Analysis

Category Package Started Completed Duration Options Log
FILE Extraction 2020-01-14 13:44:12 2020-01-14 13:48:31 259 seconds Show Options Show Log
route = internet
procdump = 0
2020-01-14 13:44:15,015 [root] INFO: Date set to: 01-14-20, time set to: 13:44:15, timeout set to: 200
2020-01-14 13:44:15,015 [root] DEBUG: Starting analyzer from: C:\fxodatcybr
2020-01-14 13:44:15,015 [root] DEBUG: Storing results at: C:\dSRqLuAX
2020-01-14 13:44:15,015 [root] DEBUG: Pipe server name: \\.\PIPE\JCIqcR
2020-01-14 13:44:15,015 [root] INFO: Analysis package "Extraction" has been specified.
2020-01-14 13:44:15,842 [root] DEBUG: Started auxiliary module Browser
2020-01-14 13:44:15,858 [root] DEBUG: Started auxiliary module Curtain
2020-01-14 13:44:15,858 [modules.auxiliary.digisig] DEBUG: Checking for a digitial signature.
2020-01-14 13:44:16,170 [modules.auxiliary.digisig] DEBUG: File is not signed.
2020-01-14 13:44:16,170 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2020-01-14 13:44:16,184 [root] DEBUG: Started auxiliary module DigiSig
2020-01-14 13:44:16,184 [root] DEBUG: Started auxiliary module Disguise
2020-01-14 13:44:16,184 [root] DEBUG: Started auxiliary module Human
2020-01-14 13:44:16,184 [root] DEBUG: Started auxiliary module Screenshots
2020-01-14 13:44:16,200 [root] DEBUG: Started auxiliary module Sysmon
2020-01-14 13:44:16,200 [root] DEBUG: Started auxiliary module Usage
2020-01-14 13:44:16,200 [root] INFO: Analyzer: DLL set to Extraction.dll from package modules.packages.Extraction
2020-01-14 13:44:16,200 [root] INFO: Analyzer: DLL_64 set to Extraction_x64.dll from package modules.packages.Extraction
2020-01-14 13:44:16,279 [lib.api.process] INFO: Successfully executed process from path "C:\Users\user\AppData\Local\Temp\aDoElCCxY.exe" with arguments "" with pid 1420
2020-01-14 13:44:16,309 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:16,309 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:16,325 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:16,325 [root] DEBUG: Loader: Injecting process 1420 (thread 1312) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:16,325 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:44:16,325 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:16,325 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:44:16,325 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:16,325 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1420
2020-01-14 13:44:18,338 [lib.api.process] INFO: Successfully resumed process with pid 1420
2020-01-14 13:44:18,338 [root] INFO: Added new process to list with pid: 1420
2020-01-14 13:44:18,477 [root] DEBUG: Terminate processes on terminate_event enabled.
2020-01-14 13:44:18,477 [root] DEBUG: Process dumps disabled.
2020-01-14 13:44:18,540 [root] INFO: Disabling sleep skipping.
2020-01-14 13:44:18,540 [root] INFO: Disabling sleep skipping.
2020-01-14 13:44:18,540 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-01-14 13:44:18,540 [root] INFO: Disabling sleep skipping.
2020-01-14 13:44:18,540 [root] INFO: Disabling sleep skipping.
2020-01-14 13:44:18,540 [root] DEBUG: WoW64 detected: 64-bit ntdll base: 0x77680000, KiUserExceptionDispatcher: 0x0, NtSetContextThread: 0x776d124a, Wow64PrepareForException: 0x0
2020-01-14 13:44:18,540 [root] DEBUG: WoW64 workaround: KiUserExceptionDispatcher hook installed at: 0x100000
2020-01-14 13:44:18,540 [root] DEBUG: Debugger initialised.
2020-01-14 13:44:18,540 [root] DEBUG: CAPE initialised: 32-bit Extraction package loaded in process 1420 at 0x74b40000, image base 0x2d0000, stack from 0x9a6000-0x9b0000
2020-01-14 13:44:18,555 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Users\user\AppData\Local\Temp\aDoElCCxY.exe".
2020-01-14 13:44:18,555 [root] DEBUG: AddTrackedRegion: GetTrackedRegion(0x002D0000) returned 0x00000000.
2020-01-14 13:44:18,555 [root] DEBUG: AddTrackedRegion: Created new tracked region: TrackedRegion->AllocationBase 0x00000000.
2020-01-14 13:44:18,555 [root] DEBUG: AddTrackedRegion: VirtualQuery(0x002D0000) -> AllocationBase 0x002D0000 RegionSize 0x4096.
2020-01-14 13:44:18,555 [root] DEBUG: AddTrackedRegion: EntryPoint 0x27dcd, Entropy 7.081033e+00
2020-01-14 13:44:18,555 [root] DEBUG: AddTrackedRegion: New region at 0x002D0000 size 0x1000 added to tracked regions.
2020-01-14 13:44:18,555 [root] DEBUG: ExtractionInit: Adding main image base to tracked regions.
2020-01-14 13:44:18,555 [root] INFO: Monitor successfully loaded in process with pid 1420.
2020-01-14 13:44:18,572 [root] DEBUG: DLL unloaded from 0x77230000.
2020-01-14 13:44:18,572 [root] DEBUG: DLL unloaded from 0x002D0000.
2020-01-14 13:44:18,572 [root] DEBUG: DLL unloaded from 0x77230000.
2020-01-14 13:44:18,634 [root] DEBUG: DLL unloaded from 0x002D0000.
2020-01-14 13:44:18,759 [root] DEBUG: DLL unloaded from 0x77230000.
2020-01-14 13:44:18,930 [root] DEBUG: Allocation: 0x00150000 - 0x0016B000, size: 0x1b000, protection: 0x40.
2020-01-14 13:44:18,930 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:44:18,930 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:44:18,930 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099512e+00.
2020-01-14 13:44:18,930 [root] DEBUG: AllocationHandler: Adding allocation to tracked region list: 0x00150000, size: 0x1b000.
2020-01-14 13:44:18,930 [root] DEBUG: AddTrackedRegion: GetTrackedRegion(0x00150000) returned 0x00000000.
2020-01-14 13:44:18,930 [root] DEBUG: AddTrackedRegion: Created new tracked region: TrackedRegion->AllocationBase 0x00000000.
2020-01-14 13:44:18,946 [root] DEBUG: AddTrackedRegion: VirtualQuery(0x00150000) -> AllocationBase 0x00150000 RegionSize 0x110592.
2020-01-14 13:44:18,946 [root] DEBUG: AddTrackedRegion: New region at 0x00150000 size 0x1b000 added to tracked regions.
2020-01-14 13:44:18,946 [root] DEBUG: ActivateBreakpoints: TrackedRegion->AllocationBase: 0x00150000, TrackedRegion->RegionSize: 0x1b000, thread 1312
2020-01-14 13:44:18,946 [root] DEBUG: SetDebugRegister: Setting breakpoint 0 hThread=0xc8, Size=0x2, Address=0x00150000 and Type=0x1.
2020-01-14 13:44:18,946 [root] DEBUG: SetThreadBreakpoint: Set bp 0 thread id 1312 type 1 at address 0x00150000, size 2 with Callback 0x74b47510.
2020-01-14 13:44:18,946 [root] DEBUG: ActivateBreakpoints: Set write breakpoint on empty protect address: 0x00150000
2020-01-14 13:44:18,946 [root] DEBUG: SetDebugRegister: Setting breakpoint 1 hThread=0xc8, Size=0x4, Address=0x0015003C and Type=0x1.
2020-01-14 13:44:18,946 [root] DEBUG: SetThreadBreakpoint: Set bp 1 thread id 1312 type 1 at address 0x0015003C, size 4 with Callback 0x74b471a0.
2020-01-14 13:44:18,946 [root] DEBUG: ActivateBreakpoints: Set write breakpoint on e_lfanew address: 0x0015003C
2020-01-14 13:44:18,946 [root] DEBUG: AllocationHandler: Breakpoints set on newly-allocated executable region at: 0x00150000 (size 0x1b000).
2020-01-14 13:44:18,977 [root] DEBUG: DLL unloaded from 0x77860000.
2020-01-14 13:44:18,977 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x002F0E6A (thread 1312)
2020-01-14 13:44:18,977 [root] DEBUG: BaseAddressWriteCallback: Breakpoint 0 at Address 0x00150000.
2020-01-14 13:44:18,977 [root] DEBUG: ContextSetDebugRegister: Setting breakpoint 2 within Context, Size=0x0, Address=0x00150000 and Type=0x0.
2020-01-14 13:44:18,977 [root] DEBUG: BaseAddressWriteCallback: byte written to 0x150000: 0xc8.
2020-01-14 13:44:18,977 [root] DEBUG: BaseAddressWriteCallback: Exec bp set on tracked region protect address.
2020-01-14 13:44:18,977 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x002F0E6A (thread 1312)
2020-01-14 13:44:18,977 [root] DEBUG: BaseAddressWriteCallback: Breakpoint 0 at Address 0x00150000.
2020-01-14 13:44:18,977 [root] DEBUG: ContextSetNextAvailableBreakpoint: An identical breakpoint (2) at 0x00150000 already exists for thread 1312 (process 1420), skipping.
2020-01-14 13:44:18,977 [root] DEBUG: BaseAddressWriteCallback: byte written to 0x150000: 0xc8.
2020-01-14 13:44:18,977 [root] DEBUG: BaseAddressWriteCallback: Exec bp set on tracked region protect address.
2020-01-14 13:44:18,977 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x002F0E6A (thread 1312)
2020-01-14 13:44:18,993 [root] DEBUG: PEPointerWriteCallback: Breakpoint 1 at Address 0x0015003C.
2020-01-14 13:44:18,993 [root] DEBUG: ContextUpdateCurrentBreakpoint: bp 0x00150000: 0x00150000 0x0015003C 0x00150000 0x00000000
2020-01-14 13:44:18,993 [root] DEBUG: ContextSetDebugRegister: Setting breakpoint 0 within Context, Size=0x2, Address=0x0015009B and Type=0x1.
2020-01-14 13:44:18,993 [root] DEBUG: ContextSetDebugRegister: Setting breakpoint 3 within Context, Size=0x4, Address=0x001500AB and Type=0x1.
2020-01-14 13:44:18,993 [root] DEBUG: PEPointerWriteCallback: set write bp on AddressOfEntryPoint at 0x001500AB.
2020-01-14 13:44:18,993 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x002F0E6A (thread 1312)
2020-01-14 13:44:18,993 [root] DEBUG: PEPointerWriteCallback: Breakpoint 1 at Address 0x0015003C.
2020-01-14 13:44:18,993 [root] DEBUG: PEPointerWriteCallback: candidate pointer to PE header too big: 0x6583 (at 0x0015003C).
2020-01-14 13:44:18,993 [root] DEBUG: ContextSetNextAvailableBreakpoint: An identical breakpoint (2) at 0x00150000 already exists for thread 1312 (process 1420), skipping.
2020-01-14 13:44:18,993 [root] DEBUG: PEPointerWriteCallback: set write bp on AddressOfEntryPoint at 0x00150000.
2020-01-14 13:44:18,993 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x002F0E6A (thread 1312)
2020-01-14 13:44:18,993 [root] DEBUG: PEPointerWriteCallback: Breakpoint 1 at Address 0x0015003C.
2020-01-14 13:44:18,993 [root] DEBUG: PEPointerWriteCallback: candidate pointer to PE header too big: 0xfc6583 (at 0x0015003C).
2020-01-14 13:44:18,993 [root] DEBUG: ContextSetNextAvailableBreakpoint: An identical breakpoint (2) at 0x00150000 already exists for thread 1312 (process 1420), skipping.
2020-01-14 13:44:18,993 [root] DEBUG: PEPointerWriteCallback: set write bp on AddressOfEntryPoint at 0x00150000.
2020-01-14 13:44:18,993 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x002F0E6A (thread 1312)
2020-01-14 13:44:18,993 [root] DEBUG: PEPointerWriteCallback: Breakpoint 1 at Address 0x0015003C.
2020-01-14 13:44:18,993 [root] DEBUG: PEPointerWriteCallback: candidate pointer to PE header too big: 0xfc6583 (at 0x0015003C).
2020-01-14 13:44:18,993 [root] DEBUG: ContextSetNextAvailableBreakpoint: An identical breakpoint (2) at 0x00150000 already exists for thread 1312 (process 1420), skipping.
2020-01-14 13:44:18,993 [root] DEBUG: PEPointerWriteCallback: set write bp on AddressOfEntryPoint at 0x00150000.
2020-01-14 13:44:18,993 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x002F0E6A (thread 1312)
2020-01-14 13:44:18,993 [root] DEBUG: MagicWriteCallback: pointer to PE header too big: 0x00FC6583.
