# Flog Txt Version 1
# Analyzer Version: 3.2.1
# Analyzer Build Date: Jan 31 2020 07:36:36
# Log Creation Date: 04.02.2020 06:39:10.982

Process:
	id = "1"
	image_name = "bluecheeser.exe"
	filename = "c:\\users\\fd1hvy\\desktop\\bluecheeser.exe"
	page_root = "0x18eef000"
	os_pid = "0x13c4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "analysis_target"
	parent_id = "0"
	os_parent_pid = "0x7d0"
	cmd_line = "\"C:\\Users\\FD1HVy\\Desktop\\BlueCheeser.exe\" "
	cur_dir = "C:\\Users\\FD1HVy\\Desktop\\"
	os_username = "NQDPDE\\FD1HVy"
	bitness = "32"
	os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001086c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1
	os_tid = 0x13c8

	[0045.193] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0045.233] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\BlueCheeser.exe", nBufferLength=0x105, lpBuffer=0xafe260, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\BlueCheeser.exe", lpFilePart=0x0) returned 0x27
	[0045.244] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\BlueCheeser.exe", nBufferLength=0x105, lpBuffer=0xafe1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\BlueCheeser.exe", lpFilePart=0x0) returned 0x27
	[0045.249] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\", nBufferLength=0x105, lpBuffer=0xafe0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\", lpFilePart=0x0) returned 0x18
	[0045.254] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\", nBufferLength=0x105, lpBuffer=0xafe2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\", lpFilePart=0x0) returned 0x18
	[0045.254] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\", nBufferLength=0x105, lpBuffer=0xafe1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\", lpFilePart=0x0) returned 0x18
	[0045.268] GetVersionExW (in: lpVersionInformation=0xafe200*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xafe200*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
	[0045.272] GetVersionExW (in: lpVersionInformation=0xafe200*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xafe200*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
	[0045.501] CoTaskMemAlloc (cb=0x20c) returned 0xc15730
	[0045.501] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0xc15730 | out: pszPath="C:\\Users\\FD1HVy\\Desktop") returned 0x0
	[0045.504] CoTaskMemFree (pv=0xc15730) 
	[0045.504] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xafd710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
	[0045.511] CoCreateGuid (in: pguid=0xafdac0 | out: pguid=0xafdac0*(Data1=0x82f2f7cd, Data2=0x635b, Data3=0x48eb, Data4=([0]=0x9a, [1]=0x52, [2]=0x67, [3]=0x7f, [4]=0x40, [5]=0xa9, [6]=0x50, [7]=0xd7))) returned 0x0
	[0045.513] GetVersionExW (in: lpVersionInformation=0xafd9a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xafd9a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
	[0046.418] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xafe740, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
	[0046.427] GetVersionExW (in: lpVersionInformation=0xafe760*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xafe760*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
	[0046.459] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xafe540, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17
	[0046.461] SetErrorMode (uMode=0x1) returned 0x0
	[0046.463] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\*", lpFindFileData=0xafe6e0 | out: lpFindFileData=0xafe6e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xda685e62, ftLastAccessTime.dwHighDateTime=0x1d5db25, ftLastWriteTime.dwLowDateTime=0xda685e62, ftLastWriteTime.dwHighDateTime=0x1d5db25, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbd22a0
	[0046.467] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xda685e62, ftLastAccessTime.dwHighDateTime=0x1d5db25, ftLastWriteTime.dwLowDateTime=0xda685e62, ftLastWriteTime.dwHighDateTime=0x1d5db25, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0046.467] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf238af90, ftCreationTime.dwHighDateTime=0x1d5d5f6, ftLastAccessTime.dwLowDateTime=0x14065d50, ftLastAccessTime.dwHighDateTime=0x1d5d419, ftLastWriteTime.dwLowDateTime=0x14065d50, ftLastWriteTime.dwHighDateTime=0x1d5d419, nFileSizeHigh=0x0, nFileSizeLow=0x5673, dwReserved0=0x0, dwReserved1=0x0, cFileName="-4zLDXisnuN0qm.odt", cAlternateFileName="-4ZLDX~1.ODT")) returned 1
	[0046.467] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32be9d50, ftCreationTime.dwHighDateTime=0x1d5d623, ftLastAccessTime.dwLowDateTime=0x8d604790, ftLastAccessTime.dwHighDateTime=0x1d5cabb, ftLastWriteTime.dwLowDateTime=0x8d604790, ftLastWriteTime.dwHighDateTime=0x1d5cabb, nFileSizeHigh=0x0, nFileSizeLow=0x17941, dwReserved0=0x0, dwReserved1=0x0, cFileName="1Ka7_Z4N.mp3", cAlternateFileName="")) returned 1
	[0046.467] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x532b8ba0, ftCreationTime.dwHighDateTime=0x1d5d0ad, ftLastAccessTime.dwLowDateTime=0xbe0be7d0, ftLastAccessTime.dwHighDateTime=0x1d5d139, ftLastWriteTime.dwLowDateTime=0xbe0be7d0, ftLastWriteTime.dwHighDateTime=0x1d5d139, nFileSizeHigh=0x0, nFileSizeLow=0x1775b, dwReserved0=0x0, dwReserved1=0x0, cFileName="2khhpXiY5S7bZP2j.avi", cAlternateFileName="2KHHPX~1.AVI")) returned 1
	[0046.468] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae74e300, ftCreationTime.dwHighDateTime=0x1d5cec6, ftLastAccessTime.dwLowDateTime=0x315753f0, ftLastAccessTime.dwHighDateTime=0x1d5ce06, ftLastWriteTime.dwLowDateTime=0x315753f0, ftLastWriteTime.dwHighDateTime=0x1d5ce06, nFileSizeHigh=0x0, nFileSizeLow=0x8970, dwReserved0=0x0, dwReserved1=0x0, cFileName="3Bri89blGdncnaa_WC_-.avi", cAlternateFileName="3BRI89~1.AVI")) returned 1
