hosts.20161107-001457.backup
[-] Encrypted file: C:\Windows\System32\drivers\etc\hosts.20161119-213033.backup
[-] Encrypted file: C:\Windows\System32\drivers\etc\hosts.20161210-193310.backup
[-] Encrypted folder: C:\Windows\System32\WindowsPowerShell\v1.0
[-] Encrypted file: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe.config
[-] Encrypted folder: C:\Windows\SysWOW64
[-] Encrypted file: C:\Windows\SysWOW64\dllhost.exe.config
[-] Encrypted folder: C:\Windows\SysWOW64\WindowsPowerShell\v1.0
[-] Encrypted file: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_addinprocess32_b77a5c561934e089_10.0.14393.0_none_ae841bb803998848
[-] Encrypted file: C:\Windows\WinSxS\amd64_addinprocess32_b77a5c561934e089_10.0.14393.0_none_ae841bb803998848\AddInProcess32.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_addinprocess32_b77a5c561934e089_4.0.14305.0_none_083bddd9bbab2d4b
[-] Encrypted file: C:\Windows\WinSxS\amd64_addinprocess32_b77a5c561934e089_4.0.14305.0_none_083bddd9bbab2d4b\AddInProcess32.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_caspol_b03f5f7f11d50a3a_10.0.14393.0_none_db2a76137b928b97
[-] Encrypted file: C:\Windows\WinSxS\amd64_caspol_b03f5f7f11d50a3a_10.0.14393.0_none_db2a76137b928b97\caspol.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_caspol_b03f5f7f11d50a3a_4.0.14305.0_none_d4295ecacfa1b499
[-] Encrypted file: C:\Windows\WinSxS\amd64_caspol_b03f5f7f11d50a3a_4.0.14305.0_none_d4295ecacfa1b499\caspol.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_installutil_b03f5f7f11d50a3a_4.0.14305.0_none_e3ca4c2500e36080
[-] Encrypted file: C:\Windows\WinSxS\amd64_installutil_b03f5f7f11d50a3a_4.0.14305.0_none_e3ca4c2500e36080\InstallUtil.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_jsc_b03f5f7f11d50a3a_4.0.14305.0_none_1026c7c6b739dccf
[-] Encrypted file: C:\Windows\WinSxS\amd64_jsc_b03f5f7f11d50a3a_4.0.14305.0_none_1026c7c6b739dccf\jsc.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.14393.0_none_f9e6e295ded9a07e
[-] Encrypted file: C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.14393.0_none_f9e6e295ded9a07e\AppVStreamingUX.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.14393.206_none_0676b42d65f01662
[-] Encrypted file: C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.14393.206_none_0676b42d65f01662\AppVStreamingUX.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.14393.594_none_061369ff663ad6a2
[-] Encrypted file: C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.14393.594_none_061369ff663ad6a2\AppVStreamingUX.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.14393.0_none_2a2010eafbad51a3
[-] Encrypted file: C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.14393.0_none_2a2010eafbad51a3\UevAppMonitor.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_10.0.14393.0_none_66058b1db867c25c
[-] Encrypted file: C:\Windows\WinSxS\amd64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_10.0.14393.0_none_66058b1db867c25c\powershell_ise.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_10.0.14393.103_none_729259f13f80ef14
[-] Encrypted file: C:\Windows\WinSxS\amd64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_10.0.14393.103_none_729259f13f80ef14\powershell_ise.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_microsoft-windows-iis-adminservice_31bf3856ad364e35_10.0.14393.0_none_87dc55a30e6f7585
[-] Encrypted file: C:\Windows\WinSxS\amd64_microsoft-windows-iis-adminservice_31bf3856ad364e35_10.0.14393.0_none_87dc55a30e6f7585\wmsvc.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.14393.0_none_3e5dde3fcb84fbb3
[-] Encrypted file: C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.14393.0_none_3e5dde3fcb84fbb3\administration.config
[-] Encrypted file: C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.14393.0_none_3e5dde3fcb84fbb3\applicationHost.config
[-] Encrypted file: C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.14393.0_none_3e5dde3fcb84fbb3\redirection.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.14393.206_none_4aedafd7529b7197
[-] Encrypted file: C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.14393.206_none_4aedafd7529b7197\administration.config
[-] Encrypted file: C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.14393.206_none_4aedafd7529b7197\applicationHost.config
[-] Encrypted file: C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.14393.206_none_4aedafd7529b7197\redirection.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_microsoft.powershell.pester_31bf3856ad364e35_10.0.14393.0_none_01a6d61f8a837fc6
[-] Encrypted file: C:\Windows\WinSxS\amd64_microsoft.powershell.pester_31bf3856ad364e35_10.0.14393.0_none_01a6d61f8a837fc6\Pester.nuspec
[-] Encrypted folder: C:\Windows\WinSxS\amd64_msbuild_b03f5f7f11d50a3a_10.0.14393.0_none_f086e2b03ceb709b
[-] Encrypted file: C:\Windows\WinSxS\amd64_msbuild_b03f5f7f11d50a3a_10.0.14393.0_none_f086e2b03ceb709b\msbuild.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_msbuild_b03f5f7f11d50a3a_3.5.14393.0_none_3b7b07246ad78105
[-] Encrypted file: C:\Windows\WinSxS\amd64_msbuild_b03f5f7f11d50a3a_3.5.14393.0_none_3b7b07246ad78105\msbuild.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_msbuild_b03f5f7f11d50a3a_4.0.14305.0_none_e985cb6790fa999d
[-] Encrypted file: C:\Windows\WinSxS\amd64_msbuild_b03f5f7f11d50a3a_4.0.14305.0_none_e985cb6790fa999d\msbuild.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_multipoint-logcollector_31bf3856ad364e35_10.0.14393.0_none_cd96eb17b1d4e2bb
[-] Encrypted file: C:\Windows\WinSxS\amd64_multipoint-logcollector_31bf3856ad364e35_10.0.14393.0_none_cd96eb17b1d4e2bb\LogCollector.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_multipoint-wmsmanager_31bf3856ad364e35_10.0.14393.0_none_49833a309ed88314
[-] Encrypted file: C:\Windows\WinSxS\amd64_multipoint-wmsmanager_31bf3856ad364e35_10.0.14393.0_none_49833a309ed88314\Logging.config
[-] Encrypted file: C:\Windows\WinSxS\amd64_multipoint-wmsmanager_31bf3856ad364e35_10.0.14393.0_none_49833a309ed88314\system.diagnostics.config