2020-01-14 13:44:19,009 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x002F0E6A (thread 1312)
2020-01-14 13:44:19,009 [root] DEBUG: AddressOfEPWriteCallback: pointer to PE header too big: 0x00FC6583.
2020-01-14 13:44:19,009 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x002F0E6A (thread 1312)
2020-01-14 13:44:19,009 [root] DEBUG: AddressOfEPWriteCallback: pointer to PE header too big: 0x00FC6583.
2020-01-14 13:44:19,009 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x002F0E6A (thread 1312)
2020-01-14 13:44:19,009 [root] DEBUG: AddressOfEPWriteCallback: pointer to PE header too big: 0x00FC6583.
2020-01-14 13:44:19,009 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x002F0E6A (thread 1312)
2020-01-14 13:44:19,009 [root] DEBUG: AddressOfEPWriteCallback: pointer to PE header too big: 0x00FC6583.
2020-01-14 13:44:19,023 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x00150000 (thread 1312)
2020-01-14 13:44:19,023 [root] DEBUG: ShellcodeExecCallback: Breakpoint 2 at Address 0x00150000 (allocation base 0x00150000).
2020-01-14 13:44:19,039 [root] DEBUG: ShellcodeExecCallback: Debug: About to scan region for a PE image (base 0x00150000, size 0x1b000).
2020-01-14 13:44:19,039 [root] DEBUG: DumpPEsInRange: Scanning range 0x150000 - 0x16b000.
2020-01-14 13:44:19,039 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x150000-0x16b000.
2020-01-14 13:44:19,039 [root] DEBUG: DumpMemory: CAPE output file C:\dSRqLuAX\CAPE\1420_177836192819241414212020 successfully created, size 0x1b000
2020-01-14 13:44:19,055 [root] INFO: Added new CAPE file to list with path: C:\dSRqLuAX\CAPE\1420_177836192819241414212020
2020-01-14 13:44:19,055 [root] DEBUG: ShellcodeExecCallback: successfully dumped memory range at 0x00150000 (size 0x1b000).
2020-01-14 13:44:19,055 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x150000 - 0x16b000.
2020-01-14 13:44:19,055 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoint 0 address 0x0015009B.
2020-01-14 13:44:19,055 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoint 1 address 0x0015003C.
2020-01-14 13:44:19,055 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoint 2 address 0x00150000.
2020-01-14 13:44:19,055 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoint 3 address 0x001500AB.
2020-01-14 13:44:20,101 [root] DEBUG: Allocation: 0x001C0000 - 0x001DA000, size: 0x1a000, protection: 0x40.
2020-01-14 13:44:20,101 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:44:20,101 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:44:20,101 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099527e+00.
2020-01-14 13:44:20,101 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:44:20,101 [root] DEBUG: AllocationHandler: Adding allocation to tracked region list: 0x001C0000, size: 0x1a000.
2020-01-14 13:44:20,101 [root] DEBUG: AddTrackedRegion: GetTrackedRegion(0x001C0000) returned 0x00000000.
2020-01-14 13:44:20,101 [root] DEBUG: AddTrackedRegion: Created new tracked region: TrackedRegion->AllocationBase 0x00000000.
2020-01-14 13:44:20,101 [root] DEBUG: AddTrackedRegion: VirtualQuery(0x001C0000) -> AllocationBase 0x001C0000 RegionSize 0x106496.
2020-01-14 13:44:20,101 [root] DEBUG: AddTrackedRegion: New region at 0x001C0000 size 0x1a000 added to tracked regions.
2020-01-14 13:44:20,101 [root] DEBUG: ActivateBreakpoints: TrackedRegion->AllocationBase: 0x001C0000, TrackedRegion->RegionSize: 0x1a000, thread 1312
2020-01-14 13:44:20,101 [root] DEBUG: ActivateBreakpoints: Switching breakpoints from region 0x00150000 to 0x001C0000.
2020-01-14 13:44:20,101 [root] DEBUG: SetDebugRegister: Setting breakpoint 0 hThread=0xc8, Size=0x2, Address=0x001C0000 and Type=0x1.
2020-01-14 13:44:20,101 [root] DEBUG: SetThreadBreakpoint: Set bp 0 thread id 1312 type 1 at address 0x001C0000, size 2 with Callback 0x74b47510.
2020-01-14 13:44:20,101 [root] DEBUG: ActivateBreakpoints: Set write breakpoint on empty protect address: 0x001C0000
2020-01-14 13:44:20,101 [root] DEBUG: SetDebugRegister: Setting breakpoint 1 hThread=0xc8, Size=0x4, Address=0x001C003C and Type=0x1.
2020-01-14 13:44:20,115 [root] DEBUG: SetThreadBreakpoint: Set bp 1 thread id 1312 type 1 at address 0x001C003C, size 4 with Callback 0x74b471a0.
2020-01-14 13:44:20,115 [root] DEBUG: ActivateBreakpoints: Set write breakpoint on e_lfanew address: 0x001C003C
2020-01-14 13:44:20,115 [root] DEBUG: AllocationHandler: Breakpoints set on newly-allocated executable region at: 0x001C0000 (size 0x1a000).
2020-01-14 13:44:20,115 [root] DEBUG: DLL unloaded from 0x77230000.
2020-01-14 13:44:20,131 [root] DEBUG: DLL unloaded from 0x77860000.
2020-01-14 13:44:20,131 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x002F0E6A (thread 1312)
2020-01-14 13:44:20,131 [root] DEBUG: BaseAddressWriteCallback: Breakpoint 0 at Address 0x001C0000.
2020-01-14 13:44:20,131 [root] DEBUG: ContextSetDebugRegister: Setting breakpoint 2 within Context, Size=0x0, Address=0x001C0000 and Type=0x0.
2020-01-14 13:44:20,131 [root] DEBUG: BaseAddressWriteCallback: byte written to 0x1c0000: 0xe9.
2020-01-14 13:44:20,131 [root] DEBUG: BaseAddressWriteCallback: Exec bp set on tracked region protect address.
2020-01-14 13:44:20,131 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x002F0E6A (thread 1312)
2020-01-14 13:44:20,131 [root] DEBUG: BaseAddressWriteCallback: Breakpoint 0 at Address 0x001C0000.
2020-01-14 13:44:20,131 [root] DEBUG: ContextSetNextAvailableBreakpoint: An identical breakpoint (2) at 0x001C0000 already exists for thread 1312 (process 1420), skipping.
2020-01-14 13:44:20,148 [root] DEBUG: BaseAddressWriteCallback: byte written to 0x1c0000: 0xe9.
2020-01-14 13:44:20,148 [root] DEBUG: BaseAddressWriteCallback: Exec bp set on tracked region protect address.
2020-01-14 13:44:20,148 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x002F0E6A (thread 1312)
2020-01-14 13:44:20,148 [root] DEBUG: PEPointerWriteCallback: Breakpoint 1 at Address 0x001C003C.
2020-01-14 13:44:20,148 [root] DEBUG: ContextUpdateCurrentBreakpoint: bp 0x001C0000: 0x001C0000 0x001C003C 0x001C0000 0x00000000
2020-01-14 13:44:20,148 [root] DEBUG: ContextSetDebugRegister: Setting breakpoint 0 within Context, Size=0x2, Address=0x001C010B and Type=0x1.
2020-01-14 13:44:20,148 [root] DEBUG: ContextSetDebugRegister: Setting breakpoint 3 within Context, Size=0x4, Address=0x001C011B and Type=0x1.
2020-01-14 13:44:20,148 [root] DEBUG: PEPointerWriteCallback: set write bp on AddressOfEntryPoint at 0x001C011B.
2020-01-14 13:44:20,148 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x002F0E6A (thread 1312)
2020-01-14 13:44:20,148 [root] DEBUG: PEPointerWriteCallback: Breakpoint 1 at Address 0x001C003C.
2020-01-14 13:44:20,148 [root] DEBUG: PEPointerWriteCallback: candidate pointer to PE header too big: 0x57f3 (at 0x001C003C).
2020-01-14 13:44:20,148 [root] DEBUG: ContextSetNextAvailableBreakpoint: An identical breakpoint (2) at 0x001C0000 already exists for thread 1312 (process 1420), skipping.
2020-01-14 13:44:20,148 [root] DEBUG: PEPointerWriteCallback: set write bp on AddressOfEntryPoint at 0x001C0000.
2020-01-14 13:44:20,148 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x002F0E6A (thread 1312)
2020-01-14 13:44:20,148 [root] DEBUG: PEPointerWriteCallback: Breakpoint 1 at Address 0x001C003C.
2020-01-14 13:44:20,148 [root] DEBUG: PEPointerWriteCallback: candidate pointer to PE header too big: 0x8957f3 (at 0x001C003C).
2020-01-14 13:44:20,148 [root] DEBUG: ContextSetNextAvailableBreakpoint: An identical breakpoint (2) at 0x001C0000 already exists for thread 1312 (process 1420), skipping.
2020-01-14 13:44:20,148 [root] DEBUG: PEPointerWriteCallback: set write bp on AddressOfEntryPoint at 0x001C0000.
2020-01-14 13:44:20,148 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x002F0E6A (thread 1312)
2020-01-14 13:44:20,148 [root] DEBUG: PEPointerWriteCallback: Breakpoint 1 at Address 0x001C003C.
2020-01-14 13:44:20,148 [root] DEBUG: PEPointerWriteCallback: candidate pointer to PE header too big: 0x4d8957f3 (at 0x001C003C).
2020-01-14 13:44:20,148 [root] DEBUG: ContextSetNextAvailableBreakpoint: An identical breakpoint (2) at 0x001C0000 already exists for thread 1312 (process 1420), skipping.
2020-01-14 13:44:20,148 [root] DEBUG: PEPointerWriteCallback: set write bp on AddressOfEntryPoint at 0x001C0000.
2020-01-14 13:44:20,163 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x002F0E6A (thread 1312)
2020-01-14 13:44:20,163 [root] DEBUG: AddressOfEPWriteCallback: pointer to PE header too big: 0x4D8957F3.
2020-01-14 13:44:20,178 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x001C0000 (thread 1312)
2020-01-14 13:44:20,178 [root] DEBUG: ShellcodeExecCallback: Breakpoint 2 at Address 0x001C0000 (allocation base 0x001C0000).
2020-01-14 13:44:20,178 [root] DEBUG: ShellcodeExecCallback: Debug: About to scan region for a PE image (base 0x001C0000, size 0x1a000).
2020-01-14 13:44:20,178 [root] DEBUG: DumpPEsInRange: Scanning range 0x1c0000 - 0x1da000.
2020-01-14 13:44:20,178 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1c0000-0x1da000.
2020-01-14 13:44:20,178 [root] DEBUG: DumpMemory: CAPE output file C:\dSRqLuAX\CAPE\1420_67867164620241414212020 successfully created, size 0x1a000
2020-01-14 13:44:20,194 [root] INFO: Added new CAPE file to list with path: C:\dSRqLuAX\CAPE\1420_67867164620241414212020
2020-01-14 13:44:20,194 [root] DEBUG: ShellcodeExecCallback: successfully dumped memory range at 0x001C0000 (size 0x1a000).
2020-01-14 13:44:20,194 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1c0000 - 0x1da000.
2020-01-14 13:44:20,194 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoint 0 address 0x001C010B.
2020-01-14 13:44:20,194 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoint 1 address 0x001C003C.
2020-01-14 13:44:20,194 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoint 2 address 0x001C0000.
2020-01-14 13:44:20,194 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoint 3 address 0x001C011B.
2020-01-14 13:44:20,194 [root] DEBUG: set_caller_info: Adding region at 0x001C0000 to caller regions list (ntdll::NtOpenSection).
2020-01-14 13:44:20,194 [root] DEBUG: set_caller_info: Caller at 0x001C019B in tracked regions.
2020-01-14 13:44:20,210 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:44:20,210 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:44:20,210 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:44:20,210 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:44:20,210 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:44:20,210 [root] INFO: Sample attempted to remap module 'C:\Windows\SysWOW64\ntdll.dll' at 0x07490000, returning original module address instead: 0x77860000
2020-01-14 13:44:20,210 [root] DEBUG: set_caller_info: Adding region at 0x04D80000 to caller regions list (ntdll::LdrLoadDll).