	[0046.468] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2bcf900, ftCreationTime.dwHighDateTime=0x1d5d324, ftLastAccessTime.dwLowDateTime=0xc83ad9b0, ftLastAccessTime.dwHighDateTime=0x1d5cbca, ftLastWriteTime.dwLowDateTime=0xc83ad9b0, ftLastWriteTime.dwHighDateTime=0x1d5cbca, nFileSizeHigh=0x0, nFileSizeLow=0x5177, dwReserved0=0x0, dwReserved1=0x0, cFileName="5u6-Wo5zuX0.mkv", cAlternateFileName="5U6-WO~1.MKV")) returned 1
	[0046.468] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc58d7f60, ftCreationTime.dwHighDateTime=0x1d5ca8a, ftLastAccessTime.dwLowDateTime=0x2bdbe410, ftLastAccessTime.dwHighDateTime=0x1d5d49e, ftLastWriteTime.dwLowDateTime=0x2bdbe410, ftLastWriteTime.dwHighDateTime=0x1d5d49e, nFileSizeHigh=0x0, nFileSizeLow=0x16f10, dwReserved0=0x0, dwReserved1=0x0, cFileName="7ANaoGDluEJ.wav", cAlternateFileName="7ANAOG~1.WAV")) returned 1
	[0046.468] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcbfe2100, ftCreationTime.dwHighDateTime=0x1d5db25, ftLastAccessTime.dwLowDateTime=0xcbfe2100, ftLastAccessTime.dwHighDateTime=0x1d5db25, ftLastWriteTime.dwLowDateTime=0xc99bc700, ftLastWriteTime.dwHighDateTime=0x1d5db25, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="BlueCheeser.exe", cAlternateFileName="BLUECH~1.EXE")) returned 1
	[0046.468] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbc2f0bc0, ftCreationTime.dwHighDateTime=0x1d5d0dc, ftLastAccessTime.dwLowDateTime=0x43b27b90, ftLastAccessTime.dwHighDateTime=0x1d5d63c, ftLastWriteTime.dwLowDateTime=0x43b27b90, ftLastWriteTime.dwHighDateTime=0x1d5d63c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CU5 7NIbN", cAlternateFileName="CU57NI~1")) returned 1
	[0046.468] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x440792d0, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x440792d0, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce389e99, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0046.468] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x22563be0, ftCreationTime.dwHighDateTime=0x1d5d72b, ftLastAccessTime.dwLowDateTime=0xf5775e60, ftLastAccessTime.dwHighDateTime=0x1d5ca46, ftLastWriteTime.dwLowDateTime=0xf5775e60, ftLastWriteTime.dwHighDateTime=0x1d5ca46, nFileSizeHigh=0x0, nFileSizeLow=0x13406, dwReserved0=0x0, dwReserved1=0x0, cFileName="EVnqpC.jpg", cAlternateFileName="")) returned 1
	[0046.468] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb09978a0, ftCreationTime.dwHighDateTime=0x1d5c7df, ftLastAccessTime.dwLowDateTime=0x6cf86c0, ftLastAccessTime.dwHighDateTime=0x1d5d081, ftLastWriteTime.dwLowDateTime=0x6cf86c0, ftLastWriteTime.dwHighDateTime=0x1d5d081, nFileSizeHigh=0x0, nFileSizeLow=0x174e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="f7n_.png", cAlternateFileName="")) returned 1
	[0046.468] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e17a380, ftCreationTime.dwHighDateTime=0x1d5cd48, ftLastAccessTime.dwLowDateTime=0x44344760, ftLastAccessTime.dwHighDateTime=0x1d5d1aa, ftLastWriteTime.dwLowDateTime=0x44344760, ftLastWriteTime.dwHighDateTime=0x1d5d1aa, nFileSizeHigh=0x0, nFileSizeLow=0xb997, dwReserved0=0x0, dwReserved1=0x0, cFileName="G3S2E.bmp", cAlternateFileName="")) returned 1
	[0046.469] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbfb89d0, ftCreationTime.dwHighDateTime=0x1d5d5ec, ftLastAccessTime.dwLowDateTime=0x11b12870, ftLastAccessTime.dwHighDateTime=0x1d5cf94, ftLastWriteTime.dwLowDateTime=0x11b12870, ftLastWriteTime.dwHighDateTime=0x1d5cf94, nFileSizeHigh=0x0, nFileSizeLow=0x18de1, dwReserved0=0x0, dwReserved1=0x0, cFileName="J0HP6FDpTzY_yr3j.m4a", cAlternateFileName="J0HP6F~1.M4A")) returned 1
	[0046.469] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0d5bc90, ftCreationTime.dwHighDateTime=0x1d5cc38, ftLastAccessTime.dwLowDateTime=0x183245a0, ftLastAccessTime.dwHighDateTime=0x1d5d3ca, ftLastWriteTime.dwLowDateTime=0x183245a0, ftLastWriteTime.dwHighDateTime=0x1d5d3ca, nFileSizeHigh=0x0, nFileSizeLow=0x9ff1, dwReserved0=0x0, dwReserved1=0x0, cFileName="K_vj8qSbbmB.swf", cAlternateFileName="K_VJ8Q~1.SWF")) returned 1
	[0046.469] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb11879c0, ftCreationTime.dwHighDateTime=0x1d5d46e, ftLastAccessTime.dwLowDateTime=0xc4466860, ftLastAccessTime.dwHighDateTime=0x1d5cec7, ftLastWriteTime.dwLowDateTime=0xc4466860, ftLastWriteTime.dwHighDateTime=0x1d5cec7, nFileSizeHigh=0x0, nFileSizeLow=0x18b69, dwReserved0=0x0, dwReserved1=0x0, cFileName="l0n9Gyiy_raIa_Jo.flv", cAlternateFileName="L0N9GY~1.FLV")) returned 1
	[0046.469] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9f770bd0, ftCreationTime.dwHighDateTime=0x1d5d083, ftLastAccessTime.dwLowDateTime=0xe8b7300, ftLastAccessTime.dwHighDateTime=0x1d5d2f8, ftLastWriteTime.dwLowDateTime=0xe8b7300, ftLastWriteTime.dwHighDateTime=0x1d5d2f8, nFileSizeHigh=0x0, nFileSizeLow=0x6813, dwReserved0=0x0, dwReserved1=0x0, cFileName="LcZ1G6WlMBOg5ln.rtf", cAlternateFileName="LCZ1G6~1.RTF")) returned 1
	[0046.469] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcca5c680, ftCreationTime.dwHighDateTime=0x1d5c7fc, ftLastAccessTime.dwLowDateTime=0x5cdedc90, ftLastAccessTime.dwHighDateTime=0x1d5d6bd, ftLastWriteTime.dwLowDateTime=0x5cdedc90, ftLastWriteTime.dwHighDateTime=0x1d5d6bd, nFileSizeHigh=0x0, nFileSizeLow=0x81ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="lhnSmz.png", cAlternateFileName="")) returned 1
	[0046.469] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2a9a170, ftCreationTime.dwHighDateTime=0x1d5d777, ftLastAccessTime.dwLowDateTime=0x2e7865d0, ftLastAccessTime.dwHighDateTime=0x1d5cdd8, ftLastWriteTime.dwLowDateTime=0x2e7865d0, ftLastWriteTime.dwHighDateTime=0x1d5cdd8, nFileSizeHigh=0x0, nFileSizeLow=0x1cf2, dwReserved0=0x0, dwReserved1=0x0, cFileName="M7S0 fi1Ubbw9up.gif", cAlternateFileName="M7S0FI~1.GIF")) returned 1
	[0046.469] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53ff3fb0, ftCreationTime.dwHighDateTime=0x1d5c8f4, ftLastAccessTime.dwLowDateTime=0x60e6f120, ftLastAccessTime.dwHighDateTime=0x1d5d469, ftLastWriteTime.dwLowDateTime=0x60e6f120, ftLastWriteTime.dwHighDateTime=0x1d5d469, nFileSizeHigh=0x0, nFileSizeLow=0x10c5f, dwReserved0=0x0, dwReserved1=0x0, cFileName="mF0fw8dPMkwOA.pps", cAlternateFileName="MF0FW8~1.PPS")) returned 1