[-] Encrypted file: C:\Windows\WinSxS\amd64_multipoint-wmsmanager_31bf3856ad364e35_10.0.14393.0_none_49833a309ed88314\WmsManager.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx-aspnet_config_b03f5f7f11d50a3a_10.0.14393.0_none_403aeaad080e207d
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx-aspnet_config_b03f5f7f11d50a3a_10.0.14393.0_none_403aeaad080e207d\Aspnet.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_10.0.14393.0_none_eb931546ee6b65fc
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_10.0.14393.0_none_eb931546ee6b65fc\Aspnet_regsql.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx-aspnet_webadmin_b03f5f7f11d50a3a_10.0.14393.0_none_4f2e7db4d0385808
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx-aspnet_webadmin_b03f5f7f11d50a3a_10.0.14393.0_none_4f2e7db4d0385808\web.config
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx-aspnet_webadmin_b03f5f7f11d50a3a_10.0.14393.0_none_4f2e7db4d0385808\webAdmin.master
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx-aspnet_webadmin_b03f5f7f11d50a3a_10.0.14393.0_none_4f2e7db4d0385808\webAdminButtonRow.master
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx-aspnet_webadmin_b03f5f7f11d50a3a_10.0.14393.0_none_4f2e7db4d0385808\webAdminNoButtonRow.master
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx-aspnet_webadmin_b03f5f7f11d50a3a_10.0.14393.0_none_4f2e7db4d0385808\webAdminNoNavBar.master
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx-aspnet_webadmin_b03f5f7f11d50a3a_10.0.14393.0_none_4f2e7db4d0385808\WebAdminWithConfirmation.master
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx-aspnet_webadmin_b03f5f7f11d50a3a_10.0.14393.0_none_4f2e7db4d0385808\WebAdminWithConfirmationNoButtonRow.master
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_10.0.14393.0_none_9bb67f21a8aa6ada
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_10.0.14393.0_none_9bb67f21a8aa6ada\web_mediumtrust.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_10.0.14393.0_none_51f11e15923421b4
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_10.0.14393.0_none_51f11e15923421b4\web_minimaltrust.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx-aspnet_web_config_b03f5f7f11d50a3a_10.0.14393.0_none_0d6c5f71a993c946
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx-aspnet_web_config_b03f5f7f11d50a3a_10.0.14393.0_none_0d6c5f71a993c946\web.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_10.0.14393.0_none_7263f0081981b3bc
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_10.0.14393.0_none_7263f0081981b3bc\ilasm.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx-csc_exe_config_b03f5f7f11d50a3a_10.0.14393.0_none_f6c7ddeb24c403f0
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx-csc_exe_config_b03f5f7f11d50a3a_10.0.14393.0_none_f6c7ddeb24c403f0\csc.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx-jsc_b03f5f7f11d50a3a_10.0.14393.0_none_f7609c5f9b19a85d
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx-jsc_b03f5f7f11d50a3a_10.0.14393.0_none_f7609c5f9b19a85d\jsc.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx-machine_config_ocm_b03f5f7f11d50a3a_10.0.14393.0_none_649ea692a15ca2eb
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx-machine_config_ocm_b03f5f7f11d50a3a_10.0.14393.0_none_649ea692a15ca2eb\machine.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx-redist_config_files_b03f5f7f11d50a3a_10.0.14393.0_none_ea7c7fb05ad3859f
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx-redist_config_files_b03f5f7f11d50a3a_10.0.14393.0_none_ea7c7fb05ad3859f\ieexec.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx-vbc_exe_config_b03f5f7f11d50a3a_10.0.14393.0_none_a1d06ac69b763194
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx-vbc_exe_config_b03f5f7f11d50a3a_10.0.14393.0_none_a1d06ac69b763194\vbc.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx-webhightrust_config_b03f5f7f11d50a3a_10.0.14393.0_none_0f8d06521d3a73b0
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx-webhightrust_config_b03f5f7f11d50a3a_10.0.14393.0_none_0f8d06521d3a73b0\web_hightrust.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx-weblowtrust_config_b03f5f7f11d50a3a_10.0.14393.0_none_4d4f3cc4a64e0bb8
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx-weblowtrust_config_b03f5f7f11d50a3a_10.0.14393.0_none_4d4f3cc4a64e0bb8\web_lowtrust.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx35linq-addinprocess_31bf3856ad364e35_10.0.14393.0_none_5e0b9643636da555
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx35linq-addinprocess_31bf3856ad364e35_10.0.14393.0_none_5e0b9643636da555\AddInProcess.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx35linq-addinutil_31bf3856ad364e35_10.0.14393.0_none_f892a4a2fa0e7f8a
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx35linq-addinutil_31bf3856ad364e35_10.0.14393.0_none_f892a4a2fa0e7f8a\AddInUtil.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx35linq-csharp_31bf3856ad364e35_10.0.14393.0_none_44a01a852adc7d33
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx35linq-csharp_31bf3856ad364e35_10.0.14393.0_none_44a01a852adc7d33\csc.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx35linq-datasvcutil_31bf3856ad364e35_10.0.14393.0_none_bccb49a7b3a8df06
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx35linq-datasvcutil_31bf3856ad364e35_10.0.14393.0_none_bccb49a7b3a8df06\DataSvcUtil.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx35linq-edmgen_31bf3856ad364e35_10.0.14393.0_none_dbf0638d529138c0
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx35linq-edmgen_31bf3856ad364e35_10.0.14393.0_none_dbf0638d529138c0\EdmGen.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx35linq-vbc_exe_config_orcas_31bf3856ad364e35_10.0.14393.0_none_36787b43b346d4ce
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx35linq-vbc_exe_config_orcas_31bf3856ad364e35_10.0.14393.0_none_36787b43b346d4ce\vbc.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx4-addinprocess_b03f5f7f11d50a3a_4.0.14305.0_none_d8c57adc7849b9ca
