���� JFIF  XX �� �� �     $.' ",#(7),01444'9=82<.342  2!!22222222222222222222222222222222222222222222222222�� ��" �� 4     ��   �� �,�PG"Z_�4�˷����kjز�Z�,F+��_z�,�© �����zh6�٨�ic�fu��� #ډb���_�N� ?� �wQ���5-�~�I���8��� �TK<5o�Iv-� ����k�_U_����� ~b�M��d��� �Ӝ�U�Hh��?]��E�w��Q���k�{��_}qFW7HTՑ��Y��F� ?_�'ϔ��_�Ջt� �=||I �� 6�έ"�����D���/[�k�9�� �Y�8 ds|\���Ҿp6�Ҵ���]��.����6� z<�v��@]�i% �� $j��~ �g��J>��no����pM[me�i$[�� �� s�o�ᘨ�˸ nɜG-�ĨU�ycP� 3.DB�li�;� �hj���x 7Z^�N�h��� ���N3u{�:j �x�힞��#M &��jL P@ _���� P�� &��o8 ������9 �����@Sz 6�t7#O�ߋ � s}Yf�T� ��lmr����Z)'N��k�۞p ����w\�T ȯ?�8` �O��i{wﭹW�[�r�� ��Q4F�׊�� �3m&L�=��h3� ���z~��#� \�l :�F,j@�� ʱ�wQT����8�"kJO��� 6�֚l���� }��� R�>ډK���]��y����&����p�}b�� ;N�1�m�r$� |��7�>e�@ B�TM*-i H��g�D�)� E�m�|�ؘbҗ�a ��Ҿ���� t4��� o���G��*oCN�rP���Q��@z,|?W[0 �����:�n,j WiE��W� �$~/�hp\��?��{(�0���+�Y8rΟ�+����>S-S�� ��VN;� }�s?.����� w �9��˟<���Mq4�Wv' ��{)0�1mB ��V����W[� ����8�/<� �%���wT^�5���b��)iM� p g�N�&ݝ� �VO~� q���u���9� ����!��J27��� �$ O-���! �: �%H��� ـ ����y�ΠM=t{!S�� oK8������ t<����è :a�� ����[���� �ա�H���~��w��Qz`�p o�^ �� ��Q��n�  �,uu�C� $ ^���,� �����8�#��:�6��e�|~� ��!�3� 3.�\0�� q��o�4`.|� ����y�Q�`~;�d�ׯ,��O�Zw�������`73�v�܋�< ���Ȏ�� ـ4k��5�K�a�u�=9Yd��$>x�A�&�� j0� ���vF��� Y� |�y��� ~�6�@c��1vOp �Ig�� ��4��l�OD� ��L����� R���c���j�_�uX 6��3?nk��Wy�f;^*B� ��@ �~a�`��Eu������ +� �� 6�L��.ü>��}y���}_�O�6�͐�:�Yr G�X��kG�� ���l^w�� �~㒶sy� �Iu�!� W ��X��N�7BV��O��!X�2����wvG�R�f�T#�����t�/?���%8�^�W�aT ��G�cL�M���I��(J����1~�8�?aT ���]����AS�E��(��*E}� 2�� #I/�׍qz��^t�̔��� b�Yz4x ���t�){ OH� �+(E��A&�N�������XT��o��"�XC�� '���)}�J�z�p� ��~5�}�^����+�6����w��c��Q�| Lp�d�H��}�(�.|����k��c4^� "�����Z?ȕ ��a< �L�!0 39C� �Eu� C�F�Ew�ç ;�n?�*o���B�8�bʝ���'#Rqf�� �M}7����]��� �s2tcS{�\icTx;�\��7K���P ���ʇ Z O-��~�� c>"��?�� �����P ��E��O�8��@�8��G��Q�g�a�Վ���󁶠 �䧘��_%#r�>� 1�z�a�� eb��qcP ѵ��n���#L��� =��׀t� L�7�` ��V��� A{�C:�g���e@ �w1 Xp 3�c3�ġ���� p��M"'-�@n4���fG� �B3�DJ�8[Jo�ߐ���gK)ƛ��$���� � ��8�3�����+���� �����6�ʻ���� ���S�kI�*KZlT _`�� �?��K� ���QK�d ����B`�s}�>���` ��*�>��,*@J�d�oF*� ���弝��O}�k��s��]��y�ߘ ��c1G�V���<=�7��7����6 �q�PT��tXԀ�!9*4�4Tހ 3XΛex�46�� �Y��D ����� �BdemDa����\�_l,� �G�/���֌7���Y�](�xTt^%�GE�����4�}bT ���ڹ�����; Y)���B�Q��u��>J/J � ⮶.�XԄ��j�ݳ� +E��d ��r�5�_D �1 �� o�� �B�x�΢�#� ��<��W�����8���R6�@ g�M�.��� dr�D��>(otU��@ x=��~v���2� ӣ�d�oBd ��3�eO�6�㣷�� ���ݜ 6��6Y��Qz`�� S��{���\P �~z m5{J/L��1������<�e�ͅPu� b�]�ϔ ���'�� ����f�b� Zpw��c`"��i���BD@:)ִ�:�]��h v�E� w���T�l ��P� ��"Ju�}��وV J��G6��. J/�Qgl߭�e�����@�z�Zev2u� )]կ��� ��7x�� �s�M�-<ɯ�c��r� v�����@��$�ޮ}lk���a�� �'����>x��O\�Z Fu>��� ��ck#��&:��`�$ �ai�>2Δ����l���oF[h� �lE�ܺ�Π k:)���` �� $[6�����9�����kOw�\|��� 8}������ބ:��񶐕� �I�A1/� =�2[�,�!��.}gN#�u����b ��� ~� �݊��}34q��� �d�E��L c��$ ��"�[q�U�硬g^��%B � z���r�p J�ru%v\h 1Y�ne` ǥ:g�� �pQM~�^� Xi� ��`S�:V2 9.�P���V� ?B�k�� AEvw%�_�9C�Q����wKekP ؠ�\� ;Io d�{ ߞo�c1eP��� �\� `����E=���@K<�Y�� �eڼ�J ���w����{av�F�'�M�@ /J��+9p ���|]���� �Iw &` ��8���& M�hg ��[�{ ��Xj�� %��Ӓ� $��(��� �ʹN��� <>�I���RY� ��K2�NPlL�ɀ )��&e� ���B+ь����( � �JTx ���_?EZ� }@ 6�U���뙢ط�z��dWI� n` D����噥�[��uV��"�G& Ú����2 g�}&m� �?ċ �"����Om#� ������� � ��{� ON��"S�X ��Ne��ysQ���@ Fn��Vg��� dX�~nj� ]J�<�K]: ��FW�� b�������62 �=��5f����JKw� �bf�X� 55��~J �%^� ���:�-�QIE��P��v�nZum� z � ~ə ���� ���ة����;�f��\v��� g�8�1��f2 4;�V���ǔ�)��� �9���1\�� c��v�/'Ƞ�w����� ��$�4�R-��t�� �� e�6�/�ġ �̕Ecy�J���u�B���<�W�ַ~�w[B1L۲�-JS΂�{���΃���� ��A��20�c# �� @    0!1@AP"#2Q`$3V�%45a6�FRUq���   � ���^7ׅ,$n� ������+��F�`��2X'��0vM��p�L=������ 5��8������u�p~���.�`r�����\��� O��,ư�0oS ��_�M�����l���4�kv\JSd���x���SW�<��Ae�IX����������$I���w�:S���y���›R��9�Q[���,�5�;�@]�%���u�@ *ro�lbI �� ��+���%m:�͇ZV�����u�̉����θau<�fc�.����{�4Ա� �Q����*�Sm��8\ujqs]{kN���)qO�y�_*dJ�b�7���yQqI&9�ԌK!�M}�R�;�� ����S�T���1���i[U�ɵz�]��U)V�S6���3$K{� ߊ<�(� E]Զ[ǼENg�����'�\?#)Dkf��J���o��v���'�%ƞ�&K�u� !��b�35LX�Ϸ��63$K�a�;�9>,R��W��3�3� d�JeTYE.Mϧ��-�o�j3+y��y^�c�������VO�9NV\nd�1 ��!͕_)a�v;����թ�M�lWR1��)El��P;��yوÏ�u 3�k�5Pr6<�⒲l�!˞*��u־�n�!�l:����UNW ��%��Chx8vL'��X�@��*��)���̮��ˍ��� � ��D-M�+J�U�kvK����+�x8��cY������?�Ԡ��~3mo��|�u@[XeY�C�\Kp�x8�oC�C�&����N�~3-H���� ��MX�s�u<`���~"WL��$8ξ��3���a�)|:@�m�\���^�`�@ҷ)�5p+��6���p�%i)P M���ngc�����#0Aruz���RL+xSS?���ʮ}()#�t��mˇ!��0}}y����<�e� �-ή�Ԩ��X������ MF���ԙ~l L.3���}�V뽺�v��� ��멬��Nl�)�2����^�Iq��a��M��qG��T�����c3#������3U�Ǎ���}��לS�|qa��ڃ�+���-��2�f����/��bz��ڐ�� �ݼ[2�ç����k�X�2�* �Z�d���J�G����M*9W���s{��w���T��x��y,�in�O�v��]���n����P�$� JB@=4�OTI�n��e�22a\����q�d���%�$��(���:���: /*�K[PR�fr\nڙdN���F�n�$�4� [�� U�zƶ����� �mʋ���,�ao�u 3�z� �x��Kn����\[��VFmbE;�_U��&V�Gg�]L�۪&#n%�$ɯ� dG���D�TI=�%+AB�Ru#��b4�1�»x�cs�YzڙJG��f��Il� �d�eF'T� iA��T���uC�$����Y��H?����[!G`}���ͪ� �纤Hv\������j�Ex�K���!���OiƸ�Yj�+u-<���'q����uN�*�r\��+�]���<�wOZ.fp�ێ��,-*)V?j-kÊ#�`�r��dV����(�ݽBk�����G�ƛk�QmUڗe��Z���f}|����8�8��a���i��3'J�����~G_�^���d�8w������ R�`(�~�.��u���l�s+g�bv���W���lGc}��u���afE~1�Ue������Z�0�8�=e�� f@/�jqEKQQ�J� �oN��J���W5~M>$6�Lt�;$ʳ{���^��6�{����v6���ķܰg�V�cnn �~z�x�«�,2�u�?cE+Ș�H؎�%�Za�)���X>uW�Tz�Nyo����s���FQƤ��$��*�&�LLXL)�1�" L��eO��ɟ�9=���:t��Z���c��Ž���Y?�ӭV�wv�~,Y��r�ۗ�|�y��GaF�����C�����.�+� ���v1���fήJ�����]�S��T��B��n5sW}y�$��~z�'�c ��8 ��� ,! �p��VN�S��N�N�q��y8z˱�A��4��*��'������2n<�s���^ǧ˭P�Jޮɏ�U�G�L�J�*#��<�V��t7�8����TĜ>��i}K%,���)[��z�21z ?