	[0046.469] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9781b410, ftCreationTime.dwHighDateTime=0x1d5d372, ftLastAccessTime.dwLowDateTime=0xfcba540, ftLastAccessTime.dwHighDateTime=0x1d5d808, ftLastWriteTime.dwLowDateTime=0xfcba540, ftLastWriteTime.dwHighDateTime=0x1d5d808, nFileSizeHigh=0x0, nFileSizeLow=0x144f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MtXIgw9OH.pdf", cAlternateFileName="MTXIGW~1.PDF")) returned 1
	[0046.470] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e7bd950, ftCreationTime.dwHighDateTime=0x1d5cc59, ftLastAccessTime.dwLowDateTime=0x16396d80, ftLastAccessTime.dwHighDateTime=0x1d5d6d8, ftLastWriteTime.dwLowDateTime=0x16396d80, ftLastWriteTime.dwHighDateTime=0x1d5d6d8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NP8tvMYOc", cAlternateFileName="NP8TVM~1")) returned 1
	[0046.470] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x40b9c1b0, ftCreationTime.dwHighDateTime=0x1d5d38e, ftLastAccessTime.dwLowDateTime=0xeb7ff0c0, ftLastAccessTime.dwHighDateTime=0x1d5d135, ftLastWriteTime.dwLowDateTime=0xeb7ff0c0, ftLastWriteTime.dwHighDateTime=0x1d5d135, nFileSizeHigh=0x0, nFileSizeLow=0x12bd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="O9gowoZoqo5f.flv", cAlternateFileName="O9GOWO~1.FLV")) returned 1
	[0046.470] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x684eced0, ftCreationTime.dwHighDateTime=0x1d5ce6d, ftLastAccessTime.dwLowDateTime=0xe1d4de20, ftLastAccessTime.dwHighDateTime=0x1d5d331, ftLastWriteTime.dwLowDateTime=0xe1d4de20, ftLastWriteTime.dwHighDateTime=0x1d5d331, nFileSizeHigh=0x0, nFileSizeLow=0x74a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="oWUTY.avi", cAlternateFileName="")) returned 1
	[0046.470] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a126db0, ftCreationTime.dwHighDateTime=0x1d5c8c2, ftLastAccessTime.dwLowDateTime=0x5d16de70, ftLastAccessTime.dwHighDateTime=0x1d5d289, ftLastWriteTime.dwLowDateTime=0x5d16de70, ftLastWriteTime.dwHighDateTime=0x1d5d289, nFileSizeHigh=0x0, nFileSizeLow=0x128d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="q5Ud-eWKjkc__zzr.m4a", cAlternateFileName="Q5UD-E~1.M4A")) returned 1
	[0046.470] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb23ce640, ftCreationTime.dwHighDateTime=0x1d5ccff, ftLastAccessTime.dwLowDateTime=0x80aac9e0, ftLastAccessTime.dwHighDateTime=0x1d5d7d5, ftLastWriteTime.dwLowDateTime=0x80aac9e0, ftLastWriteTime.dwHighDateTime=0x1d5d7d5, nFileSizeHigh=0x0, nFileSizeLow=0x7065, dwReserved0=0x0, dwReserved1=0x0, cFileName="QO0fB5QECcQe.ots", cAlternateFileName="QO0FB5~1.OTS")) returned 1
	[0046.470] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x596c6ae0, ftCreationTime.dwHighDateTime=0x1d5d056, ftLastAccessTime.dwLowDateTime=0xbe58fa60, ftLastAccessTime.dwHighDateTime=0x1d5c9ba, ftLastWriteTime.dwLowDateTime=0xbe58fa60, ftLastWriteTime.dwHighDateTime=0x1d5c9ba, nFileSizeHigh=0x0, nFileSizeLow=0x5506, dwReserved0=0x0, dwReserved1=0x0, cFileName="SoPh3TJxwi7Mt.bmp", cAlternateFileName="SOPH3T~1.BMP")) returned 1
	[0046.470] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa5f10780, ftCreationTime.dwHighDateTime=0x1d5d642, ftLastAccessTime.dwLowDateTime=0x798bdc20, ftLastAccessTime.dwHighDateTime=0x1d5ce67, ftLastWriteTime.dwLowDateTime=0x798bdc20, ftLastWriteTime.dwHighDateTime=0x1d5ce67, nFileSizeHigh=0x0, nFileSizeLow=0x16b0a, dwReserved0=0x0, dwReserved1=0x0, cFileName="ta9E-iHI8R-YGGczLxG.mp3", cAlternateFileName="TA9E-I~1.MP3")) returned 1
	[0046.470] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96d74060, ftCreationTime.dwHighDateTime=0x1d5d6ed, ftLastAccessTime.dwLowDateTime=0xf421f110, ftLastAccessTime.dwHighDateTime=0x1d5ca05, ftLastWriteTime.dwLowDateTime=0xf421f110, ftLastWriteTime.dwHighDateTime=0x1d5ca05, nFileSizeHigh=0x0, nFileSizeLow=0x9431, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tuskwx-Rvt5rFgKz6Qj.mp4", cAlternateFileName="TUSKWX~1.MP4")) returned 1
	[0046.470] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d832af0, ftCreationTime.dwHighDateTime=0x1d5d3e0, ftLastAccessTime.dwLowDateTime=0xdf39e820, ftLastAccessTime.dwHighDateTime=0x1d5ce74, ftLastWriteTime.dwLowDateTime=0xdf39e820, ftLastWriteTime.dwHighDateTime=0x1d5ce74, nFileSizeHigh=0x0, nFileSizeLow=0x1337d, dwReserved0=0x0, dwReserved1=0x0, cFileName="uUByrz.pdf", cAlternateFileName="")) returned 1
	[0046.470] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99710870, ftCreationTime.dwHighDateTime=0x1d5d6c9, ftLastAccessTime.dwLowDateTime=0xf309c1c0, ftLastAccessTime.dwHighDateTime=0x1d5d141, ftLastWriteTime.dwLowDateTime=0xf309c1c0, ftLastWriteTime.dwHighDateTime=0x1d5d141, nFileSizeHigh=0x0, nFileSizeLow=0x117a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="uZ9tuK.swf", cAlternateFileName="")) returned 1
	[0046.471] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcac41f0, ftCreationTime.dwHighDateTime=0x1d5d13f, ftLastAccessTime.dwLowDateTime=0x7e0c11f0, ftLastAccessTime.dwHighDateTime=0x1d5cd47, ftLastWriteTime.dwLowDateTime=0x7e0c11f0, ftLastWriteTime.dwHighDateTime=0x1d5cd47, nFileSizeHigh=0x0, nFileSizeLow=0xaf35, dwReserved0=0x0, dwReserved1=0x0, cFileName="WImjw.mkv", cAlternateFileName="")) returned 1
	[0046.471] FindNextFileW (in: hFindFile=0xbd22a0, lpFindFileData=0xafe6f0 | out: lpFindFileData=0xafe6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcac41f0, ftCreationTime.dwHighDateTime=0x1d5d13f, ftLastAccessTime.dwLowDateTime=0x7e0c11f0, ftLastAccessTime.dwHighDateTime=0x1d5cd47, ftLastWriteTime.dwLowDateTime=0x7e0c11f0, ftLastWriteTime.dwHighDateTime=0x1d5cd47, nFileSizeHigh=0x0, nFileSizeLow=0xaf35, dwReserved0=0x0, dwReserved1=0x0, cFileName="WImjw.mkv", cAlternateFileName="")) returned 0
	[0046.471] FindClose (in: hFindFile=0xbd22a0 | out: hFindFile=0xbd22a0) returned 1
	[0046.472] SetErrorMode (uMode=0x0) returned 0x1