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-addinprocess_b03f5f7f11d50a3a_4.0.14305.0_none_d8c57adc7849b9ca\AddInProcess.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx4-addinutil_b03f5f7f11d50a3a_4.0.14305.0_none_6dfa4d1caea87c29
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-addinutil_b03f5f7f11d50a3a_4.0.14305.0_none_6dfa4d1caea87c29\AddInUtil.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx4-applaunch_exe_b03f5f7f11d50a3a_4.0.14305.0_none_b5ec8c2eb4453c82
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-applaunch_exe_b03f5f7f11d50a3a_4.0.14305.0_none_b5ec8c2eb4453c82\applaunch.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx4-aspnet_config_b03f5f7f11d50a3a_4.0.14305.0_none_e16daaa066c6d3c1
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-aspnet_config_b03f5f7f11d50a3a_4.0.14305.0_none_e16daaa066c6d3c1\Aspnet.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx4-aspnet_webadmin_b03f5f7f11d50a3a_4.0.14305.0_none_b50de10ff887351c
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-aspnet_webadmin_b03f5f7f11d50a3a_4.0.14305.0_none_b50de10ff887351c\web.config
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-aspnet_webadmin_b03f5f7f11d50a3a_4.0.14305.0_none_b50de10ff887351c\webAdmin.master
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-aspnet_webadmin_b03f5f7f11d50a3a_4.0.14305.0_none_b50de10ff887351c\webAdminButtonRow.master
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-aspnet_webadmin_b03f5f7f11d50a3a_4.0.14305.0_none_b50de10ff887351c\webAdminNoButtonRow.master
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-aspnet_webadmin_b03f5f7f11d50a3a_4.0.14305.0_none_b50de10ff887351c\webAdminNoNavBar.master
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-aspnet_webadmin_b03f5f7f11d50a3a_4.0.14305.0_none_b50de10ff887351c\WebAdminWithConfirmation.master
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-aspnet_webadmin_b03f5f7f11d50a3a_4.0.14305.0_none_b50de10ff887351c\WebAdminWithConfirmationNoButtonRow.master
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx4-csc_exe_b03f5f7f11d50a3a_4.0.14305.0_none_8438590c2d18cc51
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-csc_exe_b03f5f7f11d50a3a_4.0.14305.0_none_8438590c2d18cc51\csc.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx4-cvtres_exe_b03f5f7f11d50a3a_4.0.14305.0_none_5efa0224c50bb5bd
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-cvtres_exe_b03f5f7f11d50a3a_4.0.14305.0_none_5efa0224c50bb5bd\cvtres.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx4-datasvcutil_b03f5f7f11d50a3a_4.0.14305.0_none_c9b6f8c52ed979ff
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-datasvcutil_b03f5f7f11d50a3a_4.0.14305.0_none_c9b6f8c52ed979ff\DataSvcUtil.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx4-dfsvc_b03f5f7f11d50a3a_4.0.14305.0_none_b36d44811cf41e05
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-dfsvc_b03f5f7f11d50a3a_4.0.14305.0_none_b36d44811cf41e05\dfsvc.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx4-ilasm_exe_b03f5f7f11d50a3a_4.0.14305.0_none_6d30246a1dbb0dca
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-ilasm_exe_b03f5f7f11d50a3a_4.0.14305.0_none_6d30246a1dbb0dca\ilasm.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx4-legacy_web_hightrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_56f1e5af87aaf48f
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-legacy_web_hightrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_56f1e5af87aaf48f\legacy.web_hightrust.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx4-legacy_web_lowtrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_e1266bbbb7494dc7
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-legacy_web_lowtrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_e1266bbbb7494dc7\legacy.web_lowtrust.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx4-legacy_web_mediumtrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_0c5a6561badeaf74
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-legacy_web_mediumtrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_0c5a6561badeaf74\legacy.web_mediumtrust.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx4-legacy_web_minimaltrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_33a139320f81b788
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-legacy_web_minimaltrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_33a139320f81b788\legacy.web_minimaltrust.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx4-machine_config_b03f5f7f11d50a3a_4.0.14305.0_none_9163415c8450fe35
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-machine_config_b03f5f7f11d50a3a_4.0.14305.0_none_9163415c8450fe35\machine.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx4-microsoft_wo..compiler_exe_config_b03f5f7f11d50a3a_4.0.14305.0_none_2e9962079998a4b7
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-microsoft_wo..compiler_exe_config_b03f5f7f11d50a3a_4.0.14305.0_none_2e9962079998a4b7\Microsoft.Workflow.Compiler.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx4-smsvchost_exe_config_b03f5f7f11d50a3a_4.0.14305.0_none_62fd0e654c8d4ec9
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-smsvchost_exe_config_b03f5f7f11d50a3a_4.0.14305.0_none_62fd0e654c8d4ec9\SMSvcHost.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx4-vbc_exe_b03f5f7f11d50a3a_4.0.14305.0_none_a43b1543fa02966d
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-vbc_exe_b03f5f7f11d50a3a_4.0.14305.0_none_a43b1543fa02966d\vbc.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx4-web_config_b03f5f7f11d50a3a_4.0.14305.0_none_d9d9cc6c782214fe
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-web_config_b03f5f7f11d50a3a_4.0.14305.0_none_d9d9cc6c782214fe\web.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx4-web_hightrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_cc8e24b11309b373
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-web_hightrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_cc8e24b11309b373\web_hightrust.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx4-web_lowtrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_32f47cbd0e7fdc5f