�N�i�n1?T�I�R#��m-�����������������1����lA�`��fT5+��ܐ�c�q՝��ʐ��,���3�f2U�եmab��#ŠdQ�y>\��)�SLY����w#��.���ʑ�f��� ,"+�w�~�N�'�c�O�3F�������N<���)j��&��,-� �љ���֊�_�zS���TǦ����w�>��?�������n��U仆�V���e�����0���$�C�d���rP �m�׈e�Xm�Vu� �L��.�bֹ��� �[Դaզ���*��\y�8�Է:�Ez\�0�Kq�C b��̘��cө���Q��=0Y��s�N��S.��� 3.���O�o:���#���v7�[#߫ ��5�܎�L���Er4���9n��COWlG�^��0k�%<���ZB���aB_���������'=��{i�v�l�$�uC���mƎҝ{�c㱼�y]���W�i ��ߧc��m�H� m�"�"�����;Y�ߝ�Z�Ǔ�����:S#��|}�y�,/k�Ld� TA�(�AI$+I3��;Y*���Z��}|��ӧO��d�v��..#:n��f>�>���ȶI�TX��� 8��y����"d�R�|�)0���=���n4��6ⲑ�+��r<�O�܂~zh�z����7ܓ�HH�Ga롏���nCo�>������a ���~]���R���̲c?�6(�q�;5%� |�uj�~z8R =X��I�V=�|{v�Gj\gc��q����z�؋%M�ߍ����1y��#��@f^���^�>N��� ��#x#۹��6�Y~�?�dfPO��{��P�4��V��u1E1J �*|���%�� �JN��`eWu�zk M6���q t[�� ��g�G���v��WIG��u_ft����5�j�"�Y�:T��ɐ���*�;� e5���4����q$C��2d�}���� _S�L#m�Yp��O�.�C�;��c����Hi#֩%+) �Ӎ��ƲV���SYź��g |���tj��3�8���r|���V��1#;.SQ�A[���S������#���`n�+���$��$ I �P\[�@�s��(�ED�z���P��])8�G#��0B��[ى��X�II�q<��9�~[Z멜�Z�⊔IWU&A>�P~�#��dp<�?����7���c��'~���5 ��+$���lx@�M�dm��n<=e�dyX��?{�|Aef ,|n3�<~z�ƃ�uۧ�����P��Y,�ӥQ�*g�#먙R�\���;T��i,��[9Qi歉����c>]9�� ��"�c��P�� �Md?٥��If�ت�u��k��/����F��9�c*9��Ǎ:�ØF���z�n*�@|I�ށ9����N3{'��[�'ͬ�Ҳ4��#}��!�V� Fu��,�,mTIk���v C�7v���B�6k�T9��1�*l� '~��ƞF��lU��'�M ����][ΩũJ_�{�i�I�n��$�� �L�� j��O�dx�����kza۪��#�E��Cl����x˘�o�����V���ɞ�ljr��)�/,�߬h�L��#��^��L�ф�,íMƁe�̩�NB�L�����iL����q�}��(��q��6IçJ$�W�E$��:������=#����(�K�B����zђ <��K(�N�۫K�w��^O{!����) �H���>x�������lx�?>Պ�+�>�W���,Ly!_�D���Ō�l���Q�!�[ �S����J��1��Ɛ�Y}��b,+�Lo�x�ɓ)����=�y�oh�@�꥟/��I��ѭ=��P�y9��� �ۍYӘ�e+�p�Jnϱ?V\SO%�(�t� ���=?MR�[Ș�����d�/ ��n�l��B�7j� ��!�;ӥ�/�[-���A�>� dN�sLj ��,ɪv��=1c�.SQ�O3�U���ƀ�ܽ�E����������̻��9G�ϷD�7(�}��Ävӌ\� y�_0[w ���<΍>����a_��[0+�L��F.�޺��f�>oN�T����q;���y\��bՃ��y�jH�<|q-eɏ�_?_9+P���Hp$�����[ux�K w�Mw��N�ی'$Y2�=��q���KB��P��~�� ����Yul:�[<����F1�2�O���5=d����]Y�sw:���Ϯ���E��j,_Q��X��z`H1,#II ��d�wr��P˂@�ZJV����y$�\y�{}��^~���[:N����ߌ�U�������O��d�����ؾe��${p>G��3c���Ė�lʌ�� ת��[��`ϱ�-W����dg�I��ig2��� ��}s ��ؤ(%#sS@���~���3�X�nRG�~\jc3�v��ӍL��M[JB�T��s3}��j�Nʖ��W����;7� �ç?=X�F=-�=����q�ߚ���#���='�c��7���ڑW�I(O+=:uxq�������������e2�zi+�kuG�R��������0�&e�n���iT^J����~\jy���p'dtG��s����O��3����9* �b#Ɋ�� p������[Bws�T�>d4�ۧs���nv�n���U���_�~,�v����ƜJ1��s�� �QIz�� )�(lv8M���U=�;����56��G���s#�K���MP�=��LvyGd��}�VwWBF�'�à �?MH�U�g2�� ����!�p�7Q��j��ڴ����=��j�u��� Jn�A s���uM������e��Ɔ�Ҕ�!) '��8Ϣ�ٔ� �ޝ(��Vp���צ֖d=�IC�J�Ǡ{q������kԭ�߸���i��@K����u�|�p=..�*+����x�����z[Aqġ#s2a�Ɗ���RR�)*HRsi�~�a &f��M��P����-K�L@��Z��Xy�'x�{}��Zm+���:�)�) IJ�-i�u���� ���ܒH��'� L(7�y�GӜq���� j��� 6ߌg1�g�o���,kر���tY�?W,���p���e���f�OQS��!K�۟cҒA�|ս�j�>��=⬒��˧L[�� �߿2JaB~R��u�:��Q�] �0H~���]�7��Ƽ�I���( }��cq '�ήET���q�?f�ab���ӥvr� �)o��-Q��_'����ᴎo��K������;��V���o��%���~OK ����*��b�f:���-ťIR��`B�5!RB@���ï�� �u �̯e\�_U�_������� g�ES��3������� QT��a�� ��x����U<~�c?�*�#]�MW,[8O�a�x��]�1bC|踤�P��lw5V%�)�{t�<��d��5���0i�XSU��m:��Z�┵�i�"��1�^B�-��P�hJ��&)O��*�D��c�W��vM��)����}���P��ܗ-q����\mmζZ-l@�}��a��E�6��F�@��&Sg@���ݚ�M����� ȹ 4����#p�\H����dYDo�H���"��\��..R�B�H�z_�/5˘����6��KhJR��P�mƶi�m���3� ,#c�co��q�a)*P t����R�m�k�7x�D�E�\Y�閣_X�<���~�)���c[[�BP����6�Yq���S��0����%_����;��Àv�~�| VS؇ ��'O0��F0��\���U�-�d@�����7�SJ*z��3n��y��P����O��������� m�~�P�3|Y��ʉr#�C�<�G~�.,! ���bqx���h~0=��!ǫ�jy����l� O,�[B��~��|9��ٱ����Xly�#�i�B��g%�S��������tˋ���e���ې��\[d�t)��.+u�|1 ������#�~Oj����hS�%��i.�~X���I�H�m��0n���c�1uE�q��cF�RF�o���7� �O�ꮧ� ���ۛ{��ʛi5�rw?׌#Qn�TW��~?y$��m\�\o����%W� ?=>S�N@�� �Ʈ���R����N�)�r"C�:��:����� �����#��qb��Y�. �6[��2K����2u�Ǧ�HYR��Q�MV��� �G�$��Q+.>�����nNH��q�^��� ����q��mM��V��D�+�-�#*�U�̒ ���p욳��u:�������IB���m� ��PV@O���r[b= �� ��1U�E��_Nm�yKbN�O���U�}�the�`�|6֮P>�\2�P�V���I�D�i�P�O;�9�r�mAHG�W�S]��J*�_�G��+kP�2����Ka�Z���H�'K�x�W�MZ%�O�YD�Rc+o��?�q��Ghm��d�S�oh�\�D�|:W������UA�Qc yT�q� �����~^�H��/��#p�CZ���T�I�1�ӏT����4��"�ČZ�����}��`w�#�*,ʹ�� ��0�i��課�Om�*�da��^gJ݅{���l�e9uF#T�ֲ��̲�ٞC"�q���ߍ ոޑ�o#�XZTp����@ o�8��(jd��xw�]�,f���`~� |,s��^����f�1���t��|��m�򸄭/ctr��5s��7�9Q�4�H1꠲BB@ l9@���C�����+�wp�xu�£Yc�9��?`@#�o�mH�s2��)�=��2�.�l����jg�9$�Y�S�%*L������R�Y������7Z���,*=�䷘$�������arm�o�ϰ���UW.|�r�uf����IGw�t����Zwo��~5 ��YյhO+=8fF�)�W�7�L9lM�̘·Y���֘YLf�큹�pRF���99.A �"wz��=E\Z���'a� 2��Ǚ�#;�'}�G���*��l��^"q��+2FQ� hj��kŦ��${���ޮ-�T�٭cf�|�3#~�RJ����t��$b�(R��(����r���dx� >U b�&9,>���%E\� Ά�e�$��'�q't��*�א���ެ�b��-|d���SB�O�O��$�R+�H�)�܎�K��1m`;�J�2�Y~9��O�g8=vqD`K[�F)k�[���1m޼c��n���]s�k�z$@��)!I �x՝"v��9=�ZA=`Ɠi �:�E��)` 7��vI��}d�YI�_ �o�:ob���o ���3Q��&D&�2=�� �Ά��;>�h����y.*ⅥS������Ӭ�+q&����j|UƧ��� �}���J0��WW< ۋS�)jQR�j���Ư��rN)�Gű�4Ѷ(�S)Ǣ�8��i��W52���No˓� ۍ%�5brOn�L�;�n��\G����=�^U�dI���8$�&���h��'���+�(������cȁ߫k�l��S^���cƗjԌE�ꭔ��gF���Ȓ��@���}O���*;e�v�WV���YJ\�]X'5��ղ�k�F��b 6R�o՜m��i N�i���� >J����?��lPm�U��}>_Z&�KK��q�r��I�D�Չ~�q�3fL�:S�e>���E���-G���{L�6p�e,8��������QI��h��a�Xa��U�A'���ʂ���s�+טIjP�-��y�8ۈZ?J$��W�P� ��R�s�]��|�l(�ԓ��sƊi��o(��S0 ��Y� 8�T97.�����WiL��c�~�dxc�E|�2!�X�K�Ƙਫ਼�$((�6�~|d9u+�qd�^3�89��Y�6L�.I�����?���iI�q���9�)O/뚅����O���X��X�V��ZF[�یgQ�L��K1���RҖr@v�#��X�l��F���Нy�S�8�7�kF!A��sM���^rkp�jP�DyS$N���q�� nxҍ!U�f�!eh�i�2�m ���`�Y�I�9r�6� �TF���C}/�y�^���Η���5d�'��9A-��J��>{�_l+�`��A���[�'��յ�ϛ#w:݅�%��X�}�&�PSt�Q�"�-��\縵�/����$Ɨh�Xb�*�y��BS����;W�ջ_mc�����vt?2}1�;qS�d�d~u:2k5�2�R�~�z+|HE!)