	[0047.149] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Instructions.txt", nBufferLength=0x105, lpBuffer=0xafe3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Instructions.txt", lpFilePart=0x0) returned 0x28
	[0047.149] SetErrorMode (uMode=0x1) returned 0x0
	[0047.152] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Instructions.txt" (normalized: "c:\\users\\fd1hvy\\desktop\\instructions.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4
	[0047.153] GetFileType (hFile=0x2d4) returned 0x1
	[0047.153] SetErrorMode (uMode=0x0) returned 0x1
	[0047.153] GetFileType (hFile=0x2d4) returned 0x1
	[0047.168] WriteFile (in: hFile=0x2d4, lpBuffer=0x2bd4528*, nNumberOfBytesToWrite=0xb8, lpNumberOfBytesWritten=0xafe958, lpOverlapped=0x0 | out: lpBuffer=0x2bd4528*, lpNumberOfBytesWritten=0xafe958*=0xb8, lpOverlapped=0x0) returned 1
	[0047.188] CloseHandle (hObject=0x2d4) returned 1
	[0047.227] lstrlenW (lpString="䅁") returned 1
	[0047.228] LocalAlloc (uFlags=0x0, uBytes=0x52) returned 0xc0f720
	[0047.229] RtlMoveMemory (in: Destination=0xc0f720, Source=0x2bd5540, Length=0x52 | out: Destination=0xc0f720) 
	[0048.594] LocalFree (hMem=0xc0f720) returned 0x0
	[0048.605] GetStdHandle (nStdHandle=0xfffffff5) returned 0x50
	[0048.606] WriteFile (in: hFile=0x50, lpBuffer=0xafeb64*, nNumberOfBytesToWrite=0x0, lpNumberOfBytesWritten=0xafea48, lpOverlapped=0x0 | out: lpBuffer=0xafeb64*, lpNumberOfBytesWritten=0xafea48*=0x0, lpOverlapped=0x0) returned 1
	[0048.609] GetConsoleOutputCP () returned 0x1b5
	[0048.655] WriteFile (in: hFile=0x50, lpBuffer=0x2bd6ea0*, nNumberOfBytesToWrite=0x38, lpNumberOfBytesWritten=0xafea58, lpOverlapped=0x0 | out: lpBuffer=0x2bd6ea0*, lpNumberOfBytesWritten=0xafea58*=0x38, lpOverlapped=0x0) returned 1
	[0049.577] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\-4zLDXisnuN0qm.odt.himr", nBufferLength=0x105, lpBuffer=0xafe420, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\-4zLDXisnuN0qm.odt.himr", lpFilePart=0x0) returned 0x2f
	[0049.578] SetErrorMode (uMode=0x1) returned 0x0
	[0049.578] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\-4zLDXisnuN0qm.odt.himr" (normalized: "c:\\users\\fd1hvy\\desktop\\-4zldxisnun0qm.odt.himr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x304
	[0049.578] GetFileType (hFile=0x304) returned 0x1
	[0049.578] SetErrorMode (uMode=0x0) returned 0x1
	[0049.578] GetFileType (hFile=0x304) returned 0x1
	[0049.589] BCryptGetFipsAlgorithmMode (in: pfEnabled=0xafea50 | out: pfEnabled=0xafea50) returned 0x0
	[0052.708] CoCreateGuid (in: pguid=0xafe870 | out: pguid=0xafe870*(Data1=0xf2bec83d, Data2=0xfb3e, Data3=0x4abe, Data4=([0]=0xa3, [1]=0x4c, [2]=0x63, [3]=0x47, [4]=0xb5, [5]=0x40, [6]=0x50, [7]=0x48))) returned 0x0
	[0053.280] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\-4zLDXisnuN0qm.odt", nBufferLength=0x105, lpBuffer=0xafe420, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\-4zLDXisnuN0qm.odt", lpFilePart=0x0) returned 0x2a
	[0053.280] SetErrorMode (uMode=0x1) returned 0x0
	[0053.280] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\-4zLDXisnuN0qm.odt" (normalized: "c:\\users\\fd1hvy\\desktop\\-4zldxisnun0qm.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e4
	[0053.281] GetFileType (hFile=0x2e4) returned 0x1
	[0053.281] SetErrorMode (uMode=0x0) returned 0x1
	[0053.281] GetFileType (hFile=0x2e4) returned 0x1
	[0053.285] ReadFile (in: hFile=0x2e4, lpBuffer=0x12bc9070, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0xafe968, lpOverlapped=0x0 | out: lpBuffer=0x12bc9070*, lpNumberOfBytesRead=0xafe968*=0x5673, lpOverlapped=0x0) returned 1
	[0053.306] WriteFile (in: hFile=0x304, lpBuffer=0x2d62b10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xafe908, lpOverlapped=0x0 | out: lpBuffer=0x2d62b10*, lpNumberOfBytesWritten=0xafe908*=0x1000, lpOverlapped=0x0) returned 1
	[0053.307] WriteFile (in: hFile=0x304, lpBuffer=0x2d69598*, nNumberOfBytesToWrite=0x4770, lpNumberOfBytesWritten=0xafe968, lpOverlapped=0x0 | out: lpBuffer=0x2d69598*, lpNumberOfBytesWritten=0xafe968*=0x4770, lpOverlapped=0x0) returned 1
	[0053.313] ReadFile (in: hFile=0x2e4, lpBuffer=0x12bc9070, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0xafe968, lpOverlapped=0x0 | out: lpBuffer=0x12bc9070*, lpNumberOfBytesRead=0xafe968*=0x0, lpOverlapped=0x0) returned 1
	[0053.313] CloseHandle (hObject=0x2e4) returned 1
	[0053.314] WriteFile (in: hFile=0x304, lpBuffer=0x2d62b10*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xafe878, lpOverlapped=0x0 | out: lpBuffer=0x2d62b10*, lpNumberOfBytesWritten=0xafe878*=0x10, lpOverlapped=0x0) returned 1
	[0053.314] CloseHandle (hObject=0x304) returned 1
	[0053.360] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\-4zLDXisnuN0qm.odt", nBufferLength=0x105, lpBuffer=0xafe7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\-4zLDXisnuN0qm.odt", lpFilePart=0x0) returned 0x2a
	[0053.361] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\-4zLDXisnuN0qm.odt" (normalized: "c:\\users\\fd1hvy\\desktop\\-4zldxisnun0qm.odt")) returned 1
	[0053.365] WriteFile (in: hFile=0x50, lpBuffer=0x2bc7c70*, nNumberOfBytesToWrite=0x32, lpNumberOfBytesWritten=0xafea58, lpOverlapped=0x0 | out: lpBuffer=0x2bc7c70*, lpNumberOfBytesWritten=0xafea58*=0x32, lpOverlapped=0x0) returned 1
	[0053.400] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\1Ka7_Z4N.mp3.himr", nBufferLength=0x105, lpBuffer=0xafe420, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\1Ka7_Z4N.mp3.himr", lpFilePart=0x0) returned 0x29
	[0053.400] SetErrorMode (uMode=0x1) returned 0x0
	[0053.400] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\1Ka7_Z4N.mp3.himr" (normalized: "c:\\users\\fd1hvy\\desktop\\1ka7_z4n.mp3.himr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x304
	[0053.400] GetFileType (hFile=0x304) returned 0x1
	[0053.400] SetErrorMode (uMode=0x0) returned 0x1
	[0053.401] GetFileType (hFile=0x304) returned 0x1