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-web_lowtrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_32f47cbd0e7fdc5f\web_lowtrust.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx4-web_mediumtrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_d5decba3bff6e134
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-web_mediumtrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_d5decba3bff6e134\web_mediumtrust.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_netfx4-web_minimaltrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_efab79101d46c6ce
[-] Encrypted file: C:\Windows\WinSxS\amd64_netfx4-web_minimaltrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_efab79101d46c6ce\web_minimaltrust.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_policy.1.0.microsof..op.security.azroles_31bf3856ad364e35_10.0.14393.0_none_caf91adb7d7779e0
[-] Encrypted file: C:\Windows\WinSxS\amd64_policy.1.0.microsof..op.security.azroles_31bf3856ad364e35_10.0.14393.0_none_caf91adb7d7779e0\Policy.1.0.Microsoft.Interop.Security.AzRoles.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_10.0.14393.0_none_1a2e6ec342136dc2
[-] Encrypted file: C:\Windows\WinSxS\amd64_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_10.0.14393.0_none_1a2e6ec342136dc2\Policy.1.2.Microsoft.Interop.Security.AzRoles.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_presentationcore_31bf3856ad364e35_10.0.14393.0_none_d9a57dbaa6a6ede3
[-] Encrypted file: C:\Windows\WinSxS\amd64_presentationcore_31bf3856ad364e35_10.0.14393.0_none_d9a57dbaa6a6ede3\PresentationFontCache.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_presentationcore_31bf3856ad364e35_10.0.14393.479_none_e5eca4882df36db1
[-] Encrypted file: C:\Windows\WinSxS\amd64_presentationcore_31bf3856ad364e35_10.0.14393.479_none_e5eca4882df36db1\PresentationFontCache.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_regasm_b03f5f7f11d50a3a_10.0.14393.0_none_8667eeb5a1382222
[-] Encrypted file: C:\Windows\WinSxS\amd64_regasm_b03f5f7f11d50a3a_10.0.14393.0_none_8667eeb5a1382222\regasm.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_regasm_b03f5f7f11d50a3a_4.0.14305.0_none_7f66d76cf5474b24
[-] Encrypted file: C:\Windows\WinSxS\amd64_regasm_b03f5f7f11d50a3a_4.0.14305.0_none_7f66d76cf5474b24\regasm.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_regsvcs_b03f5f7f11d50a3a_10.0.14393.0_none_5983195bf3ab1ad2
[-] Encrypted file: C:\Windows\WinSxS\amd64_regsvcs_b03f5f7f11d50a3a_10.0.14393.0_none_5983195bf3ab1ad2\regsvcs.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_regsvcs_b03f5f7f11d50a3a_4.0.14305.0_none_5282021347ba43d4
[-] Encrypted file: C:\Windows\WinSxS\amd64_regsvcs_b03f5f7f11d50a3a_4.0.14305.0_none_5282021347ba43d4\regsvcs.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\amd64_wcf-m_smsvchost_exe_cnf_31bf3856ad364e35_10.0.14393.0_none_222869782fc08c62
[-] Encrypted file: C:\Windows\WinSxS\amd64_wcf-m_smsvchost_exe_cnf_31bf3856ad364e35_10.0.14393.0_none_222869782fc08c62\SMSvcHost.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\msil_addinprocess_b77a5c561934e089_10.0.14393.0_none_c8f41fb3f0f3830a
[-] Encrypted file: C:\Windows\WinSxS\msil_addinprocess_b77a5c561934e089_10.0.14393.0_none_c8f41fb3f0f3830a\AddInProcess.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\msil_addinprocess_b77a5c561934e089_4.0.14305.0_none_c9b519962f84bc19
[-] Encrypted file: C:\Windows\WinSxS\msil_addinprocess_b77a5c561934e089_4.0.14305.0_none_c9b519962f84bc19\AddInProcess.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\msil_addinutil_b77a5c561934e089_10.0.14393.0_none_e9cfd1d3557e8c11
[-] Encrypted file: C:\Windows\WinSxS\msil_addinutil_b77a5c561934e089_10.0.14393.0_none_e9cfd1d3557e8c11\AddInUtil.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\msil_addinutil_b77a5c561934e089_4.0.14305.0_none_51cbd3012458d78a
[-] Encrypted file: C:\Windows\WinSxS\msil_addinutil_b77a5c561934e089_4.0.14305.0_none_51cbd3012458d78a\AddInUtil.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\msil_c2wtshost_31bf3856ad364e35_10.0.14393.0_none_ebe7b1f499a7398e
[-] Encrypted file: C:\Windows\WinSxS\msil_c2wtshost_31bf3856ad364e35_10.0.14393.0_none_ebe7b1f499a7398e\c2wtshost.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\msil_datasvcutil_b77a5c561934e089_10.0.14393.0_none_9f2aab37bac9066d
[-] Encrypted file: C:\Windows\WinSxS\msil_datasvcutil_b77a5c561934e089_10.0.14393.0_none_9f2aab37bac9066d\DataSvcUtil.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\msil_datasvcutil_b77a5c561934e089_4.0.14305.0_none_b0153968a750910e
[-] Encrypted file: C:\Windows\WinSxS\msil_datasvcutil_b77a5c561934e089_4.0.14305.0_none_b0153968a750910e\DataSvcUtil.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\msil_dfsvc_b03f5f7f11d50a3a_4.0.14305.0_none_15cd30677d3d1258
[-] Encrypted file: C:\Windows\WinSxS\msil_dfsvc_b03f5f7f11d50a3a_4.0.14305.0_none_15cd30677d3d1258\dfsvc.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\msil_edmgen_b77a5c561934e089_10.0.14393.0_none_9d2de00312205143
[-] Encrypted file: C:\Windows\WinSxS\msil_edmgen_b77a5c561934e089_10.0.14393.0_none_9d2de00312205143\EdmGen.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\msil_jsc_b03f5f7f11d50a3a_10.0.14393.0_none_5ed4f91e77a70d72
[-] Encrypted file: C:\Windows\WinSxS\msil_jsc_b03f5f7f11d50a3a_10.0.14393.0_none_5ed4f91e77a70d72\jsc.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\msil_multipoint-wmsadminuilibrary_31bf3856ad364e35_10.0.14393.0_none_d3cee688600d5f00
[-] Encrypted file: C:\Windows\WinSxS\msil_multipoint-wmsadminuilibrary_31bf3856ad364e35_10.0.14393.0_none_d3cee688600d5f00\WmsAddins.config
[-] Encrypted folder: C:\Windows\WinSxS\msil_multipoint-wmsdashboard_31bf3856ad364e35_10.0.14393.0_none_7da0e248028c8d6c