2020-01-14 13:44:20,240 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1520
2020-01-14 13:44:20,240 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:20,240 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:20,240 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:20,240 [root] DEBUG: Loader: Injecting process 1520 (thread 2044) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:20,240 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:44:20,240 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:20,240 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:44:20,240 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:20,256 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1520
2020-01-14 13:44:20,256 [root] DEBUG: DLL loaded at 0x74DC0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2020-01-14 13:44:22,924 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1520
2020-01-14 13:44:22,924 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:22,924 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:22,924 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:22,924 [root] DEBUG: Loader: Injecting process 1520 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:22,940 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:22,940 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:22,940 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:22,940 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1520, error: -15
2020-01-14 13:44:22,940 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1520
2020-01-14 13:44:22,940 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:22,940 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:22,940 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:22,940 [root] DEBUG: Loader: Injecting process 1520 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:22,940 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:22,940 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:22,940 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:22,940 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1520, error: -15
2020-01-14 13:44:22,940 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1520
2020-01-14 13:44:22,940 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:22,940 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:22,956 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:22,956 [root] DEBUG: Loader: Injecting process 1520 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:22,956 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:22,956 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:22,956 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:22,956 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1520, error: -15
2020-01-14 13:44:22,956 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:44:22,956 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:44:22,956 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:44:22,970 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:44:22,970 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:44:22,970 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:44:22,970 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1424
2020-01-14 13:44:22,970 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:22,970 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:22,970 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:22,970 [root] DEBUG: Loader: Injecting process 1424 (thread 1912) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:22,970 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:44:22,970 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:22,970 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:44:22,970 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:22,970 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1424
2020-01-14 13:44:25,545 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1424
2020-01-14 13:44:25,545 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:25,545 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:25,592 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:25,592 [root] DEBUG: Loader: Injecting process 1424 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:25,592 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:25,592 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:25,592 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:25,592 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1424, error: -15
2020-01-14 13:44:25,592 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1424
2020-01-14 13:44:25,592 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:25,592 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:25,592 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:25,592 [root] DEBUG: Loader: Injecting process 1424 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:25,608 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:25,608 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:25,608 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:25,608 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1424, error: -15
2020-01-14 13:44:25,608 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1424
2020-01-14 13:44:25,608 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:25,608 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:25,622 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:25,622 [root] DEBUG: Loader: Injecting process 1424 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:25,622 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:25,622 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:25,622 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:25,622 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1424, error: -15
2020-01-14 13:44:25,622 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:44:25,638 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:44:25,638 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:44:25,638 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:44:25,638 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:44:25,638 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:44:25,638 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1908
2020-01-14 13:44:25,638 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:25,638 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:25,654 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:25,654 [root] DEBUG: Loader: Injecting process 1908 (thread 1280) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:25,654 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:44:25,670 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:25,670 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:44:25,670 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:25,670 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1908
2020-01-14 13:44:28,338 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1908
2020-01-14 13:44:28,338 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:28,338 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:28,352 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:28,352 [root] DEBUG: Loader: Injecting process 1908 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:28,352 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:28,352 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:28,352 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:28,352 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1908, error: -15
2020-01-14 13:44:28,352 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1908
2020-01-14 13:44:28,352 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:28,352 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:28,368 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:28,368 [root] DEBUG: Loader: Injecting process 1908 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:28,368 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:28,368 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:28,368 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:28,384 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1908, error: -15
2020-01-14 13:44:28,400 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1908
2020-01-14 13:44:28,400 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:28,400 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:28,400 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:28,400 [root] DEBUG: Loader: Injecting process 1908 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:28,400 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:28,400 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:28,415 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:28,415 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1908, error: -15
2020-01-14 13:44:28,415 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:44:28,415 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:44:28,415 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:44:28,415 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:44:28,415 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:44:28,415 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:44:28,415 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1728
2020-01-14 13:44:28,415 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:28,430 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:28,430 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:28,430 [root] DEBUG: Loader: Injecting process 1728 (thread 1548) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:28,430 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:44:28,430 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:28,430 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:44:28,430 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:28,447 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1728
2020-01-14 13:44:31,364 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1728
2020-01-14 13:44:31,364 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:31,364 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:31,380 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:31,394 [root] DEBUG: Loader: Injecting process 1728 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:31,394 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:31,394 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:31,394 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:31,394 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1728, error: -15
2020-01-14 13:44:31,394 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1728
2020-01-14 13:44:31,411 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:31,411 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:31,411 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:31,411 [root] DEBUG: Loader: Injecting process 1728 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:31,411 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:31,411 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:31,411 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:31,411 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1728, error: -15
2020-01-14 13:44:31,426 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1728
2020-01-14 13:44:31,426 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:31,426 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:31,426 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:31,441 [root] DEBUG: Loader: Injecting process 1728 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:31,441 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:31,441 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:31,441 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:31,441 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1728, error: -15
2020-01-14 13:44:31,441 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:44:31,441 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:44:31,441 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:44:31,473 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:44:31,473 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:44:31,473 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:44:31,473 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1756
2020-01-14 13:44:31,473 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:31,489 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:31,489 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:31,489 [root] DEBUG: Loader: Injecting process 1756 (thread 1724) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:31,503 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:44:31,519 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:31,519 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:44:31,519 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:31,536 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1756
2020-01-14 13:44:35,763 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1756
2020-01-14 13:44:35,763 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:35,763 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:35,779 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:35,779 [root] DEBUG: Loader: Injecting process 1756 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:35,779 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:35,779 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:35,779 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:35,793 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1756, error: -15
2020-01-14 13:44:35,809 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1756
2020-01-14 13:44:35,809 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:35,809 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:35,809 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:35,809 [root] DEBUG: Loader: Injecting process 1756 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:35,809 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:35,809 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:35,809 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:35,809 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1756, error: -15
2020-01-14 13:44:35,809 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1756
2020-01-14 13:44:35,825 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:35,825 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:35,825 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:35,841 [root] DEBUG: Loader: Injecting process 1756 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:35,841 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:35,857 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:35,857 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:35,857 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1756, error: -15
2020-01-14 13:44:35,857 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:44:35,857 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:44:35,857 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:44:35,857 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:44:35,857 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:44:35,857 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:44:35,871 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 460
2020-01-14 13:44:35,918 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:35,918 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:35,950 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:35,950 [root] DEBUG: Loader: Injecting process 460 (thread 1232) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:35,950 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:44:35,996 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:35,996 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:44:35,996 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:36,028 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 460
2020-01-14 13:44:39,069 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 460
2020-01-14 13:44:39,069 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:39,069 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:39,069 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:39,069 [root] DEBUG: Loader: Injecting process 460 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:39,069 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:39,085 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:39,085 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:39,085 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 460, error: -15
2020-01-14 13:44:39,085 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 460
2020-01-14 13:44:39,085 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:39,085 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:39,101 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:39,101 [root] DEBUG: Loader: Injecting process 460 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:39,101 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:39,101 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:39,101 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:39,101 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 460, error: -15
2020-01-14 13:44:39,101 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 460
2020-01-14 13:44:39,101 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:39,101 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:39,101 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:39,132 [root] DEBUG: Loader: Injecting process 460 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:39,148 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:39,164 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:39,164 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:39,164 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 460, error: -15
2020-01-14 13:44:39,164 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:44:39,164 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:44:39,164 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:44:39,164 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:44:39,164 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:44:39,164 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:44:39,164 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1860
2020-01-14 13:44:39,164 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:39,164 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:39,180 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:39,180 [root] DEBUG: Loader: Injecting process 1860 (thread 1552) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:39,180 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:44:39,180 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:39,180 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:44:39,180 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:39,180 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1860
2020-01-14 13:44:42,611 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1860
2020-01-14 13:44:42,611 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:42,611 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:42,611 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:42,611 [root] DEBUG: Loader: Injecting process 1860 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:42,611 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:42,627 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:42,627 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:42,627 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1860, error: -15
2020-01-14 13:44:42,627 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1860
2020-01-14 13:44:42,627 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:42,627 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:42,627 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:42,627 [root] DEBUG: Loader: Injecting process 1860 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:42,642 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:42,642 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:42,642 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:42,642 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1860, error: -15
2020-01-14 13:44:42,642 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1860
2020-01-14 13:44:42,642 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:42,642 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:42,657 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:42,657 [root] DEBUG: Loader: Injecting process 1860 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:42,657 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:42,657 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:42,657 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:42,657 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1860, error: -15
2020-01-14 13:44:42,674 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:44:42,674 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:44:42,674 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:44:42,674 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:44:42,690 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:44:42,690 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:44:42,690 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 560
2020-01-14 13:44:42,690 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:42,690 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:42,690 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:42,690 [root] DEBUG: Loader: Injecting process 560 (thread 884) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:42,690 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:44:42,690 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:42,690 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:44:42,704 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:42,704 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 560
2020-01-14 13:44:45,809 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 560
2020-01-14 13:44:45,809 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:45,809 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:45,809 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:45,809 [root] DEBUG: Loader: Injecting process 560 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:45,809 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:45,809 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:45,809 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:45,825 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 560, error: -15
2020-01-14 13:44:45,841 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 560
2020-01-14 13:44:45,841 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:45,841 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:45,841 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:45,841 [root] DEBUG: Loader: Injecting process 560 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:45,841 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:45,841 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:45,841 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:45,841 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 560, error: -15
2020-01-14 13:44:45,841 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 560
2020-01-14 13:44:45,841 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:45,841 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:45,855 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:45,855 [root] DEBUG: Loader: Injecting process 560 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:45,855 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:45,855 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:45,855 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:45,855 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 560, error: -15
2020-01-14 13:44:45,855 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:44:45,855 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:44:45,855 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:44:45,855 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:44:45,855 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:44:45,871 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:44:45,871 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1064
2020-01-14 13:44:45,871 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:45,871 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:45,871 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:45,871 [root] DEBUG: Loader: Injecting process 1064 (thread 788) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:45,871 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:44:45,888 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:45,888 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:44:45,888 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:45,888 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1064
2020-01-14 13:44:48,898 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1064
2020-01-14 13:44:48,898 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:48,914 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:48,914 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:48,914 [root] DEBUG: Loader: Injecting process 1064 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:48,914 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:48,914 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:48,930 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:48,930 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1064, error: -15
2020-01-14 13:44:48,930 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1064
2020-01-14 13:44:48,930 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:48,930 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:49,069 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:49,069 [root] DEBUG: Loader: Injecting process 1064 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:49,069 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:49,069 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:49,069 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:49,069 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1064, error: -15
2020-01-14 13:44:49,069 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1064
2020-01-14 13:44:49,069 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:49,069 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:49,085 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:49,085 [root] DEBUG: Loader: Injecting process 1064 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:49,085 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:49,085 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:49,085 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:49,085 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1064, error: -15
2020-01-14 13:44:49,085 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:44:49,085 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:44:49,085 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:44:49,085 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:44:49,085 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:44:49,085 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:44:49,101 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2020
2020-01-14 13:44:49,101 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:49,101 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:49,101 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:49,101 [root] DEBUG: Loader: Injecting process 2020 (thread 2012) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:49,101 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:44:49,101 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:49,101 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:44:49,101 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:49,101 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2020
2020-01-14 13:44:52,470 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2020
2020-01-14 13:44:52,470 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:52,470 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:52,486 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:52,502 [root] DEBUG: Loader: Injecting process 2020 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:52,502 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:52,502 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:52,502 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:52,517 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2020, error: -15
2020-01-14 13:44:52,579 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2020
2020-01-14 13:44:52,579 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:52,579 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:52,579 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:52,579 [root] DEBUG: Loader: Injecting process 2020 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:52,579 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:52,579 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:52,579 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:52,579 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2020, error: -15
2020-01-14 13:44:52,595 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2020
2020-01-14 13:44:52,611 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:52,611 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:52,674 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:52,720 [root] DEBUG: Loader: Injecting process 2020 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:52,736 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:52,736 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:52,736 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:52,782 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2020, error: -15
2020-01-14 13:44:52,782 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:44:52,782 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:44:52,782 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:44:52,782 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:44:52,782 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:44:52,798 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:44:52,813 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1712