�Ǟl��7`��0�<�,�2*���Hl-��x�^����'_TV�gZA�'j� ^�2Ϊ��N7t�����?w�� �x1��f��Iz�C-Ȗ��K�^q�;���-W�DvT�7��8�Z�������� hK�(P:��Q- �8�n�Z���܃e貾�<�1�YT<�,�����"�6{ / �?�͟��|1�:�#g��W�>$����d��J��d�B�� =��jf[��%rE^��il:��B���x���Sּ�1հ��,�=��*�7 fcG��#q� �eh?��2�7�����,�!7x��6�n�LC�4x��},Geǝ�tC.��vS �F�43��zz\��;QYC,6����~;RYS/6���|2���5���v��T��i����������mlv��������&� �nRh^ejR�LG�f���? �ۉҬܦƩ��|��Ȱ����>3����!v��i�ʯ�>�v��オ�X3e���_1z�Kȗ\<������!�8���V��]��?b�k41�Re��T�q��mz��TiOʦ�Z��Xq���L������q"+���2ۨ��8}�&N7XU7Ap�d�X��~�׿��&4e�o�F��� �H�� ��O���č�c�� 懴�6���͉��+)��v;j��ݷ�� �UV�� i��� j���Y9GdÒJ1��詞�����V?h��l�� ��l�cGs�ځ�������y�Ac���� �\V3�? �� ܙg�>qH�S,�E�W�[�㺨�uch�⍸�O�}���a��>�q�6�n6� ���N6�q�� ���� N    ! 1AQaq�0@����"2BRb�#Pr���3C`��Scst���$4D���%Td��  ? � ��N����a��3��m���C���w��������xA�m�q�m��� m������$����4n淿t'��C"w��zU=D�\R+w�p+Y�T�&�պ@��ƃ��3ޯ?�Aﶂ��aŘ���@-�����Q�=���9D��ռ�ѻ@��M�V��P��܅�G5�f�Y<�u=,EC)�<�Fy'�"�&�չ�X~f��l�KԆV��?�� �W�N����=(� �;���{�r����ٌ�Y���h{�١������jW����P���Tc�����X�K�r��}���w�R��%��?���E��m�� �Y�q|����\lEE4� ��r���}�lsI�Y������f�$�=�d�yO����p�����yBj8jU�o�/�S��?�U��*������ˍ�0����� �u�q�m [�?f����a�� )Q�>����6#������� ?����0UQ����,IX���(6ڵ[�DI�MNލ�c&���υ�j\��X�R|,4��� j������T�hA�e��^���d���b<����n�� �즇�=!���3�^�`j�h�ȓr��jẕ�c�,ٞX����-����a�ﶔ���#�$��]w�O��Ӫ�1y%��L�Y<�wg#�ǝ�̗`�x�xa�t�w��»1���o7o5��>�m뭛C���Uƃߜ}�C���y1Xνm�F8�jI���]����H���ۺиE@I�i;r�8ӭ���� V�F�Շ| ��&?�3|x�B�MuS�Ge�=Ӕ�#BE5G�� ���Y!z��_e��q�р/W>|-�Ci߇�t�1ޯќd�R3�u��g�=0 5��[?�#͏��q�cf���H��{ ?u�=?�?ǯ���}Z��z���hmΔ�BFTW�����<�q� (v� ��!��z���iW]*�J�V�z��gX֧A�q�&��/w���u�gYӘa���; �i=����g:��?2�dž6�ى�k�4�>�Pxs����}������G�9� �3 ���)gG�R<>r h�$��'nc�h�P��Bj��J�ҧH� -��N1���N��?��~��}-q!=��_2hc�M��l�vY%UE�@|�v����M2�.Y[|y�"Eï��K�ZF,�ɯ?,q�?v�M 80jx�"�;�9vk�����+ ֧�� �ȺU��?�%�vcV��mA�6��Qg^M��� �A}�3�nl� QRN�l8�kkn�'�����(��M�7m9و�q���%ޟ���*h$Zk"��$�9��: �?U8�Sl��,,|ɒ��xH(ѷ����Gn�/Q�4�P��G�%��Ա8�N��!� �&�7�;���eKM7�4��9R/%����l�c>�x;������>��C�:�����t��h?aKX�bhe�ᜋ^�$�Iհ �hr7%F$�E��Fd���t��5���+�(M6�t����Ü�UU|zW�=a�Ts�Tg������dqP�Q����b'�m���1{|Y����X�N��b �P~��F^F:����k6�"�j!�� �I�r�`��1&�-$�Bevk:y���#y w��I0��x��=D�4��tU���P�ZH��ڠ底taP��6����b>�xa� ���Q�#� WeF��ŮNj�p�J* mQ�N��� �*I�-*�ȩ�F�g�3 �5��V�ʊ�ɮ�a��5F���O@{���NX��?����H�]3��1�Ri_u��������ѕ�� ����0��� F��~��:60�p�͈�S��qX#a�5>���`�o&+�<2�D����: �������ڝ�$�nP���*)�N�|y�Ej�F�5ټ�e���ihy�Z �>���k�bH�a�v��h�-#���!�Po=@k̆IEN��@��}Ll?j�O������߭�ʞ���Q|A07x���wt!xf���I2?Z��<ץ�T���cU�j��]�� 陎Ltl �}5�ϓ��$�,��O�mˊ�;�@O��jE��j(�ا,��LX���LO���Ц�90�O �.����a��nA���7������j4 ��W��_ٓ���zW�jcB������y՗+EM�)d���N�g6�y1_x��p�$Lv :��9�"z��p���ʙ$��^��JԼ*�ϭ����o���=x�Lj�6�J��u82�A�H�3$�ٕ@�=Vv�]�'�qEz�;I˼��)��=��ɯ���x �/�W(V���p�����$ �m�������u�����񶤑Oqˎ�T����r��㠚x�sr�GC��byp�G��1ߠ�w e�8�$⿄����/�M{*}��W�]˷.�CK\�ުx���/$�WP w���r� |i���&�}�{�X� �>��$-��l���?-z���g����lΆ���(F���h�vS*���b���߲ڡn,|)mrH[���a�3�ר�[1��3o_�U�3�TC�$��(�=�)0�kgP���� ��u�^=��4 �WYCҸ:��vQ�ר�X�à��tk�m,�t*��^�,�}D*� �"(�I��9R����>`�`��[~Q]�#af��i6l��8���6�:,s�s�N6�j"�A4���IuQ��6E,�GnH��zS�HO�uk�5$�I�4��ؤ�Q9�@��C����wp �BGv[]�u�Ov��� 0I4���\��y�����Q�Ѹ��~>Z��8�T��a��q�ޣ;z��a���/��S��I:�ܫ_�|������>=Z����8:�S��U�I�J��"IY���8%b8���H��:�QO�6�;7�I�S��J��ҌAά3��>c���E+&jf$eC+�z�;��V����� �r���ʺ������my�e���aQ�f&��6�ND ��.:��NT�vm�<- u���ǝ\MvZY�N�NT��-A�>jr!S��n�O 1�3�Ns�%�3D@���`������ܟ 1�^c<���� �a�ɽ�̲�Xë#�w�|y�cW�=�9I*H8�p�^(4���՗�k��arOcW�tO�\�ƍR��8����'�K���I�Q�����?5�>[�}��yU�ײ -h��=��% q�ThG�2�)���"ו3]�!kB��*p�FDl�A���,�eEi�H�f�Ps�����5�H:�Փ~�H�0Dت�D�I����h�F3�������c��2���E��9�H��5�zԑ�ʚ�i�X�=:m�xg�hd(�v����׊�9iS��O��d@0ڽ���:�p�5�h-��t�&���X�q�ӕ,��ie�|���7A�2���O%P��E��htj��Y1��w�Ѓ!����  ���� ࢽ��My�7�\�a�@�ţ�J �4�Ȼ�F�@o�̒?4�wx��)��]�P��~�����u�����5�����7X ��9��^ܩ�U;Iꭆ 5 �������eK2�7(�{|��Y׎ �V��\"���Z�1� Z�����}��(�Ǝ"�1S���_�vE30>���p;� ΝD��%x�W�?W?v����o�^V�i�d��r[��/&>�~`�9Wh��y�;���R�� � ;;ɮT��?����r$�g1�K����A��C��c��K��l:�'��3 c�ﳯ*"t8�~l��)���m��+U,z��`( �>yJ�?����h>��]��v��ЍG*�{`��;y]��I�T� ;c��NU�fo¾h���/$���|NS���1�S�"�H��V���T���4��uhǜ�]�v;���5�͠x��'C\�SBpl���h}�N����� A�Bx���%��ޭ�l��/����T��w�ʽ]D�=����K���ž�r㻠l4�S�O?=�k �M:� ��c�C�a�#ha���)�ѐxc�s���gP�iG�� {+���x���Q���I= �� z��ԫ+ �8"�k�ñ�j=|����c ��y��CF��/ ��*9ж�h{ �?4�o� ��k�m�Q�N�x��;�Y��4膚�a�w?�6�> e]�����Q�r�:����g�,i"�����ԩA� *M�<�G��b�if��l^M��5� �Ҩ�{����6J��ZJ�����P�*�����Y���ݛu�_4�9�I8�7���������,^ToR���m4�H��?�N�S�ѕw��/S��甍�@�9H�S�T��t�ƻ���ʒU��*{Xs�@����f��� ��֒Li�K{H�w^���������Ϥm�tq���s� ���ք��f:��o~s��g�r��ט� �S�ѱC�e]�x���a��) ���(b-$(�j>�7q�B?ӕ�F��hV25r[7 Y� }L�R��}����*sg+��x�r�2�U=�*'WS��ZDW]�WǞ�<��叓���{�$�9Ou4��y�90-�1�'*D`�c�^o?(�9��u���ݐ��'PI&� f�Jݮ�������:wS����jfP1F:X �H�9dԯ�� �˝[�_54 �}*;@�ܨ�� ð�yn�T���?�ןd�#���4rG�ͨ��H�1�|-#���Mr�S3��G�3�����)�.᧏3v�z֑��r����$G"�`j �1t��x0<Ɔ�Wh6�y�6��,œ�Ga��gA����y��b��)� �h�D��ß�_�m��ü �gG;��e�v��ݝ�nQ� ��C����-�*��o���y�a��M��I�>�<���]obD��"�:���G�A��-\%LT�8���c�)��+y76���o�Q�#*{�(F�⽕�y����=���rW�\p���۩�c���A���^e6��K������ʐ�cVf5$�'->���ՉN"���F�"�UQ@�f��Gb~��#�&�M=��8�ט�JNu9��D��[̤�s�o�~��� ��� G��9T�tW^g5y$b��Y'��س�Ǵ�=��U-2 #�MC�t(�i� �lj�@Q 5�̣i�*�O����s�x�K�f��}\��M{E�V�{�υ��Ƈ�����);�H����I��fe�Lȣr�2��>��W� I�Ȃ6������i��k�� �5�YOxȺ����>��Y�f5'��|��H+��98pj�n�.O�y�������jY��~��i�w'������l�;�s�2��Y��:'lg�ꥴ)o#'Sa�a�K��Z� �m��}�`169�n���"���x��I ��*+� }F<��cГ���F�P�������ֹ*�PqX�x۩��,� ��N�� �4<-����%����:��7����W���u�`����� $�?