[-] Encrypted file: C:\Windows\WinSxS\msil_multipoint-wmsdashboard_31bf3856ad364e35_10.0.14393.0_none_7da0e248028c8d6c\WmsDashboard.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\msil_policy.1.0.microsof..commands.management_31bf3856ad364e35_10.0.14393.0_none_ecb331f84e074b8e
[-] Encrypted file: C:\Windows\WinSxS\msil_policy.1.0.microsof..commands.management_31bf3856ad364e35_10.0.14393.0_none_ecb331f84e074b8e\Policy.1.0.Microsoft.Powershell.Commands.Management.config
[-] Encrypted folder: C:\Windows\WinSxS\msil_policy.1.0.microsof..ershell.consolehost_31bf3856ad364e35_10.0.14393.0_none_95329d62cf5a1294
[-] Encrypted file: C:\Windows\WinSxS\msil_policy.1.0.microsof..ershell.consolehost_31bf3856ad364e35_10.0.14393.0_none_95329d62cf5a1294\Policy.1.0.Microsoft.Powershell.ConsoleHost.config
[-] Encrypted folder: C:\Windows\WinSxS\msil_policy.1.0.microsof..ll.commands.utility_31bf3856ad364e35_10.0.14393.0_none_4a932b31009ae885
[-] Encrypted file: C:\Windows\WinSxS\msil_policy.1.0.microsof..ll.commands.utility_31bf3856ad364e35_10.0.14393.0_none_4a932b31009ae885\Policy.1.0.Microsoft.Powershell.Commands.Utility.config
[-] Encrypted folder: C:\Windows\WinSxS\msil_policy.1.0.microsoft.powershell.security_31bf3856ad364e35_10.0.14393.0_none_cfd0451c4040a4df
[-] Encrypted file: C:\Windows\WinSxS\msil_policy.1.0.microsoft.powershell.security_31bf3856ad364e35_10.0.14393.0_none_cfd0451c4040a4df\Policy.1.0.Microsoft.Powershell.Security.config
[-] Encrypted folder: C:\Windows\WinSxS\msil_policy.1.0.system.management.automation_31bf3856ad364e35_10.0.14393.0_none_7ecf93dd1a17e1f9
[-] Encrypted file: C:\Windows\WinSxS\msil_policy.1.0.system.management.automation_31bf3856ad364e35_10.0.14393.0_none_7ecf93dd1a17e1f9\Policy.1.0.System.Management.Automation.config
[-] Encrypted folder: C:\Windows\WinSxS\msil_policy.3.0.microsof..transfer.management_31bf3856ad364e35_10.0.14393.0_none_f87c41b701d70bdd
[-] Encrypted file: C:\Windows\WinSxS\msil_policy.3.0.microsof..transfer.management_31bf3856ad364e35_10.0.14393.0_none_f87c41b701d70bdd\Policy.3.0.Microsoft.BackgroundIntelligentTransfer.Management.config
[-] Encrypted folder: C:\Windows\WinSxS\wow64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_10.0.14393.0_none_705a356fecc88457
[-] Encrypted file: C:\Windows\WinSxS\wow64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_10.0.14393.0_none_705a356fecc88457\powershell_ise.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\wow64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_10.0.14393.103_none_7ce7044373e1b10f
[-] Encrypted file: C:\Windows\WinSxS\wow64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_10.0.14393.103_none_7ce7044373e1b10f\powershell_ise.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\wow64_microsoft.powershell.pester_31bf3856ad364e35_10.0.14393.0_none_0bfb8071bee441c1
[-] Encrypted file: C:\Windows\WinSxS\wow64_microsoft.powershell.pester_31bf3856ad364e35_10.0.14393.0_none_0bfb8071bee441c1\Pester.nuspec
[-] Encrypted folder: C:\Windows\WinSxS\x86_addinprocess32_b77a5c561934e089_10.0.14393.0_none_526580344b3c1712
[-] Encrypted file: C:\Windows\WinSxS\x86_addinprocess32_b77a5c561934e089_10.0.14393.0_none_526580344b3c1712\AddInProcess32.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_addinprocess32_b77a5c561934e089_4.0.14305.0_none_4fe914b0d0275651
[-] Encrypted file: C:\Windows\WinSxS\x86_addinprocess32_b77a5c561934e089_4.0.14305.0_none_4fe914b0d0275651\AddInProcess32.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_caspol_b03f5f7f11d50a3a_10.0.14393.0_none_22d7acea900eb49d
[-] Encrypted file: C:\Windows\WinSxS\x86_caspol_b03f5f7f11d50a3a_10.0.14393.0_none_22d7acea900eb49d\caspol.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_caspol_b03f5f7f11d50a3a_4.0.14305.0_none_1bd695a1e41ddd9f
[-] Encrypted file: C:\Windows\WinSxS\x86_caspol_b03f5f7f11d50a3a_4.0.14305.0_none_1bd695a1e41ddd9f\caspol.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_installutil_b03f5f7f11d50a3a_4.0.14305.0_none_2b7782fc155f8986
[-] Encrypted file: C:\Windows\WinSxS\x86_installutil_b03f5f7f11d50a3a_4.0.14305.0_none_2b7782fc155f8986\InstallUtil.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_jsc_b03f5f7f11d50a3a_4.0.14305.0_none_57d3fe9dcbb605d5
[-] Encrypted file: C:\Windows\WinSxS\x86_jsc_b03f5f7f11d50a3a_4.0.14305.0_none_57d3fe9dcbb605d5\jsc.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_msbuild_b03f5f7f11d50a3a_10.0.14393.0_none_38341987516799a1
[-] Encrypted file: C:\Windows\WinSxS\x86_msbuild_b03f5f7f11d50a3a_10.0.14393.0_none_38341987516799a1\msbuild.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_msbuild_b03f5f7f11d50a3a_3.5.14393.0_none_df5c6ba0b27a0fcf
[-] Encrypted file: C:\Windows\WinSxS\x86_msbuild_b03f5f7f11d50a3a_3.5.14393.0_none_df5c6ba0b27a0fcf\msbuild.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_msbuild_b03f5f7f11d50a3a_4.0.14305.0_none_3133023ea576c2a3
[-] Encrypted file: C:\Windows\WinSxS\x86_msbuild_b03f5f7f11d50a3a_4.0.14305.0_none_3133023ea576c2a3\msbuild.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx-aspnet_config_b03f5f7f11d50a3a_10.0.14393.0_none_87e821841c8a4983
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx-aspnet_config_b03f5f7f11d50a3a_10.0.14393.0_none_87e821841c8a4983\Aspnet.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_10.0.14393.0_none_33404c1e02e78f02
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_10.0.14393.0_none_33404c1e02e78f02\Aspnet_regsql.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_10.0.14393.0_none_96dbb48be4b4810e
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_10.0.14393.0_none_96dbb48be4b4810e\web.config
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_10.0.14393.0_none_96dbb48be4b4810e\webAdmin.master
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_10.0.14393.0_none_96dbb48be4b4810e\webAdminButtonRow.master
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_10.0.14393.0_none_96dbb48be4b4810e\webAdminNoButtonRow.master
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_10.0.14393.0_none_96dbb48be4b4810e\webAdminNoNavBar.master