2020-01-14 13:44:52,813 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:52,813 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:52,829 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:52,845 [root] DEBUG: Loader: Injecting process 1712 (thread 1480) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:52,861 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:44:52,861 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:52,875 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:44:52,875 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:52,875 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1712
2020-01-14 13:44:56,417 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1712
2020-01-14 13:44:56,417 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:56,417 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:56,417 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:56,417 [root] DEBUG: Loader: Injecting process 1712 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:56,417 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:56,417 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:56,417 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:56,433 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1712, error: -15
2020-01-14 13:44:56,433 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1712
2020-01-14 13:44:56,433 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:56,433 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:56,433 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:56,433 [root] DEBUG: Loader: Injecting process 1712 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:56,433 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:56,433 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:56,433 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:56,433 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1712, error: -15
2020-01-14 13:44:56,433 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1712
2020-01-14 13:44:56,433 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:56,433 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:56,448 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:56,448 [root] DEBUG: Loader: Injecting process 1712 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:56,448 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:56,448 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:56,463 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:56,463 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1712, error: -15
2020-01-14 13:44:56,463 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:44:56,463 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:44:56,463 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:44:56,463 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:44:56,463 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:44:56,480 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:44:56,496 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1660
2020-01-14 13:44:56,496 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:56,496 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:56,510 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:56,510 [root] DEBUG: Loader: Injecting process 1660 (thread 1716) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:56,510 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:44:56,510 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:56,510 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:44:56,510 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:56,510 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1660
2020-01-14 13:44:59,584 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1660
2020-01-14 13:44:59,584 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:59,584 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:59,584 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:59,584 [root] DEBUG: Loader: Injecting process 1660 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:59,584 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:59,584 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:59,584 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:59,584 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1660, error: -15
2020-01-14 13:44:59,599 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1660
2020-01-14 13:44:59,599 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:59,599 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:59,599 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:59,615 [root] DEBUG: Loader: Injecting process 1660 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:59,615 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:59,615 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:59,615 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:59,647 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1660, error: -15
2020-01-14 13:44:59,647 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1660
2020-01-14 13:44:59,647 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:59,647 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:59,647 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:59,647 [root] DEBUG: Loader: Injecting process 1660 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:59,647 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:44:59,647 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:44:59,647 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:59,661 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1660, error: -15
2020-01-14 13:44:59,661 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:44:59,661 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:44:59,661 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:44:59,661 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:44:59,661 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:44:59,661 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:44:59,818 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2192
2020-01-14 13:44:59,818 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:44:59,818 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:44:59,834 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:44:59,834 [root] DEBUG: Loader: Injecting process 2192 (thread 2196) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:59,834 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:44:59,834 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:59,834 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:44:59,834 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:44:59,834 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2192
2020-01-14 13:45:03,141 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2192
2020-01-14 13:45:03,141 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:03,141 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:03,141 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:03,141 [root] DEBUG: Loader: Injecting process 2192 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:03,141 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:03,141 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:03,141 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:03,157 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2192, error: -15
2020-01-14 13:45:03,157 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2192
2020-01-14 13:45:03,157 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:03,157 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:03,187 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:03,187 [root] DEBUG: Loader: Injecting process 2192 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:03,187 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:03,203 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:03,203 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:03,203 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2192, error: -15
2020-01-14 13:45:03,203 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2192
2020-01-14 13:45:03,219 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:03,219 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:03,234 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:03,234 [root] DEBUG: Loader: Injecting process 2192 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:03,234 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:03,234 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:03,234 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:03,234 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2192, error: -15
2020-01-14 13:45:03,234 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:45:03,234 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:45:03,234 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:45:03,234 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:45:03,234 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:45:03,234 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:45:03,250 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2388
2020-01-14 13:45:03,250 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:03,250 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:03,266 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:03,266 [root] DEBUG: Loader: Injecting process 2388 (thread 2392) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:03,266 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:45:03,282 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:03,282 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:45:03,282 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:03,312 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2388
2020-01-14 13:45:07,104 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2388
2020-01-14 13:45:07,104 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:07,104 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:07,104 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:07,104 [root] DEBUG: Loader: Injecting process 2388 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:07,104 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:07,104 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:07,104 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:07,118 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2388, error: -15
2020-01-14 13:45:07,118 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2388
2020-01-14 13:45:07,118 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:07,118 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:07,118 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:07,118 [root] DEBUG: Loader: Injecting process 2388 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:07,118 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:07,118 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:07,118 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:07,118 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2388, error: -15
2020-01-14 13:45:07,134 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2388
2020-01-14 13:45:07,134 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:07,134 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:07,134 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:07,134 [root] DEBUG: Loader: Injecting process 2388 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:07,134 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:07,134 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:07,134 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:07,134 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2388, error: -15
2020-01-14 13:45:07,134 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:45:07,134 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:45:07,134 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:45:07,134 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:45:07,134 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:45:07,134 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:45:07,165 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2576
2020-01-14 13:45:07,165 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:07,181 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:07,181 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:07,181 [root] DEBUG: Loader: Injecting process 2576 (thread 2580) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:07,181 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:45:07,181 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:07,181 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:45:07,181 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:07,181 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2576
2020-01-14 13:45:09,802 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2576
2020-01-14 13:45:09,802 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:09,802 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:09,802 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:09,802 [root] DEBUG: Loader: Injecting process 2576 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:09,802 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:09,802 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:09,818 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:09,818 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2576, error: -15
2020-01-14 13:45:09,818 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2576
2020-01-14 13:45:09,818 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:09,818 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:09,818 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:09,818 [root] DEBUG: Loader: Injecting process 2576 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:09,834 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:09,834 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:09,834 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:09,834 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2576, error: -15
2020-01-14 13:45:09,848 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2576
2020-01-14 13:45:09,848 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:09,848 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:09,848 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:09,848 [root] DEBUG: Loader: Injecting process 2576 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:09,848 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:09,848 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:09,848 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:09,848 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2576, error: -15
2020-01-14 13:45:09,848 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:45:09,848 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:45:09,848 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:45:09,848 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:45:09,848 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:45:09,848 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:45:09,865 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2764
2020-01-14 13:45:09,865 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:09,865 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:09,880 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:09,880 [root] DEBUG: Loader: Injecting process 2764 (thread 2768) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:09,880 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:45:09,880 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:09,880 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:45:09,880 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:09,880 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2764
2020-01-14 13:45:12,313 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2764
2020-01-14 13:45:12,313 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:12,313 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:12,345 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:12,345 [root] DEBUG: Loader: Injecting process 2764 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:12,345 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:12,345 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:12,361 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:12,361 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2764, error: -15
2020-01-14 13:45:12,361 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2764
2020-01-14 13:45:12,361 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:12,361 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:12,375 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:12,375 [root] DEBUG: Loader: Injecting process 2764 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:12,375 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:12,375 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:12,375 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:12,375 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2764, error: -15
2020-01-14 13:45:12,375 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2764
2020-01-14 13:45:12,375 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:12,375 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:12,375 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:12,375 [root] DEBUG: Loader: Injecting process 2764 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:12,391 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:12,391 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:12,391 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:12,391 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2764, error: -15
2020-01-14 13:45:12,391 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:45:12,407 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:45:12,407 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:45:12,407 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:45:12,407 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:45:12,407 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:45:12,407 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2952
2020-01-14 13:45:12,407 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:12,407 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:12,407 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:12,407 [root] DEBUG: Loader: Injecting process 2952 (thread 2956) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:12,407 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:45:12,407 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:12,407 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:45:12,407 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:12,407 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2952
2020-01-14 13:45:15,121 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2952
2020-01-14 13:45:15,121 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:15,121 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:15,121 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:15,121 [root] DEBUG: Loader: Injecting process 2952 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:15,121 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:15,121 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:15,121 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:15,121 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2952, error: -15
2020-01-14 13:45:15,121 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2952
2020-01-14 13:45:15,121 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:15,121 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:15,138 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:15,138 [root] DEBUG: Loader: Injecting process 2952 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:15,138 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:15,138 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:15,138 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:15,138 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2952, error: -15
2020-01-14 13:45:15,138 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2952
2020-01-14 13:45:15,138 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:15,138 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:15,138 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:15,138 [root] DEBUG: Loader: Injecting process 2952 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:15,138 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:15,138 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:15,153 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:15,153 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2952, error: -15
2020-01-14 13:45:15,153 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:45:15,153 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:45:15,153 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:45:15,153 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:45:15,153 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:45:15,153 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:45:15,153 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2056
2020-01-14 13:45:15,153 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:15,153 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:15,153 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:15,153 [root] DEBUG: Loader: Injecting process 2056 (thread 2100) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:15,153 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:45:15,153 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:15,153 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:45:15,153 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:15,153 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2056
2020-01-14 13:45:17,914 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2056
2020-01-14 13:45:17,930 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:17,930 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:17,930 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:17,930 [root] DEBUG: Loader: Injecting process 2056 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:17,946 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:17,946 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:17,946 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:17,946 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2056, error: -15
2020-01-14 13:45:17,946 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2056
2020-01-14 13:45:17,946 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:17,946 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:17,946 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:17,946 [root] DEBUG: Loader: Injecting process 2056 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:17,946 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:17,946 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:17,946 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:17,946 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2056, error: -15
2020-01-14 13:45:17,960 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2056
2020-01-14 13:45:17,960 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:17,960 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:17,960 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:17,960 [root] DEBUG: Loader: Injecting process 2056 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:17,960 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:17,960 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:17,960 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:17,960 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2056, error: -15
2020-01-14 13:45:17,960 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:45:17,960 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:45:17,960 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:45:17,960 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:45:17,960 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:45:17,960 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:45:17,960 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2308
2020-01-14 13:45:17,976 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:17,976 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:17,976 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:17,976 [root] DEBUG: Loader: Injecting process 2308 (thread 2312) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:17,976 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:45:17,976 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:17,976 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:45:17,976 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:17,976 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2308
2020-01-14 13:45:20,753 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2308
2020-01-14 13:45:20,753 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:20,753 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:20,753 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:20,753 [root] DEBUG: Loader: Injecting process 2308 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:20,753 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:20,753 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:20,753 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:20,753 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2308, error: -15
2020-01-14 13:45:20,753 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2308
2020-01-14 13:45:20,753 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:20,753 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:20,769 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:20,769 [root] DEBUG: Loader: Injecting process 2308 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:20,769 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:20,769 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:20,769 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:20,769 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2308, error: -15
2020-01-14 13:45:20,769 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2308
2020-01-14 13:45:20,769 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:20,785 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:20,785 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:20,785 [root] DEBUG: Loader: Injecting process 2308 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:20,785 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:20,785 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:20,785 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:20,785 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2308, error: -15
2020-01-14 13:45:20,785 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:45:20,785 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:45:20,785 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:45:20,785 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:45:20,785 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:45:20,785 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:45:20,785 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2488
2020-01-14 13:45:20,785 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:20,785 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:20,799 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:20,815 [root] DEBUG: Loader: Injecting process 2488 (thread 2484) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:20,815 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:45:20,815 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:20,815 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:45:20,815 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:20,815 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2488
2020-01-14 13:45:23,483 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2488
2020-01-14 13:45:23,483 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:23,483 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:23,499 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:23,499 [root] DEBUG: Loader: Injecting process 2488 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:23,499 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:23,499 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:23,499 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:23,499 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2488, error: -15
2020-01-14 13:45:23,499 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2488
2020-01-14 13:45:23,499 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:23,499 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:23,515 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:23,515 [root] DEBUG: Loader: Injecting process 2488 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:23,515 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:23,515 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:23,515 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:23,515 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2488, error: -15
2020-01-14 13:45:23,515 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2488
2020-01-14 13:45:23,515 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:23,515 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:23,529 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:23,529 [root] DEBUG: Loader: Injecting process 2488 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:23,529 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:23,529 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:23,529 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:23,529 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2488, error: -15
2020-01-14 13:45:23,529 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:45:23,529 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:45:23,529 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:45:23,529 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:45:23,546 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:45:23,546 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:45:23,546 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2732