�I��&����o��o��`v�>��P��"��l���4��5'�Z�gE���8���?��[�X�7(��.Q�-��*���ތL@̲����v��.5���[��=�t\+�CNܛ��,g�SQnH����}*F�G16���&:�t��4ُ"A��̣��$�b �|����#rs��a�����T�� ]�<�j��B S�('$�ɻ� �wP;�/�n��?�ݜ��x�F��yUn�~mL*-�������Xf�wd^�a�}��f�,=t�׵i�.2/wpN�Ep8�OР���•��R�FJ� 55TZ��T �ɭ�<��]��/�0�r�@�f��V��V����Nz�G��^���7hZi����k��3�,kN�e|�vg�1{9]_i��X5y7� 8e]�U����'�-2,���e"����]ot�I��Y_��n�(JҼ��1�O ]bXc���Nu�No��pS���Q_���_�?i�~�x h5d'�(qw52] ��'ޤ�q��o1�R!���`ywy�A4u���h<קy���\[~�4�\ X�Wt/� 6�����n�F�a8��f���z �3$�t(���q��q�x��^�XWeN'p<-v�!�{�(>ӽDP7��ո0�y)�e$ٕv�Ih'Q�EA�m*�H��RI��=:��� ���4牢) �%_iN�ݧ�l]� �Nt���G��H�L��� ɱ�g<���1V�,�J~�ٹ�"K��Q�� 9�HS�9�?@��k����r�;we݁�]I�!{ �@�G�[�"��`���J:�n]�{�cA�E����V��ʆ���#��U9�6����j�#Y�m\��q�e4h�B�7��C�������d<�?J����1g:ٳ���=Y���D�p�ц� ׈ǔ��1�]26؜oS�'��9�V�FVu�P�h�9�xc�oq�X��p�o�5��Ա5$�9W�V(�[Ak�aY錎qf;�'�[�|���b�6�Ck��)��#a#a˙��8���=äh�4��2��C��4tm^ �n'c� ��]GQ$[Wҿ��i���vN�{Fu ��1�gx��1┷���N�m��{j-,��x�� Ūm�ЧS�[�s���Gna���䑴�� x�p 8<������97�Q���ϴ�v�aϚG��Rt�Һ׈�f^\r��WH�JU�7Z���y)�vg=����n��4�_)y��D'y�6�]�c�5̪ �\� �PF�k����&�c;��cq�$~T�7j ���nç]�<�g ":�to�t}�159�<�/�8������m�b�K#g'I'.W����� 6��I/��>v��\�MN��g���m�A�yQL�4u�Lj�j9��#44�t��l^�}L����n��R��!��t��±]��r��h6ٍ>�yҏ�N��fU�� ���� Fm@�8}�/u��jb9������he:A�y�ծw��GpΧh�5����l}�3p468��)U��d��c����;Us/�֔�YX�1�O2��uq�s��`hwg�r~�{ R��mhN��؎*q 42�*th��>�#���E����#��Hv�O����q�}����� 6�e��\�,Wk�#���X��b>��p}�դ��3���T5��†��6��[��@ �P�y*n��|'f�֧>�lư΂�̺����SU�'*�q�p�_S�����M�� '��c�6��� ��m�� ySʨ;M��r���Ƌ�m�Kxo,���Gm�P��A�G�:��i��w�9�}M(�^�V��$ǒ�ѽ�9���|���� �a����J�SQ�a���r�B;����}���ٻ֢�2�%U���c�#�g���N�a�ݕ�'�v�[�OY'��3L�3�;,p�]@�S��{ls��X�'���c�jw� k'a�.��}�}&�� �dP�*�bK=ɍ!����;3n�gΊU�ߴmt�'*{,=SzfD� A��ko~�G�aoq�_mi}#�m�������P�Xhύ��� �mxǍ�΂���巿zf��Q���c���|kc�����?���W��Y�$���_Lv����l߶��c���`?����l�j�ݲˏ!V��6����U�Ђ(A���4y)H���p�Z_�x��>���e�� R��$�/�`^'3qˏ�-&Q�=?��CFVR �D�fV�9��{�8g�������n�h�(P"��6�[�D���< E�����~0<@�`�G�6����Hг�cc�� �c�K.5��D��d�B���`?�XQ��2��ٿyqo&+�1^� DW�0�ꊩ���G�#��Q�nL3��c���������/��x ��1�1 [y�x�პCW��C�c�UĨ80�m�e�4.{�m��u���I=��f�����0QRls9���f���������9���~f�����Ǩ��a�"@�8���ȁ�Q����#c�ic������G��$���G���r/$W�(��W���V�"��m�7�[m�A�m����bo��D� j����۳� l���^�k�h׽����� ��#� iXn�v��eT�k�a�^Y�4�BN�� ĕ�� 0    !01@Q"2AaPq3BR������ ? � ��@4�Q�����T3,���㺠�W�[=JK�Ϟ���2�r^7��vc�:�9 �E�ߴ�w�S#d���Ix��u��:��Hp��9E!�� V 2;73|F��9Y���*ʬ�F��D����u&���y؟��^EA��A��(ɩ���^��GV:ݜDy�`��Jr29ܾ�㝉��[���E;Fzx��YG��U�e�Y�C���� ����v-tx����I�sם�Ę�q��Eb�+P\ :>�i�C'�;�����k|z�رn�y]�#ǿb��Q��������w�����(�r|ӹs��[�D��2v-%��@;�8<a���[\o[ϧw��I!��*0�krs)�[�J9^��ʜ��p1)� "��/_>��o��<1����A�E�y^�C��`�x1'ܣn�p��s`l���fQ��):�l����b>�Me�jH^?�kl3(�z:���1ŠK&?Q�~�{�ٺ�h�y���/�[��V�|6��}�KbX����mn[-��7�5q�94�������dm���c^���h� X��5��<�eޘ>G���-�}�دB�ޟ� ��|�rt�M��V+�]�c?�-#ڛ��^ǂ}���Lkr���O��u�>�-D�ry� D?:ޞ�U��ǜ�7�V��?瓮�"�#���r��չģVR;�n���/_� ؉v�ݶe5d�b9��/O��009�G���5n�W����JpA�*�r9�>�1��.[t���s�F���nQ� V 77R�]�ɫ8����_0<՜�IF�u(v��4��F�k�3��E)��N:��yڮe��P�`�1}�$WS��J�SQ�N�j �ٺ��޵�#l���ј(�5=��5�lǏmoW�v-�1����v,W�mn��߀$x�<����v�j(����c]��@#��1������Ǔ���o'��u+����;G�#�޸��v-lη��/(`i⣍Pm^� ��ԯ̾9Z��F��������n��1��� ��]�[��)�'������ :�֪�W��FC����� �B9،!?���]��V��A�Վ�M��b�w��G F>_DȬ0¤�#�QR�[V��kz���m�w�"��9ZG�7'[��=�Q����j8R?�zf�\a�=��O�U����*oB�A�|G���2�54 �p��.w7� �� ��&������ξxGHp� B%��$g�����t�Џ򤵍z���HN�u�Я�-�'4��0�� ;_�� 3     !01"@AQa2Pq#3BR������ ? � �ʩca��en��^��8���<�u#��m*08r��y�N"�<�Ѳ0��@\�p��� �����Kv�D��J8�Fҽ� �f�Y��-m�ybX�NP����}�!*8t(�OqѢ��Q�wW�K��ZD��Δ^e��!� ��B�K��p~�����e*l}z#9ң�k���q#�Ft�o��S�R����-�w�!�S���Ӥß|M�l޶V��!eˈ�8Y���c�ЮM2��tk���� ������J�fS����Ö*i/2�����n]�k�\���|4yX�8��U�P.���Ы[���l��@"�t�<������5�lF���vU�����W��W��;�b�cД^6[#7@vU�xgZv��F�6��Q,K�v��� �+Ъ��n��Ǣ��Ft���8��0��c�@�!�Zq s�v�t�;#](B��-�nῃ~���3g������5�J�%���O������n�kB�ĺ�.r��+���#�N$?�q�/�s�6��p��a����a��J/��M�8��6�ܰ"�*������ɗud"\w���aT(����[��F��U՛����RT�b���n�*��6���O��SJ�.�ij<�v�MT��R\c��5l�sZB>F��<7�;EA��{��E���Ö��1U/�#��d1�a�n.1ě����0�ʾR�h��|�R��Ao�3�m3 ��%�� ���28Q� ��y��φ���H�To�7�lW>����#i`�q���c����a��� �m,B�-j����݋�'mR1Ήt�>��V��p���s�0IbI�C.���1R�ea�����]H�6�������� ��4B>��o��](��$B���m�����a�!=� �?�B� K�Ǿ+�Ծ"�n���K��*��+��[T#�{ E�J�S����Q�����s�5�:�U�\wĐ�f�3����܆&�)��� �I���Ԇw��E T�lrTf6Q|R�h:��[K�� �z��c֧�G�C��%\��_�a �84��HcO�bi��ؖV��7H �)*ģK~Xhչ0��4?�0��� �E<���}3���#���u�?�� ��|g�S�6ꊤ�|�I#Hڛ� �ա��w�X��9��7���Ŀ%�SL��y6č��|�F�a 8���b� �$�sק�h���b9RAu7�˨p�Č�_\*w��묦��F ����4D~�f����|(�"m���NK��i�S�>�$d7SlA��/�²����SL��|6N�}���S�˯���g��]6��; �#�.��<���q'Q�1|KQ$�����񛩶"�$r�b:���N8�w@��8$�� �AjfG|~�9F ���Y��ʺ��Bwؒ������M:I岎�G��`s�YV5����6��A �b:�W���G�q%l�����F��H���7�������Fsv7� �k�� 403WebShell
403Webshell
Server IP : 127.0.0.1  /  Your IP : 10.100.1.254
Web Server : Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
System : Windows NT WIZC-EXTRANET 10.0 build 19045 (Windows 10) AMD64
User : SYSTEM ( 0)
PHP Version : 8.0.30
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  C:/Users/owner/AppData/Local/Microsoft/OneDrive/25.149.0803.0003/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : C:/Users/owner/AppData/Local/Microsoft/OneDrive/25.149.0803.0003/CollectSyncLogs.bat
@if not defined _echo echo off
setlocal ENABLEEXTENSIONS ENABLEDELAYEDEXPANSION