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_10.0.14393.0_none_96dbb48be4b4810e\WebAdminWithConfirmation.master
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_10.0.14393.0_none_96dbb48be4b4810e\WebAdminWithConfirmationNoButtonRow.master
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_10.0.14393.0_none_e363b5f8bd2693e0
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_10.0.14393.0_none_e363b5f8bd2693e0\web_mediumtrust.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_10.0.14393.0_none_999e54eca6b04aba
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_10.0.14393.0_none_999e54eca6b04aba\web_minimaltrust.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_10.0.14393.0_none_55199648be0ff24c
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_10.0.14393.0_none_55199648be0ff24c\web.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_10.0.14393.0_none_ba1126df2dfddcc2
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_10.0.14393.0_none_ba1126df2dfddcc2\ilasm.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_10.0.14393.0_none_6e53528d34a2aa18
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_10.0.14393.0_none_6e53528d34a2aa18\gacutil.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx-config_files_.._regsvcs_exe_config_31bf3856ad364e35_10.0.14393.0_none_2ac72f38e710d988
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx-config_files_.._regsvcs_exe_config_31bf3856ad364e35_10.0.14393.0_none_2ac72f38e710d988\regsvcs.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_10.0.14393.0_none_3e7514c239402cf6
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_10.0.14393.0_none_3e7514c239402cf6\csc.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_10.0.14393.0_none_9633d3bd155348b5
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_10.0.14393.0_none_9633d3bd155348b5\installutil.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_10.0.14393.0_none_ac4bdd69b5d8cbf1
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_10.0.14393.0_none_ac4bdd69b5d8cbf1\machine.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx-redist_config_files_b03f5f7f11d50a3a_10.0.14393.0_none_3229b6876f4faea5
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx-redist_config_files_b03f5f7f11d50a3a_10.0.14393.0_none_3229b6876f4faea5\ieexec.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx-regsvcs_exe_config_v1_31bf3856ad364e35_10.0.14393.0_none_af16d9cf8ae8dc15
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx-regsvcs_exe_config_v1_31bf3856ad364e35_10.0.14393.0_none_af16d9cf8ae8dc15\regsvcs.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_10.0.14393.0_none_e97da19daff25a9a
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_10.0.14393.0_none_e97da19daff25a9a\vbc.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_10.0.14393.0_none_573a3d2931b69cb6
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_10.0.14393.0_none_573a3d2931b69cb6\web_hightrust.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx-weblowtrust_config_b03f5f7f11d50a3a_10.0.14393.0_none_94fc739bbaca34be
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx-weblowtrust_config_b03f5f7f11d50a3a_10.0.14393.0_none_94fc739bbaca34be\web_lowtrust.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx35linq-csharp_31bf3856ad364e35_10.0.14393.0_none_e8817f01727f0bfd
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx35linq-csharp_31bf3856ad364e35_10.0.14393.0_none_e8817f01727f0bfd\csc.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx35linq-vbc_exe_config_orcas_31bf3856ad364e35_10.0.14393.0_none_da59dfbffae96398
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx35linq-vbc_exe_config_orcas_31bf3856ad364e35_10.0.14393.0_none_da59dfbffae96398\vbc.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx4-applaunch_exe_b03f5f7f11d50a3a_4.0.14305.0_none_fd99c305c8c16588
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx4-applaunch_exe_b03f5f7f11d50a3a_4.0.14305.0_none_fd99c305c8c16588\applaunch.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx4-aspnet_config_b03f5f7f11d50a3a_4.0.14305.0_none_291ae1777b42fcc7
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx4-aspnet_config_b03f5f7f11d50a3a_4.0.14305.0_none_291ae1777b42fcc7\Aspnet.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx4-aspnet_webadmin_b03f5f7f11d50a3a_4.0.14305.0_none_fcbb17e70d035e22
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx4-aspnet_webadmin_b03f5f7f11d50a3a_4.0.14305.0_none_fcbb17e70d035e22\web.config
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx4-aspnet_webadmin_b03f5f7f11d50a3a_4.0.14305.0_none_fcbb17e70d035e22\webAdmin.master
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx4-aspnet_webadmin_b03f5f7f11d50a3a_4.0.14305.0_none_fcbb17e70d035e22\webAdminButtonRow.master
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx4-aspnet_webadmin_b03f5f7f11d50a3a_4.0.14305.0_none_fcbb17e70d035e22\webAdminNoButtonRow.master
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx4-aspnet_webadmin_b03f5f7f11d50a3a_4.0.14305.0_none_fcbb17e70d035e22\webAdminNoNavBar.master
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx4-aspnet_webadmin_b03f5f7f11d50a3a_4.0.14305.0_none_fcbb17e70d035e22\WebAdminWithConfirmation.master
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx4-aspnet_webadmin_b03f5f7f11d50a3a_4.0.14305.0_none_fcbb17e70d035e22\WebAdminWithConfirmationNoButtonRow.master
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx4-csc_exe_b03f5f7f11d50a3a_4.0.14305.0_none_cbe58fe34194f557
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx4-csc_exe_b03f5f7f11d50a3a_4.0.14305.0_none_cbe58fe34194f557\csc.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx4-cvtres_exe_b03f5f7f11d50a3a_4.0.14305.0_none_a6a738fbd987dec3
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx4-cvtres_exe_b03f5f7f11d50a3a_4.0.14305.0_none_a6a738fbd987dec3\cvtres.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx4-ilasm_exe_b03f5f7f11d50a3a_4.0.14305.0_none_b4dd5b41323736d0