2020-01-14 13:45:23,546 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:23,546 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:23,546 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:23,546 [root] DEBUG: Loader: Injecting process 2732 (thread 2728) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:23,546 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:45:23,546 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:23,546 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:45:23,546 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:23,562 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2732
2020-01-14 13:45:25,933 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2732
2020-01-14 13:45:25,933 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:25,933 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:25,947 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:25,947 [root] DEBUG: Loader: Injecting process 2732 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:25,947 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:25,947 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:25,947 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:25,947 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2732, error: -15
2020-01-14 13:45:25,947 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2732
2020-01-14 13:45:25,947 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:25,947 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:25,947 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:25,947 [root] DEBUG: Loader: Injecting process 2732 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:25,947 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:25,963 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:25,963 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:25,963 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2732, error: -15
2020-01-14 13:45:25,963 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2732
2020-01-14 13:45:25,963 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:25,963 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:25,980 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:25,980 [root] DEBUG: Loader: Injecting process 2732 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:25,980 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:25,980 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:25,994 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:25,994 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2732, error: -15
2020-01-14 13:45:25,994 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:45:25,994 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:45:25,994 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:45:25,994 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:45:25,994 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:45:25,994 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:45:26,010 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2920
2020-01-14 13:45:26,010 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:26,010 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:26,026 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:26,026 [root] DEBUG: Loader: Injecting process 2920 (thread 2896) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:26,026 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:45:26,026 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:26,026 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:45:26,026 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:26,042 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2920
2020-01-14 13:45:28,490 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2920
2020-01-14 13:45:28,490 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:28,490 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:28,506 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:28,506 [root] DEBUG: Loader: Injecting process 2920 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:28,506 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:28,506 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:28,506 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:28,506 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2920, error: -15
2020-01-14 13:45:28,522 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2920
2020-01-14 13:45:28,522 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:28,522 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:28,522 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:28,522 [root] DEBUG: Loader: Injecting process 2920 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:28,522 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:28,522 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:28,522 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:28,522 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2920, error: -15
2020-01-14 13:45:28,522 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2920
2020-01-14 13:45:28,522 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:28,522 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:28,538 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:28,538 [root] DEBUG: Loader: Injecting process 2920 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:28,538 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:28,538 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:28,538 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:28,538 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2920, error: -15
2020-01-14 13:45:28,538 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:45:28,538 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:45:28,538 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:45:28,538 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:45:28,538 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:45:28,538 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:45:28,553 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2088
2020-01-14 13:45:28,553 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:28,553 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:28,553 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:28,553 [root] DEBUG: Loader: Injecting process 2088 (thread 2064) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:28,553 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:45:28,553 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:28,553 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:45:28,553 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:28,569 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2088
2020-01-14 13:45:31,345 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2088
2020-01-14 13:45:31,345 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:31,345 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:31,345 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:31,361 [root] DEBUG: Loader: Injecting process 2088 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:31,361 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:31,361 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:31,377 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:31,377 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2088, error: -15
2020-01-14 13:45:31,377 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2088
2020-01-14 13:45:31,377 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:31,377 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:31,392 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:31,392 [root] DEBUG: Loader: Injecting process 2088 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:31,392 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:31,392 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:31,392 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:31,392 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2088, error: -15
2020-01-14 13:45:31,407 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2088
2020-01-14 13:45:31,407 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:31,407 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:31,407 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:31,407 [root] DEBUG: Loader: Injecting process 2088 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:31,407 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:31,407 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:31,407 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:31,407 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2088, error: -15
2020-01-14 13:45:31,424 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:45:31,424 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:45:31,424 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:45:31,424 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:45:31,424 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:45:31,424 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:45:31,424 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2256
2020-01-14 13:45:31,424 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:31,424 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:31,424 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:31,424 [root] DEBUG: Loader: Injecting process 2256 (thread 2252) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:31,440 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:45:31,440 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:31,440 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:45:31,440 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:31,440 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2256
2020-01-14 13:45:34,232 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2256
2020-01-14 13:45:34,232 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:34,232 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:34,232 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:34,232 [root] DEBUG: Loader: Injecting process 2256 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:34,232 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:34,247 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:34,247 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:34,247 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2256, error: -15
2020-01-14 13:45:34,247 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2256
2020-01-14 13:45:34,247 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:34,247 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:34,247 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:34,247 [root] DEBUG: Loader: Injecting process 2256 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:34,247 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:34,247 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:34,247 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:34,247 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2256, error: -15
2020-01-14 13:45:34,247 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2256
2020-01-14 13:45:34,247 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:34,247 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:34,263 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:34,263 [root] DEBUG: Loader: Injecting process 2256 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:34,263 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:34,263 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:34,263 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:34,263 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2256, error: -15
2020-01-14 13:45:34,263 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:45:34,263 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:45:34,263 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:45:34,263 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:45:34,263 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:45:34,263 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:45:34,263 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2544
2020-01-14 13:45:34,279 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:34,279 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:34,279 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:34,279 [root] DEBUG: Loader: Injecting process 2544 (thread 2524) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:34,279 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:45:34,279 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:34,279 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:45:34,279 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:34,279 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2544
2020-01-14 13:45:36,711 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2544
2020-01-14 13:45:36,711 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:36,711 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:36,711 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:36,711 [root] DEBUG: Loader: Injecting process 2544 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:36,711 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:36,711 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:36,711 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:36,711 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2544, error: -15
2020-01-14 13:45:36,727 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2544
2020-01-14 13:45:36,727 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:36,727 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:36,727 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:36,727 [root] DEBUG: Loader: Injecting process 2544 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:36,727 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:36,727 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:36,727 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:36,727 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2544, error: -15
2020-01-14 13:45:36,727 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2544
2020-01-14 13:45:36,727 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:36,727 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:36,727 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:36,727 [root] DEBUG: Loader: Injecting process 2544 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:36,727 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:36,727 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:36,727 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:36,727 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2544, error: -15
2020-01-14 13:45:36,727 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:45:36,727 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:45:36,743 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:45:36,743 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:45:36,743 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:45:36,743 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:45:36,743 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2672
2020-01-14 13:45:36,743 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:36,743 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:36,743 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:36,743 [root] DEBUG: Loader: Injecting process 2672 (thread 2692) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:36,743 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:45:36,743 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:36,743 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:45:36,743 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:36,743 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2672
2020-01-14 13:45:39,364 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2672
2020-01-14 13:45:39,364 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:39,364 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:39,364 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:39,364 [root] DEBUG: Loader: Injecting process 2672 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:39,364 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:39,364 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:39,364 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:39,364 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2672, error: -15
2020-01-14 13:45:39,364 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2672
2020-01-14 13:45:39,364 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:39,364 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:39,364 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:39,364 [root] DEBUG: Loader: Injecting process 2672 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:39,380 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:39,380 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:39,380 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:39,380 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2672, error: -15
2020-01-14 13:45:39,380 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2672
2020-01-14 13:45:39,380 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:39,380 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:39,380 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:39,380 [root] DEBUG: Loader: Injecting process 2672 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:39,380 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:39,380 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:39,380 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:39,380 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2672, error: -15
2020-01-14 13:45:39,380 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:45:39,380 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:45:39,395 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:45:39,411 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:45:39,411 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:45:39,411 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:45:39,411 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2860
2020-01-14 13:45:39,411 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:39,411 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:39,427 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:39,427 [root] DEBUG: Loader: Injecting process 2860 (thread 2828) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:39,427 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:45:39,427 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:39,427 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:45:39,427 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:39,427 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2860
2020-01-14 13:45:41,859 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2860
2020-01-14 13:45:41,859 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:41,859 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:41,891 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:41,891 [root] DEBUG: Loader: Injecting process 2860 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:41,937 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:41,937 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:41,937 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:41,937 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2860, error: -15
2020-01-14 13:45:41,970 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2860
2020-01-14 13:45:41,970 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:41,970 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:41,984 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:41,984 [root] DEBUG: Loader: Injecting process 2860 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:41,984 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:41,984 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:41,984 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:41,984 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2860, error: -15
2020-01-14 13:45:42,000 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2860
2020-01-14 13:45:42,000 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:42,000 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:42,000 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:42,000 [root] DEBUG: Loader: Injecting process 2860 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:42,000 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:42,000 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:42,000 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:42,000 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2860, error: -15
2020-01-14 13:45:42,000 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:45:42,000 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:45:42,000 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:45:42,000 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:45:42,000 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:45:42,016 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:45:42,016 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2052
2020-01-14 13:45:42,016 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:42,016 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:42,016 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:42,016 [root] DEBUG: Loader: Injecting process 2052 (thread 2096) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:42,016 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:45:42,032 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:42,032 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:45:42,032 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:42,032 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2052
2020-01-14 13:45:44,418 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2052
2020-01-14 13:45:44,418 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:44,418 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:44,418 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:44,418 [root] DEBUG: Loader: Injecting process 2052 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:44,418 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:44,418 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:44,418 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:44,418 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2052, error: -15
2020-01-14 13:45:44,434 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2052
2020-01-14 13:45:44,434 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:44,434 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:44,434 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:44,434 [root] DEBUG: Loader: Injecting process 2052 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:44,434 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:44,434 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:44,434 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:44,434 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2052, error: -15
2020-01-14 13:45:44,434 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2052
2020-01-14 13:45:44,434 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:44,434 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:44,450 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:44,450 [root] DEBUG: Loader: Injecting process 2052 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:44,450 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:44,450 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:44,450 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:44,450 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2052, error: -15
2020-01-14 13:45:44,450 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:45:44,450 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:45:44,450 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:45:44,450 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:45:44,450 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:45:44,450 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:45:44,450 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2300
2020-01-14 13:45:44,450 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:44,450 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:44,450 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:44,466 [root] DEBUG: Loader: Injecting process 2300 (thread 2296) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:44,466 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:45:44,466 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:44,466 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:45:44,466 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:44,466 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2300
2020-01-14 13:45:46,572 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2300
2020-01-14 13:45:46,572 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:46,572 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:46,572 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:46,572 [root] DEBUG: Loader: Injecting process 2300 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:46,572 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:46,586 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:46,586 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:46,586 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2300, error: -15
2020-01-14 13:45:46,586 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2300
2020-01-14 13:45:46,586 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:46,586 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:46,586 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:46,586 [root] DEBUG: Loader: Injecting process 2300 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:46,586 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:46,586 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:46,586 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:46,586 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2300, error: -15
2020-01-14 13:45:46,602 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2300
2020-01-14 13:45:46,602 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:46,602 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:46,602 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:46,602 [root] DEBUG: Loader: Injecting process 2300 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:46,602 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:46,602 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:46,602 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:46,602 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2300, error: -15
2020-01-14 13:45:46,618 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:45:46,618 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:45:46,618 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:45:46,618 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:45:46,618 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:45:46,618 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:45:46,634 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1748
2020-01-14 13:45:46,634 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:46,634 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:46,634 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:46,634 [root] DEBUG: Loader: Injecting process 1748 (thread 2512) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:46,634 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:45:46,634 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:46,634 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:45:46,634 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:46,634 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1748
2020-01-14 13:45:49,020 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1748
2020-01-14 13:45:49,020 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:49,020 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:49,020 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:49,020 [root] DEBUG: Loader: Injecting process 1748 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:49,036 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:49,036 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:49,036 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:49,036 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1748, error: -15
2020-01-14 13:45:49,036 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1748
2020-01-14 13:45:49,036 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:49,036 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:49,036 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:49,036 [root] DEBUG: Loader: Injecting process 1748 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:49,036 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:49,036 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:49,052 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:49,052 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1748, error: -15
2020-01-14 13:45:49,052 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1748
2020-01-14 13:45:49,052 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:49,052 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:49,068 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:49,068 [root] DEBUG: Loader: Injecting process 1748 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:49,068 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:49,068 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:49,082 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:49,082 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1748, error: -15
2020-01-14 13:45:49,082 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:45:49,082 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:45:49,082 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:45:49,098 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:45:49,098 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:45:49,098 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:45:49,098 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2804