set OUTPUTDIR=%USERPROFILE%\Desktop
set DODUMP=0
set SENDMAIL=0
set RETURNCODE=0
set DecoderKey=
set ScriptName=%~0

REM Set the CAB file name to include the date and time with
REM underscores substituted for the invalid characters.

set DATETIMESUFFIX=%DATE:/=_%_%TIME::=_%
set CABOUTPUT=OneDriveLogs_%DATETIMESUFFIX: =_%.cab

:ParseCommand
if "%~1"=="" goto :ParseDone

if /i "%~1"=="/OutputDir" (
    for %%i in (%2) do set OUTPUTDIR=%%~i
    shift
) else if /i "%~1"=="/OutputFile" (
    for %%i in (%2) do set CABOUTPUT=%%~i
    shift
) else if /i "%~1"=="/NoDump" (
    set DODUMP=0
) else if /i "%~1"=="/SendMail" (
    set SENDMAIL=1
) else if /i "%~1"=="/IncludeDecoderKey" (
    set DecoderKey=Y
) else if /i "%~1"=="/NoDecoderKey" (
    set DecoderKey=N
) else (
    echo Usage: %ScriptName% [Options]
    echo.
    echo     This script collects all the client logs and CABs them up for simple
    echo     upload.  By default, it will drop the CAB file on your Desktop.
    echo.
    echo Options:
    echo.
    echo     /OutputDir outputdirectory   - Set output directory
    echo     /NoDump                      - Don't collect a process dump of OneDrive.exe
    echo     /OutputFile outputFile       - Filename of output file to use
    echo     /SendMail                    - Triggers an email to the given alias with the full path of the file.
    echo     /IncludeDecoderKey           - Do not prompt and include the decoder key with the logs
    echo     /NoDecoderKey                - Do not prompt and do NOT include the decoder key with the logs
    echo.
    goto :Return
)
shift
goto :ParseCommand

