Search notes:

S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464

S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 is the SID of the Trusted Installer (NT SERVICE\TrustedInstaller). S-1-5-80-… is the prefix for all SIDs that represent a service).

TrustedInstaller is sometimes abbreviated with TI (for exmple in the output of cacls.exe).

Many files under C:\Windows\System32 belong to TrustedInstaller::e

Ps C:\> get-acl C:\Windows\System32

    Directory: C:\Windows

Path     Owner                       Access
----     -----                       ------
System32 NT SERVICE\TrustedInstaller CREATOR OWNER Allow  268435456…

S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464

See also