2020-01-14 13:45:49,114 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:49,114 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:49,130 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:49,130 [root] DEBUG: Loader: Injecting process 2804 (thread 1288) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:49,130 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:45:49,130 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:49,130 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:45:49,130 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:49,130 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2804
2020-01-14 13:45:51,470 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2804
2020-01-14 13:45:51,470 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:51,470 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:51,486 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:51,486 [root] DEBUG: Loader: Injecting process 2804 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:51,486 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:51,486 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:51,486 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:51,486 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2804, error: -15
2020-01-14 13:45:51,486 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2804
2020-01-14 13:45:51,486 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:51,486 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:51,516 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:51,516 [root] DEBUG: Loader: Injecting process 2804 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:51,516 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:51,516 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:51,532 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:51,532 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2804, error: -15
2020-01-14 13:45:51,532 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2804
2020-01-14 13:45:51,532 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:51,532 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:51,532 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:51,532 [root] DEBUG: Loader: Injecting process 2804 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:51,532 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:51,532 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:51,532 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:51,532 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2804, error: -15
2020-01-14 13:45:51,532 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:45:51,532 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:45:51,548 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:45:51,548 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:45:51,548 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:45:51,548 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:45:51,548 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 3056
2020-01-14 13:45:51,548 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:51,548 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:51,548 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:51,563 [root] DEBUG: Loader: Injecting process 3056 (thread 3060) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:51,563 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:45:51,563 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:51,578 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:45:51,578 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:51,578 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3056
2020-01-14 13:45:54,013 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 3056
2020-01-14 13:45:54,013 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:54,013 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:54,028 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:54,028 [root] DEBUG: Loader: Injecting process 3056 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:54,028 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:54,028 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:54,028 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:54,028 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 3056, error: -15
2020-01-14 13:45:54,043 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 3056
2020-01-14 13:45:54,043 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:54,043 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:54,059 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:54,059 [root] DEBUG: Loader: Injecting process 3056 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:54,059 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:54,059 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:54,075 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:54,075 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 3056, error: -15
2020-01-14 13:45:54,075 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 3056
2020-01-14 13:45:54,075 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:54,075 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:54,075 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:54,075 [root] DEBUG: Loader: Injecting process 3056 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:54,075 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:54,075 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:54,075 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:54,091 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 3056, error: -15
2020-01-14 13:45:54,091 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:45:54,091 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:45:54,105 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:45:54,121 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:45:54,121 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:45:54,121 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:45:54,121 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2284
2020-01-14 13:45:54,138 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:54,138 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:54,153 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:54,153 [root] DEBUG: Loader: Injecting process 2284 (thread 2224) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:54,168 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:45:54,168 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:54,168 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:45:54,168 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:54,168 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2284
2020-01-14 13:45:56,851 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2284
2020-01-14 13:45:56,868 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:56,868 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:56,868 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:56,868 [root] DEBUG: Loader: Injecting process 2284 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:56,868 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:56,868 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:56,868 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:56,868 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2284, error: -15
2020-01-14 13:45:56,868 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2284
2020-01-14 13:45:56,868 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:56,868 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:56,882 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:56,882 [root] DEBUG: Loader: Injecting process 2284 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:56,882 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:56,882 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:56,882 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:56,882 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2284, error: -15
2020-01-14 13:45:56,882 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2284
2020-01-14 13:45:56,882 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:56,882 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:56,882 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:56,882 [root] DEBUG: Loader: Injecting process 2284 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:56,898 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:45:56,898 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:45:56,898 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:56,898 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2284, error: -15
2020-01-14 13:45:56,898 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:45:56,898 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:45:56,898 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:45:56,898 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:45:56,898 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:45:56,930 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:45:56,930 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2456
2020-01-14 13:45:56,946 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:45:56,946 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:45:56,960 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:45:56,960 [root] DEBUG: Loader: Injecting process 2456 (thread 2460) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:56,960 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:45:56,960 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:56,960 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:45:56,960 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:45:56,960 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2456
2020-01-14 13:46:00,690 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2456
2020-01-14 13:46:00,690 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:00,690 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:00,704 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:00,704 [root] DEBUG: Loader: Injecting process 2456 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:00,704 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:00,704 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:00,704 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:00,704 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2456, error: -15
2020-01-14 13:46:00,704 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2456
2020-01-14 13:46:00,704 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:00,704 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:00,704 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:00,720 [root] DEBUG: Loader: Injecting process 2456 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:00,720 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:00,720 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:00,720 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:00,720 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2456, error: -15
2020-01-14 13:46:00,720 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2456
2020-01-14 13:46:00,720 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:00,720 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:00,720 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:00,720 [root] DEBUG: Loader: Injecting process 2456 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:00,736 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:00,736 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:00,736 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:00,736 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2456, error: -15
2020-01-14 13:46:00,736 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:46:00,736 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:46:00,736 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:46:00,736 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:46:00,736 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:46:00,736 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:46:00,736 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2744
2020-01-14 13:46:00,736 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:00,736 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:00,752 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:00,752 [root] DEBUG: Loader: Injecting process 2744 (thread 2712) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:00,752 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:46:00,752 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:00,752 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:46:00,752 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:00,752 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2744
2020-01-14 13:46:04,542 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2744
2020-01-14 13:46:04,542 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:04,542 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:04,573 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:04,683 [root] DEBUG: Loader: Injecting process 2744 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:04,792 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:04,792 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:04,792 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:04,823 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2744, error: -15
2020-01-14 13:46:04,838 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2744
2020-01-14 13:46:04,838 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:04,838 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:04,838 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:04,855 [root] DEBUG: Loader: Injecting process 2744 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:04,869 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:04,917 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:04,917 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:04,917 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2744, error: -15
2020-01-14 13:46:04,917 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2744
2020-01-14 13:46:04,917 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:04,917 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:04,917 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:04,917 [root] DEBUG: Loader: Injecting process 2744 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:04,947 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:04,947 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:04,947 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:04,947 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2744, error: -15
2020-01-14 13:46:04,947 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:46:04,947 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:46:04,947 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:46:04,947 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:46:04,947 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:46:04,947 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:46:04,994 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2928
2020-01-14 13:46:05,010 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:05,010 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:05,042 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:05,042 [root] DEBUG: Loader: Injecting process 2928 (thread 2936) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:05,042 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:46:05,042 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:05,042 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:46:05,058 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:05,058 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2928
2020-01-14 13:46:08,348 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2928
2020-01-14 13:46:08,348 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:08,348 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:08,348 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:08,348 [root] DEBUG: Loader: Injecting process 2928 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:08,348 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:08,348 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:08,348 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:08,365 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2928, error: -15
2020-01-14 13:46:08,380 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2928
2020-01-14 13:46:08,380 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:08,380 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:08,427 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:08,427 [root] DEBUG: Loader: Injecting process 2928 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:08,427 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:08,427 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:08,427 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:08,443 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2928, error: -15
2020-01-14 13:46:08,505 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2928
2020-01-14 13:46:08,505 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:08,505 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:08,536 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:08,536 [root] DEBUG: Loader: Injecting process 2928 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:08,536 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:08,536 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:08,536 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:08,552 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2928, error: -15
2020-01-14 13:46:08,552 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:46:08,552 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:46:08,552 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:46:08,568 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:46:08,568 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:46:08,582 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:46:08,582 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2144
2020-01-14 13:46:08,598 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:08,598 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:08,598 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:08,598 [root] DEBUG: Loader: Injecting process 2144 (thread 2112) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:08,614 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:46:08,614 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:08,614 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:46:08,614 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:08,614 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2144
2020-01-14 13:46:11,969 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2144
2020-01-14 13:46:11,969 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:11,969 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:12,155 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:12,171 [root] DEBUG: Loader: Injecting process 2144 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:12,171 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:12,171 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:12,171 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:12,171 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2144, error: -15
2020-01-14 13:46:12,171 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2144
2020-01-14 13:46:12,171 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:12,249 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:12,326 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:12,358 [root] DEBUG: Loader: Injecting process 2144 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:12,358 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:12,358 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:12,358 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:12,358 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2144, error: -15
2020-01-14 13:46:12,358 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2144
2020-01-14 13:46:12,358 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:12,374 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:12,390 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:12,390 [root] DEBUG: Loader: Injecting process 2144 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:12,390 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:12,390 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:12,390 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:12,390 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2144, error: -15
2020-01-14 13:46:12,390 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:46:12,404 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:46:12,404 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:46:12,404 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:46:12,404 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:46:12,404 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:46:12,404 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2468
2020-01-14 13:46:12,404 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:12,404 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:12,421 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:12,421 [root] DEBUG: Loader: Injecting process 2468 (thread 2408) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:12,421 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:46:12,421 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:12,515 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:46:12,515 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:12,515 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2468
2020-01-14 13:46:15,540 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2468
2020-01-14 13:46:15,540 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:15,540 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:15,540 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:15,540 [root] DEBUG: Loader: Injecting process 2468 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:15,540 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:15,540 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:15,540 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:15,556 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2468, error: -15
2020-01-14 13:46:15,556 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2468
2020-01-14 13:46:15,556 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:15,556 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:15,556 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:15,556 [root] DEBUG: Loader: Injecting process 2468 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:15,556 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:15,556 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:15,556 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:15,556 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2468, error: -15
2020-01-14 13:46:15,556 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2468
2020-01-14 13:46:15,556 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:15,556 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:15,556 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:15,572 [root] DEBUG: Loader: Injecting process 2468 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:15,572 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:15,572 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:15,572 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:15,572 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2468, error: -15
2020-01-14 13:46:15,572 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:46:15,572 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:46:15,572 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:46:15,572 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:46:15,572 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:46:15,572 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:46:15,572 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2756
2020-01-14 13:46:15,588 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:15,588 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:15,588 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:15,588 [root] DEBUG: Loader: Injecting process 2756 (thread 2740) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:15,588 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:46:15,588 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:15,588 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:46:15,588 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:15,588 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2756
2020-01-14 13:46:18,443 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2756
2020-01-14 13:46:18,443 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:18,443 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:18,457 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:18,457 [root] DEBUG: Loader: Injecting process 2756 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:18,457 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:18,457 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:18,457 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:18,457 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2756, error: -15
2020-01-14 13:46:18,473 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2756
2020-01-14 13:46:18,473 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:18,473 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:18,473 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:18,473 [root] DEBUG: Loader: Injecting process 2756 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:18,473 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:18,473 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:18,473 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:18,473 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2756, error: -15
2020-01-14 13:46:18,489 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2756
2020-01-14 13:46:18,489 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:18,489 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:18,536 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:18,536 [root] DEBUG: Loader: Injecting process 2756 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:18,536 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:18,536 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:18,536 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:18,536 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2756, error: -15
2020-01-14 13:46:18,536 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:46:18,536 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:46:18,536 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:46:18,536 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:46:18,536 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:46:18,536 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:46:18,614 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 3004
2020-01-14 13:46:18,614 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:18,614 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:18,644 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:18,644 [root] DEBUG: Loader: Injecting process 3004 (thread 2988) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:18,644 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:46:18,644 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:18,644 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:46:18,644 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:18,661 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3004
2020-01-14 13:46:22,311 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 3004
2020-01-14 13:46:22,311 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:22,311 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:22,326 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:22,326 [root] DEBUG: Loader: Injecting process 3004 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:22,326 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:22,326 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:22,342 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:22,342 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 3004, error: -15
2020-01-14 13:46:22,358 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 3004
2020-01-14 13:46:22,358 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:22,358 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:22,374 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:22,374 [root] DEBUG: Loader: Injecting process 3004 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:22,374 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:22,374 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:22,374 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:22,374 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 3004, error: -15
2020-01-14 13:46:22,388 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 3004
2020-01-14 13:46:22,388 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:22,388 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:22,388 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:22,388 [root] DEBUG: Loader: Injecting process 3004 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:22,404 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:22,404 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:22,404 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:22,404 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 3004, error: -15
2020-01-14 13:46:22,404 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:46:22,404 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:46:22,404 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:46:22,404 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:46:22,421 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:46:22,421 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:46:22,421 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2236