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx4-ilasm_exe_b03f5f7f11d50a3a_4.0.14305.0_none_b4dd5b41323736d0\ilasm.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx4-legacy_web_hightrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_9e9f1c869c271d95
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx4-legacy_web_hightrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_9e9f1c869c271d95\legacy.web_hightrust.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx4-legacy_web_lowtrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_28d3a292cbc576cd
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx4-legacy_web_lowtrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_28d3a292cbc576cd\legacy.web_lowtrust.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx4-legacy_web_mediumtrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_54079c38cf5ad87a
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx4-legacy_web_mediumtrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_54079c38cf5ad87a\legacy.web_mediumtrust.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx4-legacy_web_minimaltrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_7b4e700923fde08e
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx4-legacy_web_minimaltrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_7b4e700923fde08e\legacy.web_minimaltrust.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx4-machine_config_b03f5f7f11d50a3a_4.0.14305.0_none_d910783398cd273b
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx4-machine_config_b03f5f7f11d50a3a_4.0.14305.0_none_d910783398cd273b\machine.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx4-microsoft_wo..compiler_exe_config_b03f5f7f11d50a3a_4.0.14305.0_none_764698deae14cdbd
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx4-microsoft_wo..compiler_exe_config_b03f5f7f11d50a3a_4.0.14305.0_none_764698deae14cdbd\Microsoft.Workflow.Compiler.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx4-smsvchost_exe_config_b03f5f7f11d50a3a_4.0.14305.0_none_aaaa453c610977cf
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx4-smsvchost_exe_config_b03f5f7f11d50a3a_4.0.14305.0_none_aaaa453c610977cf\SMSvcHost.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx4-vbc_exe_b03f5f7f11d50a3a_4.0.14305.0_none_ebe84c1b0e7ebf73
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx4-vbc_exe_b03f5f7f11d50a3a_4.0.14305.0_none_ebe84c1b0e7ebf73\vbc.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx4-web_config_b03f5f7f11d50a3a_4.0.14305.0_none_218703438c9e3e04
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx4-web_config_b03f5f7f11d50a3a_4.0.14305.0_none_218703438c9e3e04\web.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx4-web_hightrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_143b5b882785dc79
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx4-web_hightrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_143b5b882785dc79\web_hightrust.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx4-web_lowtrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_7aa1b39422fc0565
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx4-web_lowtrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_7aa1b39422fc0565\web_lowtrust.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx4-web_mediumtrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_1d8c027ad4730a3a
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx4-web_mediumtrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_1d8c027ad4730a3a\web_mediumtrust.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_netfx4-web_minimaltrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_3758afe731c2efd4
[-] Encrypted file: C:\Windows\WinSxS\x86_netfx4-web_minimaltrust_config_b03f5f7f11d50a3a_4.0.14305.0_none_3758afe731c2efd4\web_minimaltrust.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_policy.1.0.microsof..op.security.azroles_31bf3856ad364e35_10.0.14393.0_none_6eda7f57c51a08aa
[-] Encrypted file: C:\Windows\WinSxS\x86_policy.1.0.microsof..op.security.azroles_31bf3856ad364e35_10.0.14393.0_none_6eda7f57c51a08aa\Policy.1.0.Microsoft.Interop.Security.AzRoles.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_10.0.14393.0_none_be0fd33f89b5fc8c
[-] Encrypted file: C:\Windows\WinSxS\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_10.0.14393.0_none_be0fd33f89b5fc8c\Policy.1.2.Microsoft.Interop.Security.AzRoles.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_presentationcore_31bf3856ad364e35_10.0.14393.0_none_7d86e236ee497cad
[-] Encrypted file: C:\Windows\WinSxS\x86_presentationcore_31bf3856ad364e35_10.0.14393.0_none_7d86e236ee497cad\PresentationFontCache.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_presentationcore_31bf3856ad364e35_10.0.14393.479_none_89ce09047595fc7b
[-] Encrypted file: C:\Windows\WinSxS\x86_presentationcore_31bf3856ad364e35_10.0.14393.479_none_89ce09047595fc7b\PresentationFontCache.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_regasm_b03f5f7f11d50a3a_10.0.14393.0_none_ce15258cb5b44b28
[-] Encrypted file: C:\Windows\WinSxS\x86_regasm_b03f5f7f11d50a3a_10.0.14393.0_none_ce15258cb5b44b28\regasm.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_regasm_b03f5f7f11d50a3a_4.0.14305.0_none_c7140e4409c3742a
[-] Encrypted file: C:\Windows\WinSxS\x86_regasm_b03f5f7f11d50a3a_4.0.14305.0_none_c7140e4409c3742a\regasm.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_regsvcs_b03f5f7f11d50a3a_10.0.14393.0_none_a1305033082743d8
[-] Encrypted file: C:\Windows\WinSxS\x86_regsvcs_b03f5f7f11d50a3a_10.0.14393.0_none_a1305033082743d8\regsvcs.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_regsvcs_b03f5f7f11d50a3a_4.0.14305.0_none_9a2f38ea5c366cda
[-] Encrypted file: C:\Windows\WinSxS\x86_regsvcs_b03f5f7f11d50a3a_4.0.14305.0_none_9a2f38ea5c366cda\regsvcs.exe.config
[-] Encrypted folder: C:\Windows\WinSxS\x86_wcf-m_smsvchost_exe_cnf_31bf3856ad364e35_10.0.14393.0_none_c609cdf477631b2c
[-] Encrypted file: C:\Windows\WinSxS\x86_wcf-m_smsvchost_exe_cnf_31bf3856ad364e35_10.0.14393.0_none_c609cdf477631b2c\SMSvcHost.exe.config