:ParseDone

REM -------------------------
REM * CLIENT PATH DISCOVERY *
REM -------------------------

if "%LOCALAPPDATA%"=="" (
    set LOCALAPPDATA=%USERPROFILE%\Local Settings\Application Data
)

set CLIENTPATH=%LOCALAPPDATA%\Microsoft\OneDrive
set LEGACY_MACHINE_SETUP_LOGS_PATH=%PROGRAMDATA%\Microsoft OneDrive
set MACHINE_I386_SETUP_LOGS_PATH=%PROGRAMFILES(X86)%\Microsoft OneDrive
set MACHINE_AMD64_SETUP_LOGS_PATH=%ProgramW6432%\Microsoft OneDrive
set UPDATER_SERVICE_NAME=OneDrive Updater Service

if exist "%CLIENTPATH%" (
    goto :CopyLogs
)

if exist "%LEGACY_MACHINE_SETUP_LOGS_PATH%" (
    goto :CopyLogs
)

if exist "%MACHINE_I386_SETUP_LOGS_PATH%" (
    goto :CopyLogs
)

if exist "%MACHINE_AMD64_SETUP_LOGS_PATH%" (
    goto :CopyLogs
)

REM None of the data folders exist, exit.
echo Error: No application data exists for OneDrive client.
echo.
goto :Return

REM -------------
REM * COPY LOGS *
REM -------------

:CopyLogs

if exist "%CLIENTPATH%" (
    pushd "%CLIENTPATH%"
    set WORKINGDIR=%CLIENTPATH%\LogCollection
) else (
    set WORKINGDIR=%TMP%\LogCollection
)

if exist "%WORKINGDIR%" (
    rd /s /q "%WORKINGDIR%"
)

mkdir "%WORKINGDIR%"

echo.
echo Microsoft values your privacy.
echo.
echo You have been asked to provide logs from your computer that will help support
echo engineers identify and resolve a problem you have been experiencing.
echo.
echo Text such as web addresses (URLs), email addresses, File and Folder names that
echo are in the logs are scrambled so the original text is not visible to engineers
echo investigating your logs.
echo.

if not defined DecoderKey (
    echo Giving support engineers the ability to unscramble your logs will allow
    echo trouble shooting issues you are having with specific files or folders. Without
    echo this ability, you may need to perform additional manual steps to provide
    echo support with information they need to troubleshoot your issue.
    echo.
    echo May support unscramble your logs?
    set /p DecoderKey=Enter YES or NO: 
    echo.
)

if /I "%DecoderKey:~0,1%" == "Y" (
  set SyncLogsExclude=
  set SyncSettingsExclude=
  echo You have given support the ability to unscramble your logs.
) else (
  set SyncLogsExclude=/XF ObfuscationStringMap.txt *.keystore
  set SyncSettingsExclude=/XF *.dat
  echo Support will not be able to unscramble your logs.
  echo.
  echo Microsoft may need you to perform extra steps to troubleshoot your issue.
)
echo.

REM If the user wants to include their DecoderKey, check if Vault has been setup for their Personal instance
REM If it has, prompt the user to ask if they would like to include their Vault encryption key store
if /I "%DecoderKey:~0,1%" == "Y" (
    set PERSONAL_ACCOUNT_REGISTRY_KEY="HKCU\Software\Microsoft\OneDrive\Accounts\Personal"
    reg.exe QUERY !PERSONAL_ACCOUNT_REGISTRY_KEY! /v VaultIntroShown | find "0x1" 2>&1>NUL
    if !ERRORLEVEL! == 0 (
        set VaultSetupComplete=Y
    )

    if defined VaultSetupComplete (
        echo Would you also like to give support engineers the ability to unscramble
        echo your Personal Vault logs? This is important if you are experiencing issues
        echo while using your Personal Vault. 
        echo If you select "Yes" you will be prompted to unlock your Vault
        echo.
        echo May support unscramble your Personal Vault logs?
        set /p VaultDecoderKey=Enter YES or NO: 
        echo.
    )

    set ONEDRIVE_EXE_PATH=%~dp0..\OneDrive.exe

    if /I "!VaultDecoderKey:~0,1!" == "Y" (
        !ONEDRIVE_EXE_PATH! /resetkeys /outputkeystorevault
        echo After you have unlocked your Personal Vault or you would no longer like to give
        echo support engineers the ability to unscramble your Vault logs, press any key to continue.
        pause
    )
)

echo Working directory is %WORKINGDIR%.
echo OutputDir is %OutputDir%
echo OutputFile is %CabOutput%
echo DoDump is %DoDump%
echo SendMail is %SendMail%
echo.
echo Gathering Logs ...
echo.

set > "%WORKINGDIR%\env.txt"
REM TaskList and SystemInfo are not available on XP Home.
REM /v makes tasklist.exe really slow when not running elevated so don't use it
tasklist.exe > "%WORKINGDIR%\tasklist.txt"
systeminfo.exe > "%WORKINGDIR%\systeminfo.txt"

REM Capture list of running services.
net.exe start > "%WORKINGDIR%\services.txt"

REM Capture fltmc.exe output (will fail if not elevated)
fltmc.exe > "%WORKINGDIR%\fltmc.txt"

REM Capture service information for OneDrive Updater Service
sc.exe query "%UPDATER_SERVICE_NAME%" > "%WORKINGDIR%\updaterservice.txt"
sc.exe qc "%UPDATER_SERVICE_NAME%" >> "%WORKINGDIR%\updaterservice.txt"

REM OneDrive
set /p CRLF=Copying OneDrive logs <NUL

set WORKINGDIRONEDRIVE=%WORKINGDIR%\OneDrive
mkdir "%WORKINGDIRONEDRIVE%"

if exist "%CLIENTPATH%" (
    dir /S "%CLIENTPATH%" > "%WORKINGDIRONEDRIVE%\tree.txt"
    robocopy.exe "%CLIENTPATH%\logs" "%WORKINGDIRONEDRIVE%\logs" /S %SyncLogsExclude%
    robocopy.exe "%CLIENTPATH%\settings" "%WORKINGDIRONEDRIVE%\settings" /S %SyncSettingsExclude%
    robocopy.exe "%CLIENTPATH%\setup\logs" "%WORKINGDIRONEDRIVE%\setup\logs" /S
)

if exist "%LEGACY_MACHINE_SETUP_LOGS_PATH%" (
    robocopy.exe "%LEGACY_MACHINE_SETUP_LOGS_PATH%\setup\logs" "%WORKINGDIRONEDRIVE%\LegacyMachineSetupLogs\setup\logs" /S
    robocopy.exe "%LEGACY_MACHINE_SETUP_LOGS_PATH%\StandaloneUpdater\logs" "%WORKINGDIRONEDRIVE%\LegacyMachineSetupLogs\StandaloneUpdater\logs" /S
    robocopy.exe "%LEGACY_MACHINE_SETUP_LOGS_PATH%\UpdaterService\logs" "%WORKINGDIRONEDRIVE%\LegacyMachineSetupLogs\UpdaterService\logs" /S
    robocopy.exe "%LEGACY_MACHINE_SETUP_LOGS_PATH%\FileSyncHelper\logs" "%WORKINGDIRONEDRIVE%\LegacyMachineSetupLogs\FileSyncHelper\logs" /S
)

if exist "%MACHINE_I386_SETUP_LOGS_PATH%" (
    robocopy.exe "%MACHINE_I386_SETUP_LOGS_PATH%\setup\logs" "%WORKINGDIRONEDRIVE%\MachineSetupLogs\setup\logs" /S
    robocopy.exe "%MACHINE_I386_SETUP_LOGS_PATH%\StandaloneUpdater\logs" "%WORKINGDIRONEDRIVE%\MachineSetupLogs\StandaloneUpdater\logs" /S
    robocopy.exe "%MACHINE_I386_SETUP_LOGS_PATH%\UpdaterService\logs" "%WORKINGDIRONEDRIVE%\MachineSetupLogs\UpdaterService\logs" /S
    robocopy.exe "%MACHINE_I386_SETUP_LOGS_PATH%\FileSyncHelper\logs" "%WORKINGDIRONEDRIVE%\MachineSetupLogs\FileSyncHelper\logs" /S
)

if exist "%MACHINE_AMD64_SETUP_LOGS_PATH%" (
    robocopy.exe "%MACHINE_AMD64_SETUP_LOGS_PATH%\setup\logs" "%WORKINGDIRONEDRIVE%\MachineAmd64SetupLogs\setup\logs" /S
    robocopy.exe "%MACHINE_AMD64_SETUP_LOGS_PATH%\StandaloneUpdater\logs" "%WORKINGDIRONEDRIVE%\MachineAmd64SetupLogs\StandaloneUpdater\logs" /S
    robocopy.exe "%MACHINE_AMD64_SETUP_LOGS_PATH%\UpdaterService\logs" "%WORKINGDIRONEDRIVE%\MachineAmd64SetupLogs\UpdaterService\logs" /S
    robocopy.exe "%MACHINE_AMD64_SETUP_LOGS_PATH%\FileSyncHelper\logs" "%WORKINGDIRONEDRIVE%\MachineAmd64SetupLogs\FileSyncHelper\logs" /S
)

set PERMACHINECLIENTPATH86=%PROGRAMFILES(X86)%\Microsoft OneDrive
if exist "%PERMACHINECLIENTPATH86%" (
    dir /S "%PERMACHINECLIENTPATH86%" > "%WORKINGDIRONEDRIVE%\PerMachine86Tree.txt"
)

set PERMACHINECLIENTPATH64=%ProgramW6432%\Microsoft OneDrive
if exist "%PERMACHINECLIENTPATH64%" (
    dir /S "%PERMACHINECLIENTPATH64%" > "%WORKINGDIRONEDRIVE%\PerMachine64Tree.txt"
)