2020-01-14 13:46:22,436 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:22,451 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:22,499 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:22,499 [root] DEBUG: Loader: Injecting process 2236 (thread 2152) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:22,499 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:46:22,499 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:22,513 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:46:22,513 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:22,513 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2236
2020-01-14 13:46:25,322 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2236
2020-01-14 13:46:25,322 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:25,322 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:25,338 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:25,338 [root] DEBUG: Loader: Injecting process 2236 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:25,338 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:25,338 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:25,338 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:25,338 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2236, error: -15
2020-01-14 13:46:25,338 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2236
2020-01-14 13:46:25,338 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:25,338 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:25,352 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:25,352 [root] DEBUG: Loader: Injecting process 2236 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:25,352 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:25,352 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:25,352 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:25,352 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2236, error: -15
2020-01-14 13:46:25,352 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2236
2020-01-14 13:46:25,352 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:25,352 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:25,384 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:25,384 [root] DEBUG: Loader: Injecting process 2236 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:25,384 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:25,384 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:25,384 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:25,400 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2236, error: -15
2020-01-14 13:46:25,400 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:46:25,400 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:46:25,400 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:46:25,400 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:46:25,400 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:46:25,400 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:46:25,400 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1692
2020-01-14 13:46:25,415 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:25,415 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:25,430 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:25,430 [root] DEBUG: Loader: Injecting process 1692 (thread 2540) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:25,430 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:46:25,430 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:25,430 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:46:25,430 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:25,430 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1692
2020-01-14 13:46:28,036 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1692
2020-01-14 13:46:28,036 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:28,036 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:28,052 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:28,052 [root] DEBUG: Loader: Injecting process 1692 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:28,052 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:28,052 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:28,052 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:28,052 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1692, error: -15
2020-01-14 13:46:28,052 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1692
2020-01-14 13:46:28,052 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:28,068 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:28,068 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:28,068 [root] DEBUG: Loader: Injecting process 1692 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:28,068 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:28,068 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:28,068 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:28,068 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1692, error: -15
2020-01-14 13:46:28,082 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1692
2020-01-14 13:46:28,082 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:28,082 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:28,082 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:28,082 [root] DEBUG: Loader: Injecting process 1692 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:28,082 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:28,082 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:28,082 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:28,082 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1692, error: -15
2020-01-14 13:46:28,082 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:46:28,082 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:46:28,082 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:46:28,098 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:46:28,098 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:46:28,098 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:46:28,098 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2664
2020-01-14 13:46:28,098 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:28,098 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:28,098 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:28,098 [root] DEBUG: Loader: Injecting process 2664 (thread 2696) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:28,098 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:46:28,098 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:28,098 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:46:28,098 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:28,098 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2664
2020-01-14 13:46:30,845 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2664
2020-01-14 13:46:30,845 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:30,845 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:30,859 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:30,859 [root] DEBUG: Loader: Injecting process 2664 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:30,859 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:30,859 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:30,859 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:30,859 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2664, error: -15
2020-01-14 13:46:30,891 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2664
2020-01-14 13:46:30,891 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:30,891 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:30,907 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:30,907 [root] DEBUG: Loader: Injecting process 2664 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:30,907 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:30,907 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:30,907 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:30,923 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2664, error: -15
2020-01-14 13:46:30,923 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2664
2020-01-14 13:46:30,923 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:30,923 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:30,953 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:30,969 [root] DEBUG: Loader: Injecting process 2664 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:30,969 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:30,969 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:30,984 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:30,984 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2664, error: -15
2020-01-14 13:46:30,984 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:46:30,984 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:46:30,984 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:46:30,984 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:46:30,984 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:46:30,984 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:46:30,984 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2924
2020-01-14 13:46:31,000 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:31,000 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:31,000 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:31,000 [root] DEBUG: Loader: Injecting process 2924 (thread 3024) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:31,000 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:46:31,000 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:31,000 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:46:31,000 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:31,000 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2924
2020-01-14 13:46:33,917 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2924
2020-01-14 13:46:33,917 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:33,917 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:33,933 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:33,933 [root] DEBUG: Loader: Injecting process 2924 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:33,933 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:33,933 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:33,933 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:33,933 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2924, error: -15
2020-01-14 13:46:33,948 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2924
2020-01-14 13:46:33,948 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:33,948 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:33,964 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:33,980 [root] DEBUG: Loader: Injecting process 2924 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:33,980 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:33,980 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:33,980 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:33,996 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2924, error: -15
2020-01-14 13:46:33,996 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2924
2020-01-14 13:46:33,996 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:33,996 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:34,010 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:34,010 [root] DEBUG: Loader: Injecting process 2924 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:34,010 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:34,010 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:34,010 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:34,026 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2924, error: -15
2020-01-14 13:46:34,026 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:46:34,026 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:46:34,026 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:46:34,026 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:46:34,026 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:46:34,042 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:46:34,058 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2108
2020-01-14 13:46:34,058 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:34,058 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:34,073 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:34,088 [root] DEBUG: Loader: Injecting process 2108 (thread 2228) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:34,105 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:46:34,105 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:34,105 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:46:34,105 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:34,105 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2108
2020-01-14 13:46:38,551 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2108
2020-01-14 13:46:38,551 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:38,551 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:38,785 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:38,785 [root] DEBUG: Loader: Injecting process 2108 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:38,785 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:38,785 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:38,785 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:38,801 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2108, error: -15
2020-01-14 13:46:38,801 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2108
2020-01-14 13:46:38,815 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:38,815 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:38,815 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:38,815 [root] DEBUG: Loader: Injecting process 2108 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:38,832 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:38,832 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:38,832 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:38,846 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2108, error: -15
2020-01-14 13:46:38,846 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2108
2020-01-14 13:46:38,846 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:38,924 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:39,065 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:39,065 [root] DEBUG: Loader: Injecting process 2108 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:39,065 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:39,065 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:39,065 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:39,081 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2108, error: -15
2020-01-14 13:46:39,081 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:46:39,081 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:46:39,081 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:46:39,081 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:46:39,081 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:46:39,081 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:46:39,128 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2448
2020-01-14 13:46:39,128 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:39,128 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:39,128 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:39,128 [root] DEBUG: Loader: Injecting process 2448 (thread 2536) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:39,128 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:46:39,128 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:39,144 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:46:39,144 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:39,144 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2448
2020-01-14 13:46:43,838 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2448
2020-01-14 13:46:43,838 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:43,838 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:43,838 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:43,838 [root] DEBUG: Loader: Injecting process 2448 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:43,855 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:43,871 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:43,871 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:44,167 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2448, error: -15
2020-01-14 13:46:44,183 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2448
2020-01-14 13:46:44,183 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:44,183 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:44,183 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:44,183 [root] DEBUG: Loader: Injecting process 2448 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:44,183 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:44,183 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:44,229 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:44,229 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2448, error: -15
2020-01-14 13:46:44,229 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2448
2020-01-14 13:46:44,229 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:44,229 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:44,229 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:44,229 [root] DEBUG: Loader: Injecting process 2448 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:44,229 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:44,229 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:44,229 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:44,417 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2448, error: -15
2020-01-14 13:46:44,417 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:46:44,417 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:46:44,417 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:46:44,417 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:46:44,417 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:46:44,417 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:46:44,431 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 516
2020-01-14 13:46:44,431 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:44,431 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:44,431 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:44,431 [root] DEBUG: Loader: Injecting process 516 (thread 1800) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:44,494 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:46:44,494 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:44,494 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:46:44,494 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:44,509 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 516
2020-01-14 13:46:48,785 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 516
2020-01-14 13:46:48,785 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:48,785 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:48,785 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:48,785 [root] DEBUG: Loader: Injecting process 516 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:48,785 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:48,785 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:48,878 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:48,894 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 516, error: -15
2020-01-14 13:46:48,894 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 516
2020-01-14 13:46:48,894 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:48,894 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:48,894 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:48,894 [root] DEBUG: Loader: Injecting process 516 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:48,894 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:48,894 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:48,894 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:48,908 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 516, error: -15
2020-01-14 13:46:48,940 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 516
2020-01-14 13:46:48,940 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:48,940 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:48,956 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:48,971 [root] DEBUG: Loader: Injecting process 516 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:48,971 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:48,971 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:48,971 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:48,971 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 516, error: -15
2020-01-14 13:46:48,986 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:46:48,986 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:46:48,986 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:46:49,003 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:46:49,003 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:46:49,003 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:46:49,003 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 3020
2020-01-14 13:46:49,019 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:49,019 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:49,019 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:49,065 [root] DEBUG: Loader: Injecting process 3020 (thread 840) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:49,065 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:46:49,065 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:49,065 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:46:49,065 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:49,142 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3020
2020-01-14 13:46:53,153 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 3020
2020-01-14 13:46:53,153 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:53,167 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:53,309 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:53,309 [root] DEBUG: Loader: Injecting process 3020 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:53,309 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:53,309 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:53,309 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:53,309 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 3020, error: -15
2020-01-14 13:46:53,323 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 3020
2020-01-14 13:46:53,323 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:53,323 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:53,339 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:53,339 [root] DEBUG: Loader: Injecting process 3020 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:53,339 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:53,339 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:53,339 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:53,371 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 3020, error: -15
2020-01-14 13:46:53,371 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 3020
2020-01-14 13:46:53,387 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:53,387 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:53,387 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:53,387 [root] DEBUG: Loader: Injecting process 3020 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:53,401 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:53,401 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:53,417 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:53,433 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 3020, error: -15
2020-01-14 13:46:53,433 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:46:53,433 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:46:53,433 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:46:53,433 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:46:53,496 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:46:53,496 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:46:53,526 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2220
2020-01-14 13:46:53,651 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:53,698 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:53,730 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:53,730 [root] DEBUG: Loader: Injecting process 2220 (thread 2264) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:53,730 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:46:53,730 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:53,730 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:46:53,730 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:53,730 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2220
2020-01-14 13:46:59,127 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2220
2020-01-14 13:46:59,127 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:59,127 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:59,142 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:59,142 [root] DEBUG: Loader: Injecting process 2220 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:59,142 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:59,142 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:59,142 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:59,158 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2220, error: -15
2020-01-14 13:46:59,392 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2220
2020-01-14 13:46:59,392 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:59,392 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:59,424 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:59,424 [root] DEBUG: Loader: Injecting process 2220 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:59,424 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:59,502 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:59,502 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:59,595 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2220, error: -15
2020-01-14 13:46:59,611 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2220
2020-01-14 13:46:59,611 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:59,611 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:59,627 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:59,673 [root] DEBUG: Loader: Injecting process 2220 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:59,673 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:46:59,673 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:46:59,673 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:59,766 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2220, error: -15
2020-01-14 13:46:59,798 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:46:59,798 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:46:59,798 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:46:59,798 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:46:59,798 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:46:59,798 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:46:59,845 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2500
2020-01-14 13:46:59,861 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:46:59,861 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:46:59,875 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:46:59,875 [root] DEBUG: Loader: Injecting process 2500 (thread 1464) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:59,875 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:46:59,875 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:59,875 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:46:59,875 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:46:59,875 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2500
2020-01-14 13:47:04,946 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2500
2020-01-14 13:47:04,946 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:04,946 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:04,961 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:04,961 [root] DEBUG: Loader: Injecting process 2500 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:04,961 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:47:04,976 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:47:04,993 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:05,023 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2500, error: -15
2020-01-14 13:47:05,101 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2500
2020-01-14 13:47:05,101 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:05,101 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:05,118 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:05,118 [root] DEBUG: Loader: Injecting process 2500 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:05,118 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:47:05,118 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:47:05,118 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:05,118 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2500, error: -15
2020-01-14 13:47:05,118 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2500
2020-01-14 13:47:05,118 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:05,118 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:05,118 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:05,118 [root] DEBUG: Loader: Injecting process 2500 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:05,132 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:47:05,132 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:47:05,132 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:05,148 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2500, error: -15
2020-01-14 13:47:05,148 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:47:05,148 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:47:05,148 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:47:05,148 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:47:05,148 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:47:05,148 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:47:05,148 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2968