	[0054.726] CoCreateGuid (in: pguid=0xafe870 | out: pguid=0xafe870*(Data1=0x80c5b992, Data2=0xdbd6, Data3=0x4be9, Data4=([0]=0x8f, [1]=0x49, [2]=0x2b, [3]=0x8e, [4]=0x72, [5]=0xcf, [6]=0x1b, [7]=0x96))) returned 0x0
	[0054.727] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\1Ka7_Z4N.mp3", nBufferLength=0x105, lpBuffer=0xafe420, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\1Ka7_Z4N.mp3", lpFilePart=0x0) returned 0x24
	[0054.727] SetErrorMode (uMode=0x1) returned 0x0
	[0054.727] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\1Ka7_Z4N.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\1ka7_z4n.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e4
	[0054.728] GetFileType (hFile=0x2e4) returned 0x1
	[0054.728] SetErrorMode (uMode=0x0) returned 0x1
	[0054.728] GetFileType (hFile=0x2e4) returned 0x1
	[0054.730] ReadFile (in: hFile=0x2e4, lpBuffer=0x12cc90a0, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0xafe968, lpOverlapped=0x0 | out: lpBuffer=0x12cc90a0*, lpNumberOfBytesRead=0xafe968*=0x17941, lpOverlapped=0x0) returned 1
	[0054.747] WriteFile (in: hFile=0x304, lpBuffer=0x2cf5028*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xafe908, lpOverlapped=0x0 | out: lpBuffer=0x2cf5028*, lpNumberOfBytesWritten=0xafe908*=0x1000, lpOverlapped=0x0) returned 1
	[0054.748] WriteFile (in: hFile=0x304, lpBuffer=0x12dc9fd0*, nNumberOfBytesToWrite=0x16a40, lpNumberOfBytesWritten=0xafe968, lpOverlapped=0x0 | out: lpBuffer=0x12dc9fd0*, lpNumberOfBytesWritten=0xafe968*=0x16a40, lpOverlapped=0x0) returned 1
	[0054.750] ReadFile (in: hFile=0x2e4, lpBuffer=0x12cc90a0, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0xafe968, lpOverlapped=0x0 | out: lpBuffer=0x12cc90a0*, lpNumberOfBytesRead=0xafe968*=0x0, lpOverlapped=0x0) returned 1
	[0054.750] CloseHandle (hObject=0x2e4) returned 1
	[0054.751] WriteFile (in: hFile=0x304, lpBuffer=0x2cf5028*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xafe878, lpOverlapped=0x0 | out: lpBuffer=0x2cf5028*, lpNumberOfBytesWritten=0xafe878*=0x10, lpOverlapped=0x0) returned 1
	[0054.751] CloseHandle (hObject=0x304) returned 1
	[0054.753] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\1Ka7_Z4N.mp3", nBufferLength=0x105, lpBuffer=0xafe7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\1Ka7_Z4N.mp3", lpFilePart=0x0) returned 0x24
	[0054.753] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\1Ka7_Z4N.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\1ka7_z4n.mp3")) returned 1
	[0054.756] WriteFile (in: hFile=0x50, lpBuffer=0x2bc79e8*, nNumberOfBytesToWrite=0x3a, lpNumberOfBytesWritten=0xafea58, lpOverlapped=0x0 | out: lpBuffer=0x2bc79e8*, lpNumberOfBytesWritten=0xafea58*=0x3a, lpOverlapped=0x0) returned 1
	[0054.760] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\2khhpXiY5S7bZP2j.avi.himr", nBufferLength=0x105, lpBuffer=0xafe420, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\2khhpXiY5S7bZP2j.avi.himr", lpFilePart=0x0) returned 0x31
	[0054.760] SetErrorMode (uMode=0x1) returned 0x0
	[0054.760] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\2khhpXiY5S7bZP2j.avi.himr" (normalized: "c:\\users\\fd1hvy\\desktop\\2khhpxiy5s7bzp2j.avi.himr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x304
	[0054.760] GetFileType (hFile=0x304) returned 0x1
	[0054.760] SetErrorMode (uMode=0x0) returned 0x1
	[0054.760] GetFileType (hFile=0x304) returned 0x1
	[0056.532] CoCreateGuid (in: pguid=0xafe870 | out: pguid=0xafe870*(Data1=0xf016b99c, Data2=0x6a76, Data3=0x4b84, Data4=([0]=0xba, [1]=0x21, [2]=0xd1, [3]=0xfc, [4]=0x7e, [5]=0xe8, [6]=0xbc, [7]=0x99))) returned 0x0
	[0056.533] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\2khhpXiY5S7bZP2j.avi", nBufferLength=0x105, lpBuffer=0xafe420, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\2khhpXiY5S7bZP2j.avi", lpFilePart=0x0) returned 0x2c
	[0056.533] SetErrorMode (uMode=0x1) returned 0x0
	[0056.534] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\2khhpXiY5S7bZP2j.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\2khhpxiy5s7bzp2j.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e4
	[0056.534] GetFileType (hFile=0x2e4) returned 0x1
	[0056.534] SetErrorMode (uMode=0x0) returned 0x1
	[0056.534] GetFileType (hFile=0x2e4) returned 0x1
	[0056.536] ReadFile (in: hFile=0x2e4, lpBuffer=0x12de0a40, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0xafe968, lpOverlapped=0x0 | out: lpBuffer=0x12de0a40*, lpNumberOfBytesRead=0xafe968*=0x1775b, lpOverlapped=0x0) returned 1
	[0056.598] WriteFile (in: hFile=0x304, lpBuffer=0x2bd11e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xafe908, lpOverlapped=0x0 | out: lpBuffer=0x2bd11e8*, lpNumberOfBytesWritten=0xafe908*=0x1000, lpOverlapped=0x0) returned 1
	[0056.599] WriteFile (in: hFile=0x304, lpBuffer=0x12bc9f58*, nNumberOfBytesToWrite=0x16850, lpNumberOfBytesWritten=0xafe968, lpOverlapped=0x0 | out: lpBuffer=0x12bc9f58*, lpNumberOfBytesWritten=0xafe968*=0x16850, lpOverlapped=0x0) returned 1
	[0056.601] ReadFile (in: hFile=0x2e4, lpBuffer=0x12de0a40, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0xafe968, lpOverlapped=0x0 | out: lpBuffer=0x12de0a40*, lpNumberOfBytesRead=0xafe968*=0x0, lpOverlapped=0x0) returned 1
	[0056.601] CloseHandle (hObject=0x2e4) returned 1
	[0056.601] WriteFile (in: hFile=0x304, lpBuffer=0x2bd11e8*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xafe878, lpOverlapped=0x0 | out: lpBuffer=0x2bd11e8*, lpNumberOfBytesWritten=0xafe878*=0x10, lpOverlapped=0x0) returned 1
	[0056.601] CloseHandle (hObject=0x304) returned 1
	[0056.604] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\2khhpXiY5S7bZP2j.avi", nBufferLength=0x105, lpBuffer=0xafe7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\2khhpXiY5S7bZP2j.avi", lpFilePart=0x0) returned 0x2c
	[0056.604] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\2khhpXiY5S7bZP2j.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\2khhpxiy5s7bzp2j.avi")) returned 1