Complete, found 417 encrypted folders with 777 encrypted files
Searching for files encrypted by CryptoLocker3...

Complete, found 0 encrypted folders with 0 encrypted files

Colin Beckman

#6 Demonslay335

Ransomware Hunter

Topic Starter

Security Colleague
4,770 posts
OFFLINE

Gender:Male
Location:USA
Local time:11:44 PM

Posted 16 January 2017 - 04:59 PM

If you had files with .zepto, you should be selecting Locky to have it look for files encrypted by Locky. Blindly selecting a ransomware to search for will not help you in any way. CryptoSearch is not designed for detecting whether you have encrypted files when you don't know what you are dealing with, that isn't the point of it. It is for helping with cleaning up your system after you have already identified the infection (such as with ID Ransomware).

The reason it is picking up a ton of false-positives is because the Crypt0L0cker rules are a bit open-ended. Crypt0L0cker uses a random 6 character extension for each victim, so in your case, it picked up on any file with 6 characters for an extension (e.g. ".config" as you see).

Those files are probably not encrypted or anything, it is just a false-positive. If you were really hit with Crypt0L0cker, I would recommend using the manual "Extension" option for your exact extension.

ID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

CryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.

#7 chorton

Members
2 posts
OFFLINE

Local time:11:44 PM

Posted 17 January 2017 - 05:06 PM

I know I have files encrypted by CryptoWall 3.0 and I'm sure this can detect that ransomware, but I don't see it as an option in the Ransomware options?

#8 Demonslay335

Ransomware Hunter

Topic Starter

Security Colleague
4,770 posts
OFFLINE

Gender:Male
Location:USA
Local time:11:44 PM

Posted 17 January 2017 - 05:34 PM

I know I have files encrypted by CryptoWall 3.0 and I'm sure this can detect that ransomware, but I don't see it as an option in the Ransomware options?

Files encrypted by CryptoWall 3.0 cannot be automatically detected by the rules provided by ID Ransomware. CryptoSearch will only pull in data that is usable from the website; in this case, CryptoWall usually can only be positively identified with a ransom note.

For CryptoWall 3.0 and 4.0, typically your files will have the same 16 byte header (this is different for everyone, thus why I could not include a rule on ID Ransomware for it). If you open a few encrypted files in a hex editor, you will see it. You can then use this 16 byte string (32 hex characters with no spaces) with the "Byte Pattern" option in CryptoSearch. It will then search your computer for files with that same byte pattern in the header.

ID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

CryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.

#9 chorton

Members
2 posts
OFFLINE

Local time:11:44 PM

Posted 17 January 2017 - 06:40 PM

Yes that worked, thank you.

#10 megakotaro

Members
29 posts
OFFLINE

Gender:Male
Location:Cyberspace
Local time:01:44 PM

Posted 18 January 2017 - 03:14 AM

Searching files spend little time, great!!

But it crashes all the time when I click "about" while searching encrypted files. Which means don't touch this program when he is searching your computer. :ph34r:

#11 Demonslay335

Ransomware Hunter

Topic Starter

Security Colleague
4,770 posts
OFFLINE

Gender:Male
Location:USA
Local time:11:44 PM

Posted 18 January 2017 - 09:07 AM

Searching files spend little time, great!!

But it crashes all the time when I click "about" while searching encrypted files. Which means don't touch this program when he is searching your computer.

Can you give me more information on the crash? You simply did a search for ".crypt", then clicked "About" while it was searching, or while it was archiving? I cannot reproduce it. The status bar at the bottom shows "Idle", which would show when it is done with a task. If you go to Event Viewer, can you find a log about the crash under Windows Logs -> Application?

ID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

CryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.

#12 megakotaro

Members
29 posts
OFFLINE

Gender:Male
Location:Cyberspace
Local time:01:44 PM

Posted 19 January 2017 - 01:36 AM

Searching files spend little time, great!!

But it crashes all the time when I click "about" while searching encrypted files. Which means don't touch this program when he is searching your computer.

Can you give me more information on the crash? You simply did a search for ".crypt", then clicked "About" while it was searching, or while it was archiving? I cannot reproduce it. The status bar at the bottom shows "Idle", which would show when it is done with a task. If you go to Event Viewer, can you find a log about the crash under Windows Logs -> Application?

OK, I pm you.

#13 Majolla

Members
11 posts
OFFLINE

Local time:07:44 AM

Posted 23 January 2017 - 05:34 AM

Having trouble to unzip and install CryptoSearch. Error when extracting "Unknown method in CryptoSearch.zip" Chrome browser blocks file as Dangerous when attempting to download.

#14 Demonslay335

Ransomware Hunter

Topic Starter

Security Colleague
4,770 posts
OFFLINE

Gender:Male
Location:USA
Local time:11:44 PM

Posted 23 January 2017 - 10:07 AM

Having trouble to unzip and install CryptoSearch. Error when extracting "Unknown method in CryptoSearch.zip" Chrome browser blocks file as Dangerous when attempting to download.

We're working on removing the false-positives. For Chrome, you may need to temporarily disable "Protect you and your device from dangerous websites" - I know it isn't ideal and I hate to have to ask a user to change security settings to download my programs. We're working on a more permanent solution as well.

Try opening the ZIP file with 7zip. I think Windows Explorer can't handle the password protection for some reason sometimes. I'll have to look into that.

*Edit: Fixed. Apparently Windows Explorer cannot handle AES-encryption for the password protection. Changed how it uses the password and Explorer should open it fine. Password is still "false-positive".

Edited by Demonslay335, 23 January 2017 - 10:16 AM.

ID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

CryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.

#15 Majolla

Members
11 posts
OFFLINE

Local time:07:44 AM

Posted 24 January 2017 - 01:56 AM

Ok fine new version extracts after I enter "false-positive" for password. Found all encrypted files and then I could choose to move to an Archive folder.