REM Collect start menu shortcut state
set PERMACHINE_START_MENU_KEY="HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
for /f "tokens=4*" %%i in (
    'reg.exe QUERY !PERMACHINE_START_MENU_KEY! /v "Common Start Menu"'
) do (
    call set PERMACHINE_START_MENU_PATH=%%~j
)
set PERMACHINE_START_MENU_PATH="%PERMACHINE_START_MENU_PATH%\Programs\OneDrive.lnk"

set PERUSER_START_MENU_KEY="HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
for /f "tokens=3*" %%i in (
    'reg.exe QUERY !PERUSER_START_MENU_KEY! /v "Start Menu"'
) do (
    call set PERUSER_START_MENU_PATH=%%~j
)
set PERUSER_START_MENU_PATH="%PERUSER_START_MENU_PATH%\Programs\OneDrive.lnk"

if exist %PERUSER_START_MENU_PATH% (
    echo PerUser start menu shortcut exists at %PERUSER_START_MENU_PATH% > "%WORKINGDIRONEDRIVE%\StartMenuShortcut.txt"
) else (
    echo PerUser start menu shortcut does not exist at %PERUSER_START_MENU_PATH% > "%WORKINGDIRONEDRIVE%\StartMenuShortcut.txt"
)

if exist %PERMACHINE_START_MENU_PATH% (
    echo PerMachine start menu shortcut exists at %PERMACHINE_START_MENU_PATH% >> "%WORKINGDIRONEDRIVE%\StartMenuShortcut.txt"
) else (
    echo PerMachine start menu shortcut does not exist at %PERMACHINE_START_MENU_PATH% >> "%WORKINGDIRONEDRIVE%\StartMenuShortcut.txt"
)


REM Collect list of overlay handlers
CALL :LogRegkey "\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers", "/s", "%WORKINGDIRONEDRIVE%\reg_OverlayHandlers.txt", HKLM\Software

REM Collect Run key and RunOnce key
CALL :LogRegkey "\Microsoft\Windows\CurrentVersion\Run", "/s", "%WORKINGDIRONEDRIVE%\reg_RunKeys.txt", HKCU\Software
CALL :LogRegkey "\Microsoft\Windows\CurrentVersion\RunOnce", "/s", "%WORKINGDIRONEDRIVE%\reg_RunKeys.txt", HKCU\Software

REM Collect OneDrive reg keys from HKLM and HKCU
CALL :LogRegkey "\Microsoft\OneDrive", "/s", "%WORKINGDIRONEDRIVE%\reg_OneDriveRegKeys.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node

REM Collect SyncEngineProvider keys
CALL :LogRegkey "\SyncEngines\Providers\OneDrive", "/s", "%WORKINGDIRONEDRIVE%\reg_SyncEngineProviders.txt", HKCU\Software

REM Collect odopen keys
CALL :LogRegkey "\Classes\odopen", "/s", "%WORKINGDIRONEDRIVE%\reg_ODOpen.txt", HKCU\Software, HKLM\Software

REM Collect ARP keys
CALL :LogRegkey "\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe", "/s", "%WORKINGDIRONEDRIVE%\reg_ARP.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node

REM Collect Autoplay handler keys
CALL :LogRegkey "\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers", "/s", "%WORKINGDIRONEDRIVE%\reg_AutoplayHandlers.txt", HKCU\Software

REM Collect policies
CALL :LogRegkey "\Policies\Microsoft\OneDrive", "/s", "%WORKINGDIRONEDRIVE%\reg_OneDrivePolicies.txt", HKLM\Software, HKCU\Software
CALL :LogRegkey "\Policies\Microsoft\Windows\OneDrive", "/s", "%WORKINGDIRONEDRIVE%\reg_OneDrivePolicies.txt", HKLM\Software, HKLM\Software\WOW6432Node

REM Collect Groove keys
CALL :LogRegkey "\Microsoft\Common\Groove", "", "%WORKINGDIRONEDRIVE%\reg_GrooveKeys.txt", HKCU\Software

REM Collect Winlogon keys
CALL :LogRegkey "\Microsoft\Windows NT\CurrentVersion\Winlogon", "", "%WORKINGDIRONEDRIVE%\reg_Winlogon.txt", HKCU\Software, HKLM\Software

REM Collect SyncRootManager keys
CALL :LogRegkey "\Microsoft\Windows\CurrentVersion\Explorer\SyncRootManager", "/s", "%WORKINGDIRONEDRIVE%\reg_SyncRootManagerRegKeys.txt", HKLM\Software

REM Collect COM keys for Current User
CALL :LogRegkey "\Classes\AppID\{EEABD3A3-784D-4334-AAFC-BB13234F17CF}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\AppID\OneDrive.EXE", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\CLSID\{6bb93b4e-44d8-40e2-bd97-42dbcf18a40f}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\SyncEngineCOMServer.SyncEngineCOMServer.1", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\SyncEngineCOMServer.SyncEngineCOMServer", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\SyncEngineStorageProviderHandlerProxy.SyncEngineStorageProviderHandlerProxy.1", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\SyncEngineStorageProviderHandlerProxy.SyncEngineStorageProviderHandlerProxy", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\TypeLib\{638805C3-4BA3-4AC8-8AAC-71A0BA2BC284}\1.0", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\TypeLib\{082D3FEC-D0D0-4DF6-A988-053FECE7B884}\1.0", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\FileSyncClient.FileSyncClient.1", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\FileSyncClient.FileSyncClient", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\FileSyncClient.AutoPlayHandler.1", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\FileSyncClient.AutoPlayHandler", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\BannerNotificationHandler.BannerNotificationHandler.1", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\BannerNotificationHandler.BannerNotificationHandler", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\CLSID\{2e7c0a19-0438-41e9-81e3-3ad3d64f55ba}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{F0AF7C30-EAE4-4644-961D-54E6E28708D6}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{0299ECA9-80B6-43C8-A79A-FB1C5F19E7D8}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{0f872661-c863-47a4-863f-c065c182858a}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{da82e55e-fa2f-45b3-aec3-e7294106ef52}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{e9de26a1-51b2-47b4-b1bf-c87059cc02a7}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{2692D1F2-2C7C-4AE0-8E73-8F37736C912D}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{5D5DD08F-A10E-4FEF-BCA7-E73E666FC66C}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{EE15BBBB-9E60-4C52-ABCB-7540FF3DF6B3}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{8D3F8F15-1DE1-4662-BF93-762EABE988B2}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{2B865677-AC3A-43BD-B9E7-BF6FCD3F0596}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{10C9242E-D604-49B5-99E4-BF87945EF86C}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{F062BA81-ADFE-4A92-886A-23FD851D6406}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{3A4E62AE-45D9-41D5-85F5-A45B77AB44E5}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{390AF5A7-1390-4255-9BC9-935BFCFA5D57}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{1196AE48-D92B-4BC7-85DE-664EC3F761F1}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{D0ED5C72-6197-4AAD-9B16-53FE461DD85C}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{b5c25645-7426-433f-8a5f-42b7ff27a7b2}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{1b7aed4f-fcaf-4da4-8795-c03e635d8edc}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{0d4e4444-cb20-4c2b-b8b2-94e5656ecae8}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{d8c80ebb-099c-4208-afa3-fbc4d11f8a3c}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{C2FE84F5-E036-4A07-950C-9BFD3EAB983A}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{a7126d4c-f492-4eb9-8a2a-f673dbdd3334}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{c1439245-96b4-47fc-b391-679386c5d40f}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{02C98E2C-6C9F-49F8-9B57-3A6E1AA09A67}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{385ED83D-B50C-4580-B2C3-9E64DBE7F511}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{8B9F14F4-9559-4A3F-B7D0-312E992B6D98}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{22A68885-0FD9-42F6-9DED-4FB174DC7344}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{9E1CD0DF-72E7-4284-9598-342C0A46F96B}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{944903E8-B03F-43A0-8341-872200D2DA9C}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{B54E7079-90C9-4C62-A6B8-B2834C33A04A}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{1B71F23B-E61F-45C9-83BA-235D55F50CF9}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{EA23A664-A558-4548-A8FE-A6B94D37C3CF}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{2F12C599-7AA5-407A-B898-09E6E4ED2D1E}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{2EB31403-EBE0-41EA-AE91-A1953104EA55}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{AEEBAD4E-3E0A-415B-9B94-19C499CD7B6A}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{fac14b75-7862-4ceb-be41-f53945a61c17}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\TypeLib\{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}\1.0", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\*\shellex\ContextMenuHandlers\ FileSyncEx", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Directory\Background\shellex\ContextMenuHandlers\ FileSyncEx", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Directory\shellex\ContextMenuHandlers\ FileSyncEx", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\IE.AssocFile.URL\shellex\ContextMenuHandlers\ FileSyncEx", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{31508CC7-9BC7-494B-9D0F-7B1C7F144182}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\TypeLib\{C9F3F6BB-3172-4CD8-9EB7-37C9BE601C87}\1.0", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\OOBERequestHandler.OOBERequestHandler.1", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\OOBERequestHandler.OOBERequestHandler", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\SyncEngineFileInfoProvider.SyncEngineFileInfoProvider.1", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\SyncEngineFileInfoProvider.SyncEngineFileInfoProvider", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{466F31F7-9892-477E-B189-FA5C59DE3603}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{679EC955-75AA-4FB2-A7ED-8C0152ECF409}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{B05D37A9-03A2-45CF-8850-F660DF0CBF07}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{6A821279-AB49-48F8-9A27-F6C59B4FF024}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{162C6FB5-44D3-435B-903D-E613FA093FB5}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node
CALL :LogRegkey "\Classes\Interface\{301DFBE5-524C-4B0F-8B2D-21C40B3A2988}", "/s", "%WORKINGDIRONEDRIVE%\reg_COM.txt", HKCU\Software, HKLM\Software, HKLM\Software\WOW6432Node