	[0056.609] WriteFile (in: hFile=0x50, lpBuffer=0x2bc79e8*, nNumberOfBytesToWrite=0x3e, lpNumberOfBytesWritten=0xafea58, lpOverlapped=0x0 | out: lpBuffer=0x2bc79e8*, lpNumberOfBytesWritten=0xafea58*=0x3e, lpOverlapped=0x0) returned 1
	[0056.615] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\3Bri89blGdncnaa_WC_-.avi.himr", nBufferLength=0x105, lpBuffer=0xafe420, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\3Bri89blGdncnaa_WC_-.avi.himr", lpFilePart=0x0) returned 0x35
	[0056.615] SetErrorMode (uMode=0x1) returned 0x0
	[0056.616] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\3Bri89blGdncnaa_WC_-.avi.himr" (normalized: "c:\\users\\fd1hvy\\desktop\\3bri89blgdncnaa_wc_-.avi.himr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x304
	[0056.616] GetFileType (hFile=0x304) returned 0x1
	[0056.616] SetErrorMode (uMode=0x0) returned 0x1
	[0056.616] GetFileType (hFile=0x304) returned 0x1
	[0057.742] CoCreateGuid (in: pguid=0xafe870 | out: pguid=0xafe870*(Data1=0x86e27e5e, Data2=0xafed, Data3=0x4f8f, Data4=([0]=0xbc, [1]=0x74, [2]=0x97, [3]=0xfd, [4]=0x73, [5]=0x5a, [6]=0xab, [7]=0xe5))) returned 0x0
	[0057.743] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\3Bri89blGdncnaa_WC_-.avi", nBufferLength=0x105, lpBuffer=0xafe420, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\3Bri89blGdncnaa_WC_-.avi", lpFilePart=0x0) returned 0x30
	[0057.743] SetErrorMode (uMode=0x1) returned 0x0
	[0057.743] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\3Bri89blGdncnaa_WC_-.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\3bri89blgdncnaa_wc_-.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e4
	[0057.743] GetFileType (hFile=0x2e4) returned 0x1
	[0057.743] SetErrorMode (uMode=0x0) returned 0x1
	[0057.743] GetFileType (hFile=0x2e4) returned 0x1
	[0057.753] ReadFile (in: hFile=0x2e4, lpBuffer=0x12be07d8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0xafe968, lpOverlapped=0x0 | out: lpBuffer=0x12be07d8*, lpNumberOfBytesRead=0xafe968*=0x8970, lpOverlapped=0x0) returned 1
	[0057.754] WriteFile (in: hFile=0x304, lpBuffer=0x2d52950*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xafe908, lpOverlapped=0x0 | out: lpBuffer=0x2d52950*, lpNumberOfBytesWritten=0xafe908*=0x1000, lpOverlapped=0x0) returned 1
	[0057.755] WriteFile (in: hFile=0x304, lpBuffer=0x2d551f0*, nNumberOfBytesToWrite=0x7a70, lpNumberOfBytesWritten=0xafe968, lpOverlapped=0x0 | out: lpBuffer=0x2d551f0*, lpNumberOfBytesWritten=0xafe968*=0x7a70, lpOverlapped=0x0) returned 1
	[0057.755] ReadFile (in: hFile=0x2e4, lpBuffer=0x12be07d8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0xafe968, lpOverlapped=0x0 | out: lpBuffer=0x12be07d8*, lpNumberOfBytesRead=0xafe968*=0x0, lpOverlapped=0x0) returned 1
	[0057.756] CloseHandle (hObject=0x2e4) returned 1
	[0057.756] WriteFile (in: hFile=0x304, lpBuffer=0x2d52950*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xafe878, lpOverlapped=0x0 | out: lpBuffer=0x2d52950*, lpNumberOfBytesWritten=0xafe878*=0x10, lpOverlapped=0x0) returned 1
	[0057.756] CloseHandle (hObject=0x304) returned 1
	[0057.759] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\3Bri89blGdncnaa_WC_-.avi", nBufferLength=0x105, lpBuffer=0xafe7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\3Bri89blGdncnaa_WC_-.avi", lpFilePart=0x0) returned 0x30
	[0057.759] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\3Bri89blGdncnaa_WC_-.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\3bri89blgdncnaa_wc_-.avi")) returned 1
	[0057.763] WriteFile (in: hFile=0x50, lpBuffer=0x2bc79e8*, nNumberOfBytesToWrite=0x35, lpNumberOfBytesWritten=0xafea58, lpOverlapped=0x0 | out: lpBuffer=0x2bc79e8*, lpNumberOfBytesWritten=0xafea58*=0x35, lpOverlapped=0x0) returned 1
	[0057.766] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\5u6-Wo5zuX0.mkv.himr", nBufferLength=0x105, lpBuffer=0xafe420, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\5u6-Wo5zuX0.mkv.himr", lpFilePart=0x0) returned 0x2c
	[0057.766] SetErrorMode (uMode=0x1) returned 0x0
	[0057.766] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\5u6-Wo5zuX0.mkv.himr" (normalized: "c:\\users\\fd1hvy\\desktop\\5u6-wo5zux0.mkv.himr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x304
	[0057.768] GetFileType (hFile=0x304) returned 0x1
	[0057.768] SetErrorMode (uMode=0x0) returned 0x1
	[0057.768] GetFileType (hFile=0x304) returned 0x1
	[0059.054] CoCreateGuid (in: pguid=0xafe870 | out: pguid=0xafe870*(Data1=0x9047923d, Data2=0x2fe3, Data3=0x4509, Data4=([0]=0x88, [1]=0xf7, [2]=0xc4, [3]=0x2f, [4]=0xb3, [5]=0xad, [6]=0x7a, [7]=0x31))) returned 0x0
	[0059.055] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\5u6-Wo5zuX0.mkv", nBufferLength=0x105, lpBuffer=0xafe420, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\5u6-Wo5zuX0.mkv", lpFilePart=0x0) returned 0x27
	[0059.055] SetErrorMode (uMode=0x1) returned 0x0
	[0059.055] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\5u6-Wo5zuX0.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\5u6-wo5zux0.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e4
	[0059.056] GetFileType (hFile=0x2e4) returned 0x1
	[0059.056] SetErrorMode (uMode=0x0) returned 0x1
	[0059.056] GetFileType (hFile=0x2e4) returned 0x1
	[0059.065] ReadFile (in: hFile=0x2e4, lpBuffer=0x12ce0808, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0xafe968, lpOverlapped=0x0 | out: lpBuffer=0x12ce0808*, lpNumberOfBytesRead=0xafe968*=0x5177, lpOverlapped=0x0) returned 1
	[0059.065] WriteFile (in: hFile=0x304, lpBuffer=0x2cddfc8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xafe908, lpOverlapped=0x0 | out: lpBuffer=0x2cddfc8*, lpNumberOfBytesWritten=0xafe908*=0x1000, lpOverlapped=0x0) returned 1
	[0059.066] WriteFile (in: hFile=0x304, lpBuffer=0x2ce0838*, nNumberOfBytesToWrite=0x4270, lpNumberOfBytesWritten=0xafe968, lpOverlapped=0x0 | out: lpBuffer=0x2ce0838*, lpNumberOfBytesWritten=0xafe968*=0x4270, lpOverlapped=0x0) returned 1
	[0059.067] ReadFile (in: hFile=0x2e4, lpBuffer=0x12ce0808, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0xafe968, lpOverlapped=0x0 | out: lpBuffer=0x12ce0808*, lpNumberOfBytesRead=0xafe968*=0x0, lpOverlapped=0x0) returned 1
	[0059.067] CloseHandle (hObject=0x2e4) returned 1
	[0059.067] WriteFile (in: hFile=0x304, lpBuffer=0x2cddfc8*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xafe878, lpOverlapped=0x0 | out: lpBuffer=0x2cddfc8*, lpNumberOfBytesWritten=0xafe878*=0x10, lpOverlapped=0x0) returned 1
	[0059.067] CloseHandle (hObject=0x304) returned 1
	[0059.069] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\5u6-Wo5zuX0.mkv", nBufferLength=0x105, lpBuffer=0xafe7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\5u6-Wo5zuX0.mkv", lpFilePart=0x0) returned 0x27
	[0059.069] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\5u6-Wo5zuX0.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\5u6-wo5zux0.mkv")) returned 1
	[0059.070] WriteFile (in: hFile=0x50, lpBuffer=0x2bc79e8*, nNumberOfBytesToWrite=0x35, lpNumberOfBytesWritten=0xafea58, lpOverlapped=0x0 | out: lpBuffer=0x2bc79e8*, lpNumberOfBytesWritten=0xafea58*=0x35, lpOverlapped=0x0) returned 1
	[0059.072] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\7ANaoGDluEJ.wav.himr", nBufferLength=0x105, lpBuffer=0xafe420, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\7ANaoGDluEJ.wav.himr", lpFilePart=0x0) returned 0x2c
	[0059.073] SetErrorMode (uMode=0x1) returned 0x0
	[0059.073] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\7ANaoGDluEJ.wav.himr" (normalized: "c:\\users\\fd1hvy\\desktop\\7anaogdluej.wav.himr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x304
	[0059.073] GetFileType (hFile=0x304) returned 0x1
	[0059.073] SetErrorMode (uMode=0x0) returned 0x1
	[0059.073] GetFileType (hFile=0x304) returned 0x1
	[0060.141] CoCreateGuid (in: pguid=0xafe870 | out: pguid=0xafe870*(Data1=0x30529f15, Data2=0x4e16, Data3=0x46ba, Data4=([0]=0x8d, [1]=0x18, [2]=0x4a, [3]=0x5b, [4]=0xe4, [5]=0x83, [6]=0xd1, [7]=0x90))) returned 0x0
	[0060.142] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\7ANaoGDluEJ.wav", nBufferLength=0x105, lpBuffer=0xafe420, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\7ANaoGDluEJ.wav", lpFilePart=0x0) returned 0x27
	[0060.142] SetErrorMode (uMode=0x1) returned 0x0
	[0060.142] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\7ANaoGDluEJ.wav" (normalized: "c:\\users\\fd1hvy\\desktop\\7anaogdluej.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e4
	[0060.142] GetFileType (hFile=0x2e4) returned 0x1
	[0060.142] SetErrorMode (uMode=0x0) returned 0x1
	[0060.143] GetFileType (hFile=0x2e4) returned 0x1
	[0060.145] ReadFile (in: hFile=0x2e4, lpBuffer=0x12ee0a58, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0xafe968, lpOverlapped=0x0 | out: lpBuffer=0x12ee0a58*, lpNumberOfBytesRead=0xafe968*=0x16f10, lpOverlapped=0x0) returned 1
	[0060.182] WriteFile (in: hFile=0x304, lpBuffer=0x2bd11a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xafe908, lpOverlapped=0x0 | out: lpBuffer=0x2bd11a0*, lpNumberOfBytesWritten=0xafe908*=0x1000, lpOverlapped=0x0) returned 1
	[0060.184] WriteFile (in: hFile=0x304, lpBuffer=0x12bc9f58*, nNumberOfBytesToWrite=0x16010, lpNumberOfBytesWritten=0xafe968, lpOverlapped=0x0 | out: lpBuffer=0x12bc9f58*, lpNumberOfBytesWritten=0xafe968*=0x16010, lpOverlapped=0x0) returned 1
	[0060.185] ReadFile (in: hFile=0x2e4, lpBuffer=0x12ee0a58, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0xafe968, lpOverlapped=0x0 | out: lpBuffer=0x12ee0a58*, lpNumberOfBytesRead=0xafe968*=0x0, lpOverlapped=0x0) returned 1
	[0060.185] CloseHandle (hObject=0x2e4) returned 1
	[0060.186] WriteFile (in: hFile=0x304, lpBuffer=0x2bd11a0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xafe878, lpOverlapped=0x0 | out: lpBuffer=0x2bd11a0*, lpNumberOfBytesWritten=0xafe878*=0x10, lpOverlapped=0x0) returned 1
	[0060.186] CloseHandle (hObject=0x304) returned 1
	[0060.189] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\7ANaoGDluEJ.wav", nBufferLength=0x105, lpBuffer=0xafe7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\7ANaoGDluEJ.wav", lpFilePart=0x0) returned 0x27
	[0060.189] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\7ANaoGDluEJ.wav" (normalized: "c:\\users\\fd1hvy\\desktop\\7anaogdluej.wav")) returned 1
	[0060.191] WriteFile (in: hFile=0x50, lpBuffer=0x2bc79e8*, nNumberOfBytesToWrite=0x35, lpNumberOfBytesWritten=0xafea58, lpOverlapped=0x0 | out: lpBuffer=0x2bc79e8*, lpNumberOfBytesWritten=0xafea58*=0x35, lpOverlapped=0x0) returned 1
	[0060.195] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\BlueCheeser.exe.himr", nBufferLength=0x105, lpBuffer=0xafe420, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\BlueCheeser.exe.himr", lpFilePart=0x0) returned 0x2c
	[0060.196] SetErrorMode (uMode=0x1) returned 0x0
	[0060.196] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\BlueCheeser.exe.himr" (normalized: "c:\\users\\fd1hvy\\desktop\\bluecheeser.exe.himr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x304
	[0060.196] GetFileType (hFile=0x304) returned 0x1
	[0060.196] SetErrorMode (uMode=0x0) returned 0x1
	[0060.196] GetFileType (hFile=0x304) returned 0x1
	[0061.862] CoCreateGuid (in: pguid=0xafe870 | out: pguid=0xafe870*(Data1=0xdadcd8c3, Data2=0x6e84, Data3=0x4005, Data4=([0]=0xa8, [1]=0xff, [2]=0x23, [3]=0x85, [4]=0xe6, [5]=0x8d, [6]=0x76, [7]=0xbf))) returned 0x0
	[0061.862] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\BlueCheeser.exe", nBufferLength=0x105, lpBuffer=0xafe420, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\BlueCheeser.exe", lpFilePart=0x0) returned 0x27
	[0061.862] SetErrorMode (uMode=0x1) returned 0x0
	[0061.862] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\BlueCheeser.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\bluecheeser.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff
	[0084.331] SetErrorMode (uMode=0x0) returned 0x3