REM Check if OneDrive is elevated
powershell -Command "& {get-process onedrive | add-member -Name Elevated -MemberType ScriptProperty -Value {if ($this.Name -in @('Idle','System')) {$null} else {-not $this.Path -and -not $this.Handle} } -PassThru | Format-Table Name,Elevated}" > "%WORKINGDIRONEDRIVE%\OneDriveElevated.txt" 2>&1

REM Check if Sparse Package exists for Win 11 OS only.
REM 'ver' will output "Microsoft Windows [Version 10.0.19043.1110]"
REM Split output by spaces or periods. Take the 6th spot which is the build version (19043) and check if it's greater than the min build for Win 11
REM If so, print the package output into OneDriveSparsePackage.txt
for /f "tokens=6 delims=. " %%i in ('ver') do set OSVERSION=%%i
if "%OSVERSION%" gtr "21600" (
    echo Checking Sparse Package information
    powershell -Command "Get-AppxPackage -Name "Microsoft.OneDriveSync" > "%WORKINGDIRONEDRIVE%\OneDriveSparsePackage.txt" 2>&1
)

REM -------------
REM * Export Event logs *
REM -------------
echo.
echo Exporting event logs...
wevtutil.exe export-log Application "%WORKINGDIR%\Application.evtx"
wevtutil.exe export-log System "%WORKINGDIR%\System.evtx"
wevtutil.exe export-log Setup "%WORKINGDIR%\Setup.evtx"
wevtutil.exe export-log Microsoft-Windows-Bits-Client/Operational "%WORKINGDIR%\Bits.evtx"
wevtutil.exe export-log Microsoft-Windows-TaskScheduler/Operational "%WORKINGDIR%\TaskScheduler.evtx"

REM -------------
REM * Export OneDrive Standalone Update Task information *
REM -------------
echo.
echo Exporting OneDrive Standalone Update Task information...
schtasks.exe /query /TN "OneDrive Standalone Update Task" /XML > %WORKINGDIR%\OneDriveStandaloneUpdateTask.xml 2>&1
schtasks.exe /query /TN "OneDrive Standalone Update Task v2" /XML > %WORKINGDIR%\OneDriveStandaloneUpdateTaskV2.xml 2>&1
schtasks.exe /query /TN "OneDrive Per-Machine Standalone Update Task" /XML > %WORKINGDIR%\OneDrivePerMachineStandaloneUpdateTask.xml 2>&1

for /f "skip=6 tokens=2" %%i IN ('whoami /user') do set SID=%%i
schtasks.exe /query /TN "OneDrive Standalone Update Task-%SID%" /XML > %WORKINGDIR%\OneDriveStandaloneUpdateTaskSID.xml 2>&1

echo.
echo.


REM Copy complete.  CAB up files.

echo Writing CAB file to %CABOUTPUT%...

call :CABIT "%WORKINGDIR%"

if "%OUTPUTDIR%"=="%USERPROFILE%\Desktop" (
    set SHFOLDER_REGISTRY_KEY="HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
    for /f "tokens=2*" %%i in (
        'reg.exe QUERY !SHFOLDER_REGISTRY_KEY! /v Desktop'
    ) do (
        call set OUTPUTDIR=%%~j
    )
)

if not exist "%OUTPUTDIR%\" (
    echo Error! %OUTPUTDIR% does not exist.
    move /y "%WORKINGDIR%\%CABOUTPUT%" %USERPROFILE%\Desktop\. 2>&1>NUL
    set RETURNCODE=1
    goto :Return    
)

move /y "%WORKINGDIR%\%CABOUTPUT%" "%OUTPUTDIR%\." 2>&1>NUL

if ERRORLEVEL 1 (
    echo error level 1
    move /y "%WORKINGDIR%\%CABOUTPUT%" %USERPROFILE%\Desktop\. 2>&1>NUL
    set RETURNCODE=1
)


rd /s /q "%WORKINGDIR%"

echo.
echo Log collection complete.  Please upload the following file:
echo.
echo     %OUTPUTDIR%\%CABOUTPUT%
echo.

if "%SENDMAIL%"=="1" (
    echo Sending mail...
    call :SendMail
)
goto :Return

REM ---- END OF MAIN SCRIPT ---- Sub-Routines follow ----

REM -----------
REM * CAB IT! *
REM -----------
:CABIT
set DIRECTIVEFILE=%TEMP%\Schema.ddf
set TARGET=%1
set TEMPFILE=%TEMP%\TEMP-%RANDOM%.tmp

if not exist %TARGET% (
    echo %TARGET% does not exist.
    goto :Return
)

pushd %TARGET%

echo. > %DIRECTIVEFILE%
echo .set CabinetNameTemplate=%CABOUTPUT% >> %DIRECTIVEFILE%
echo .set DiskDirectoryTemplate= >> %DIRECTIVEFILE%
echo .set InfFileName=%TEMPFILE% >> %DIRECTIVEFILE%
echo .set RptFileName=%TEMPFILE% >> %DIRECTIVEFILE%
echo .set MaxDiskSize=0 >> %DIRECTIVEFILE%
echo .set CompressionType=LZX >> %DIRECTIVEFILE%

del /f %TEMPFILE% 2>NUL

call :CAB_DIR .

makecab.exe /f %DIRECTIVEFILE%

del /f %DIRECTIVEFILE% 2>NUL
del /f %TEMPFILE% 2>NUL

popd
goto :Return

REM CAB Helper
:CAB_DIR
echo .set DestinationDir=%1 >> %DIRECTIVEFILE%
for /f "tokens=*" %%i in ('dir /b /a:-d %1') do (
    echo "%~1\%%i" >> %DIRECTIVEFILE%
)
for /f "tokens=*" %%i in ('dir /b /a:d %1') do (
    call :CAB_DIR "%~1\%%i"
)
goto :Return

REM Calls reg.exe query on the given regkey and appends output to the given file.
REM If regkey didn't exist, logs that it was not found.
REM Parameter 1: regkey subpath (anything after HKLM\Software, HKCU\Software, or HKLM\Software\WOW6432Node etc.)
REM Parameter 2: params for reg query (e.g. /s)
REM Parameter 3: output file to append to
REM Paramter 4 - n: regkey prefixes to query. E.g. HKLM\Software, HKCU\Software, HKLM\Software\WOW6432Node etc.
:LogRegkey
set argCount=0
for %%x in (%*) do (
    set /a argCount+=1
    if !argCount! GTR 3 (
        reg.exe query "%%x%~1" > nul 2>&1
        if !ERRORLEVEL! EQU 0 (
            reg.exe query "%%x%~1" %~2 >> "%~3" 2>&1
        ) ELSE (
            echo "%%x%~1" NOT FOUND >> "%~3"
        )
    )
)
goto :Return

:SendMail
start mailto:wldrxireport@microsoft.com?subject=[Issue%%20Reporter%%20Logs]%%20New%%20logs%%20from%%20%computername%^&body=A%%20new%%20set%%20of%%20logs%%20have%%20been%%20submitted%%20from%%20device%%20%computername%.%%20The%%20logs%%20can%%20be%%20found%%20here:%%0D%%0A%%20%OUTPUTDIR%\%CabOutput%%%0D%%0A%%0D%%0AYou%%20can%%20reference%%20this%%20report%%20at%%20any%%20time%%20by%%20mailing%%20the%%20wldrxireport%%20alias%%20and%%20including%%20the%%20following%%20report%%20identifier:%%0D%%0A%CabOutput%%%0D%%0A%%0D%%0A(Optional)%%20additional%%20comments/repro%%20steps:"
goto :Return

:Return
exit /b %RETURNCODE%

Youez - 2016 - github.com/yon3zu
LinuXploit