Thread:
	id = 7
	os_tid = 0x13f8


Thread:
	id = 8
	os_tid = 0x113c


Thread:
	id = 9
	os_tid = 0x1178

	[0045.199] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0050.065] CloseHandle (hObject=0x4a0) returned 1

Thread:
	id = 10
	os_tid = 0x119c

	[0047.258] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
	[0047.325] ShellExecuteExW (in: pExecInfo=0x2bd5790*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\FD1HVy\\Desktop\\Instructions.txt", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x2bd5790*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\FD1HVy\\Desktop\\Instructions.txt", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x4a0)) returned 1
	[0048.345] CoGetContextToken (in: pToken=0x1b59f580 | out: pToken=0x1b59f580) returned 0x0
	[0048.346] CoUninitialize () 

Thread:
	id = 11
	os_tid = 0x11b0


Thread:
	id = 12
	os_tid = 0x11a8


Thread:
	id = 13
	os_tid = 0x11bc


Thread:
	id = 14
	os_tid = 0x11b8


Thread:
	id = 15
	os_tid = 0x11a4


Thread:
	id = 16
	os_tid = 0x11c0


Thread:
	id = 17
	os_tid = 0x11b4


Process:
	id = "2"
	image_name = "conhost.exe"
	filename = "c:\\windows\\system32\\conhost.exe"
	page_root = "0xcf59000"
	os_pid = "0x13d4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0x13c4"
	cmd_line = "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1"
	cur_dir = "C:\\WINDOWS"
	os_username = "NQDPDE\\FD1HVy"
	bitness = "32"
	os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001086c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 2
	os_tid = 0x13d8


Thread:
	id = 3
	os_tid = 0x13e0


Thread:
	id = 4
	os_tid = 0x13e8


Thread:
	id = 5
	os_tid = 0x13f0


Thread:
	id = 6
	os_tid = 0x13f4


Thread:
	id = 38
	os_tid = 0x1100


Thread:
	id = 39
	os_tid = 0xf9c


Process:
	id = "3"
	image_name = "svchost.exe"
	filename = "c:\\windows\\system32\\svchost.exe"
	page_root = "0x4ef15000"
	os_pid = "0x5b0"
	os_integrity_level = "0x4000"
	os_privileges = "0x260814080"
	monitor_reason = "rpc_server"
	parent_id = "1"
	os_parent_pid = "0x23c"
	cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k appmodel"
	cur_dir = "C:\\WINDOWS\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "32"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EntAppSvc" [0xa], "NT SERVICE\\StateRepository" [0xe], "NT SERVICE\\tiledatamodelsvc" [0xa], "NT SERVICE\\WalletService" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000f253" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 18
	os_tid = 0x118c


Thread:
	id = 19
	os_tid = 0x988


Thread:
	id = 20
	os_tid = 0x820


Thread:
	id = 21
	os_tid = 0x734


Thread:
	id = 22
	os_tid = 0x6e8


Thread:
	id = 23
	os_tid = 0x76c


Thread:
	id = 24
	os_tid = 0x690


Thread:
	id = 25
	os_tid = 0x680


Thread:
	id = 26
	os_tid = 0x614


Thread:
	id = 27
	os_tid = 0x610


Thread:
	id = 28
	os_tid = 0x60c


Thread:
	id = 29
	os_tid = 0x5b4


Process:
	id = "4"
	image_name = "notepad.exe"
	filename = "c:\\windows\\system32\\notepad.exe"
	page_root = "0x15e30000"
	os_pid = "0x11ac"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0x13c4"
	cmd_line = "\"C:\\WINDOWS\\system32\\NOTEPAD.EXE\" C:\\Users\\FD1HVy\\Desktop\\Instructions.txt"
	cur_dir = "C:\\Users\\FD1HVy\\Desktop\\"
	os_username = "NQDPDE\\FD1HVy"
	bitness = "32"
	os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001086c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 30
	os_tid = 0xea0


Thread:
	id = 31
	os_tid = 0x120c


Thread:
	id = 32
	os_tid = 0x1258


Thread:
	id = 33
	os_tid = 0x1284


Thread:
	id = 34
	os_tid = 0x1138


Process:
	id = "5"
	image_name = "dw20.exe"
	filename = "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\dw20.exe"
	page_root = "0x10263000"
	os_pid = "0xc30"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0x13c4"
	cmd_line = "dw20.exe -x -s 1184"
	cur_dir = "C:\\Users\\FD1HVy\\Desktop\\"
	os_username = "NQDPDE\\FD1HVy"
	bitness = "32"
	os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001086c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 35
	os_tid = 0x6ec


Thread:
	id = 36
	os_tid = 0xbfc


Thread:
	id = 37
	os_tid = 0x88c


Thread:
	id = 40
	os_tid = 0x1304


Thread:
	id = 41
	os_tid = 0x1300


Thread:
	id = 42
	os_tid = 0x1338


Thread:
	id = 43
	os_tid = 0x1308


Thread:
	id = 44
	os_tid = 0x12f8


Thread:
	id = 45
	os_tid = 0x1310


Thread:
	id = 46
	os_tid = 0x1368