2020-01-14 13:47:05,148 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:05,148 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:05,164 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:05,164 [root] DEBUG: Loader: Injecting process 2968 (thread 2908) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:05,164 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:47:05,164 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:05,164 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:47:05,164 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:05,164 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2968
2020-01-14 13:47:09,734 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2968
2020-01-14 13:47:09,734 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:09,734 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:09,734 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:09,734 [root] DEBUG: Loader: Injecting process 2968 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:09,734 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:47:09,734 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:47:09,734 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:09,750 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2968, error: -15
2020-01-14 13:47:09,750 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2968
2020-01-14 13:47:09,750 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:09,750 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:09,750 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:09,750 [root] DEBUG: Loader: Injecting process 2968 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:09,750 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:47:09,782 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:47:09,782 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:09,845 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2968, error: -15
2020-01-14 13:47:09,859 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2968
2020-01-14 13:47:09,859 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:09,859 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:09,923 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:09,937 [root] DEBUG: Loader: Injecting process 2968 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:09,937 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:47:09,937 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:47:09,937 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:09,937 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2968, error: -15
2020-01-14 13:47:09,953 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:47:09,953 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:47:09,953 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:47:09,953 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:47:09,953 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:47:09,969 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:47:10,016 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2176
2020-01-14 13:47:10,016 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:10,016 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:10,109 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:10,125 [root] DEBUG: Loader: Injecting process 2176 (thread 1412) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:10,125 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:47:10,125 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:10,125 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:47:10,125 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:10,125 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2176
2020-01-14 13:47:14,618 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2176
2020-01-14 13:47:14,618 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:14,618 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:14,634 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:14,634 [root] DEBUG: Loader: Injecting process 2176 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:14,634 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:47:14,634 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:47:14,634 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:14,634 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2176, error: -15
2020-01-14 13:47:14,711 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2176
2020-01-14 13:47:14,711 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:14,711 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:14,914 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:14,914 [root] DEBUG: Loader: Injecting process 2176 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:14,914 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:47:14,914 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:47:14,914 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:14,930 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2176, error: -15
2020-01-14 13:47:14,930 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2176
2020-01-14 13:47:14,930 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:14,930 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:15,085 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:15,085 [root] DEBUG: Loader: Injecting process 2176 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:15,085 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:47:15,085 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:47:15,085 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:15,085 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2176, error: -15
2020-01-14 13:47:15,101 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:47:15,101 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:47:15,148 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:47:15,148 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:47:15,148 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:47:15,148 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:47:15,210 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2384
2020-01-14 13:47:15,210 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:15,210 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:15,398 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:15,398 [root] DEBUG: Loader: Injecting process 2384 (thread 2424) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:15,398 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:47:15,569 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:15,569 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:47:15,569 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:15,569 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2384
2020-01-14 13:47:18,674 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2384
2020-01-14 13:47:18,674 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:18,690 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:18,736 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:18,736 [root] DEBUG: Loader: Injecting process 2384 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:18,736 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:47:18,736 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:47:18,736 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:18,767 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2384, error: -15
2020-01-14 13:47:18,767 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2384
2020-01-14 13:47:18,767 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:18,767 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:18,970 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:18,986 [root] DEBUG: Loader: Injecting process 2384 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:18,986 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:47:18,986 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:47:18,986 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:18,986 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2384, error: -15
2020-01-14 13:47:19,141 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2384
2020-01-14 13:47:19,173 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:19,173 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:19,298 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:19,298 [root] DEBUG: Loader: Injecting process 2384 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:19,298 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:47:19,298 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:47:19,298 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:19,328 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2384, error: -15
2020-01-14 13:47:19,345 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:47:19,391 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:47:19,391 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:47:19,391 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:47:19,391 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:47:19,407 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:47:19,500 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2800
2020-01-14 13:47:19,516 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:19,516 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:19,703 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:19,750 [root] DEBUG: Loader: Injecting process 2800 (thread 332) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:19,766 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:47:19,766 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:19,782 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:47:19,782 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:19,782 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2800
2020-01-14 13:47:24,821 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2800
2020-01-14 13:47:24,821 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:24,821 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:24,851 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:24,851 [root] DEBUG: Loader: Injecting process 2800 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:24,851 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:47:24,882 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:47:24,882 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:24,882 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2800, error: -15
2020-01-14 13:47:24,882 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2800
2020-01-14 13:47:24,882 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:24,882 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:24,898 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:24,898 [root] DEBUG: Loader: Injecting process 2800 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:24,898 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:47:24,898 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:47:24,898 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:24,898 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2800, error: -15
2020-01-14 13:47:24,914 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2800
2020-01-14 13:47:24,914 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:24,914 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:24,930 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:24,930 [root] DEBUG: Loader: Injecting process 2800 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:24,930 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:47:24,930 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:47:24,930 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:24,930 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2800, error: -15
2020-01-14 13:47:24,930 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:47:24,930 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:47:24,930 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:47:24,930 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:47:24,930 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:47:24,944 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:47:24,960 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1736
2020-01-14 13:47:24,960 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:24,960 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:24,976 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:24,976 [root] DEBUG: Loader: Injecting process 1736 (thread 1072) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:24,992 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:47:24,992 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:24,992 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:47:24,992 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:25,007 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1736
2020-01-14 13:47:28,142 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1736
2020-01-14 13:47:28,142 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:28,142 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:28,158 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:28,158 [root] DEBUG: Loader: Injecting process 1736 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:28,158 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:47:28,158 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:47:28,174 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:28,174 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1736, error: -15
2020-01-14 13:47:28,174 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1736
2020-01-14 13:47:28,174 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:28,174 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:28,190 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:28,190 [root] DEBUG: Loader: Injecting process 1736 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:28,190 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:47:28,190 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:47:28,190 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:28,206 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1736, error: -15
2020-01-14 13:47:28,206 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 1736
2020-01-14 13:47:28,206 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:28,206 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:28,220 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:28,220 [root] DEBUG: Loader: Injecting process 1736 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:28,220 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:47:28,220 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:47:28,220 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:28,220 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 1736, error: -15
2020-01-14 13:47:28,236 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:47:28,236 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:47:28,236 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:47:28,236 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:47:28,236 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:47:28,236 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:47:28,253 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2464
2020-01-14 13:47:28,315 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:28,315 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:28,315 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:28,315 [root] DEBUG: Loader: Injecting process 2464 (thread 2420) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:28,315 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:47:28,315 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:28,315 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:47:28,331 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:28,331 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2464
2020-01-14 13:47:31,638 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2464
2020-01-14 13:47:31,638 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:31,638 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:31,638 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:31,730 [root] DEBUG: Loader: Injecting process 2464 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:31,730 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:47:31,730 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:47:31,746 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:31,746 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2464, error: -15
2020-01-14 13:47:31,746 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2464
2020-01-14 13:47:31,763 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:31,763 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:31,763 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:31,778 [root] DEBUG: Loader: Injecting process 2464 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:31,778 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:47:31,778 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:47:31,778 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:31,793 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2464, error: -15
2020-01-14 13:47:31,793 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2464
2020-01-14 13:47:31,793 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:31,793 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:31,841 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:31,841 [root] DEBUG: Loader: Injecting process 2464 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:31,841 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:47:31,841 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:47:31,841 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:31,887 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2464, error: -15
2020-01-14 13:47:31,903 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:47:31,903 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:47:31,903 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:47:31,903 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:47:31,903 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:47:31,903 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:47:31,903 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2792
2020-01-14 13:47:31,903 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:31,903 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:31,918 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:31,918 [root] DEBUG: Loader: Injecting process 2792 (thread 2844) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:31,918 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:47:31,918 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:31,918 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:47:31,918 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:31,934 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2792
2020-01-14 13:47:35,990 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2792
2020-01-14 13:47:35,990 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:35,990 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:36,006 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:36,006 [root] DEBUG: Loader: Injecting process 2792 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:36,006 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:47:36,006 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:47:36,006 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:36,006 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2792, error: -15
2020-01-14 13:47:36,006 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2792
2020-01-14 13:47:36,020 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:36,020 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:36,036 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:36,131 [root] DEBUG: Loader: Injecting process 2792 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:36,161 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:47:36,161 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:47:36,161 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:36,223 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2792, error: -15
2020-01-14 13:47:36,240 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2792
2020-01-14 13:47:36,240 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:36,240 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:36,286 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:36,286 [root] DEBUG: Loader: Injecting process 2792 (thread 0) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:36,286 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-01-14 13:47:36,286 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-01-14 13:47:36,286 [root] DEBUG: Failed to inject DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:36,286 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 2792, error: -15
2020-01-14 13:47:36,286 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:47:36,286 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:47:36,286 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:47:36,286 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:47:36,286 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:47:36,318 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:47:36,332 [root] INFO: Announced 32-bit process name: aDoElCCxY.exe pid: 2132
2020-01-14 13:47:36,332 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-01-14 13:47:36,332 [lib.api.process] INFO: 32-bit DLL to inject is C:\fxodatcybr\dll\QCmgnYmR.dll, loader C:\fxodatcybr\bin\ZdjNjTd.exe
2020-01-14 13:47:36,348 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\JCIqcR.
2020-01-14 13:47:36,411 [root] DEBUG: Loader: Injecting process 2132 (thread 1632) with C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:36,411 [root] DEBUG: Process image base: 0x002D0000
2020-01-14 13:47:36,411 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:36,411 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-01-14 13:47:36,411 [root] DEBUG: Successfully injected DLL C:\fxodatcybr\dll\QCmgnYmR.dll.
2020-01-14 13:47:36,473 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2132
2020-01-14 13:47:39,266 [root] INFO: Analysis timeout hit (200 seconds), terminating analysis.
2020-01-14 13:47:39,266 [root] INFO: Created shutdown mutex.
2020-01-14 13:47:40,279 [lib.api.process] INFO: Terminate event set for process 1420
2020-01-14 13:47:40,279 [root] DEBUG: Terminate Event: Processing tracked regions before shutdown (process 1420).
2020-01-14 13:47:40,279 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-01-14 13:47:40,279 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x002D0000.
2020-01-14 13:47:40,279 [root] DEBUG: ProcessImageBase: EP 0x00027DCD image base 0x002D0000 size 0x0 entropy 7.099525e+00.
2020-01-14 13:47:40,279 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00150000.
2020-01-14 13:47:40,279 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001C0000.
2020-01-14 13:47:40,279 [lib.api.process] INFO: Termination confirmed for process 1420
2020-01-14 13:47:40,279 [root] INFO: Terminate event set for process 1420.
2020-01-14 13:47:40,279 [root] INFO: Terminating process 1420 before shutdown.
2020-01-14 13:47:40,279 [root] INFO: Waiting for process 1420 to exit.
2020-01-14 13:47:40,279 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 1420
2020-01-14 13:47:41,371 [root] INFO: Shutting down package.
2020-01-14 13:47:41,418 [root] INFO: Stopping auxiliary modules.
2020-01-14 13:47:41,434 [root] INFO: Finishing auxiliary modules.
2020-01-14 13:47:41,434 [root] INFO: Shutting down pipe server and dumping dropped files.
2020-01-14 13:47:41,466 [root] WARNING: File at path "C:\dSRqLuAX\debugger" does not exist, skip.
2020-01-14 13:47:41,466 [root] WARNING: Monitor injection attempted but failed for process 1520.
2020-01-14 13:47:41,480 [root] WARNING: Monitor injection attempted but failed for process 1424.
2020-01-14 13:47:41,480 [root] WARNING: Monitor injection attempted but failed for process 1908.
2020-01-14 13:47:41,480 [root] WARNING: Monitor injection attempted but failed for process 1728.
2020-01-14 13:47:41,480 [root] WARNING: Monitor injection attempted but failed for process 1756.
2020-01-14 13:47:41,480 [root] WARNING: Monitor injection attempted but failed for process 460.
2020-01-14 13:47:41,480 [root] WARNING: Monitor injection attempted but failed for process 1860.
2020-01-14 13:47:41,480 [root] WARNING: Monitor injection attempted but failed for process 560.
2020-01-14 13:47:41,480 [root] WARNING: Monitor injection attempted but failed for process 1064.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2020.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 1712.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 1660.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2192.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2388.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2576.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2764.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2952.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2056.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2308.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2488.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2732.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2920.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2088.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2256.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2544.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2672.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2860.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2052.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2300.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 1748.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2804.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 3056.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2284.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2456.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2744.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2928.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2144.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2468.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2756.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 3004.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2236.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 1692.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2664.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2924.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2108.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2448.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 516.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 3020.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2220.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2500.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2968.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2176.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2384.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2800.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 1736.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2464.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2792.
2020-01-14 13:47:41,496 [root] WARNING: Monitor injection attempted but failed for process 2132.
2020-01-14 13:47:41,496 [root] INFO: Analysis completed.

MalScore

4.8

Suspicious

Machine

Name Label Manager Started On Shutdown On
target-03 target-03 ESX 2020-01-14 13:44:13 2020-01-14 13:47:59

File Details

File Name 21f3b7bb750e4fbb29b3f607c68df300bc13863a.exe
File Size 1193472 bytes
File Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 44d5a2e3f0183ef34387920500c665ba
SHA1 21f3b7bb750e4fbb29b3f607c68df300bc13863a
SHA256 769057803fdcf25fb0ca83f7a4cbfcc22f404eb835220e5a4f2ceb2d91b2dd8e
SHA512 e1b06900f52c2d0938ed9c9bb6680f0c7674e4d383bf93e785ba170485ad44b053602229d70088c2c9e4c861853ee874f2bc2e244e32c9bffc1ffbee9dd25922
CRC32 A0A300CC
Ssdeep 24576:Uu6Jx3O0c+JY5UZ+XC0kGso/Wa5zGLaGh8U2pUxPQZECJ4WY:uI0c++OCvkGsUWa5zGLL8jgQWCRY
TrID
  • 61.7% (.EXE) Win64 Executable (generic) (27625/18/4)
  • 14.7% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 10.0% (.EXE) Win32 Executable (generic) (4508/7/1)
  • 4.5% (.EXE) OS/2 Executable (generic) (2029/13)
  • 4.4% (.EXE) Generic Win/DOS Executable (2002/3)
ClamAV None matched
Yara None matched
CAPE Yara None matched
Resubmit sample

Signatures

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction
Yara rule detections observed from a process memory dump/dropped files/CAPE
Hit: PID 1420 trigged the Yara rule 'shellcode_patterns'
Dynamic (imported) function loading detected
DynamicLoader: kernel32.dll/GetNativeSystemInfo
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: kernel32.dll/Wow64DisableWow64FsRedirection
DynamicLoader: kernel32.dll/Wow64RevertWow64FsRedirection
DynamicLoader: kernel32.dll/Wow64DisableWow64FsRedirection
DynamicLoader: kernel32.dll/Wow64RevertWow64FsRedirection
DynamicLoader: COMCTL32.dll/RegisterClassNameW
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: IMM32.DLL/ImmGetContext
DynamicLoader: IMM32.DLL/ImmReleaseContext
DynamicLoader: IMM32.DLL/ImmAssociateContext
DynamicLoader: IMM32.DLL/ImmIsIME
DynamicLoader: SHELL32.dll/
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: kernel32.dll/GetVersionExW
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: ADVAPI32.dll/CryptAcquireContextW
DynamicLoader: ADVAPI32.dll/CryptCreateHash
DynamicLoader: ADVAPI32.dll/CryptDecrypt
DynamicLoader: ADVAPI32.dll/CryptDeriveKey
DynamicLoader: ADVAPI32.dll/CryptDestroyHash
DynamicLoader: ADVAPI32.dll/CryptDestroyKey
DynamicLoader: ADVAPI32.dll/CryptHashData
DynamicLoader: ADVAPI32.dll/CryptReleaseContext
DynamicLoader: USER32.dll/MessageBoxA
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: apphelp.dll/ApphelpCheckRunAppEx
DynamicLoader: apphelp.dll/ApphelpQueryModuleDataEx
DynamicLoader: apphelp.dll/ApphelpParseModuleData
DynamicLoader: apphelp.dll/ApphelpCreateAppcompatData
DynamicLoader: apphelp.dll/SdbInitDatabaseEx
DynamicLoader: apphelp.dll/SdbReleaseDatabase
DynamicLoader: apphelp.dll/SdbUnpackAppCompatData
DynamicLoader: apphelp.dll/SdbQueryContext
Reads data out of its own binary image
self_read: process: aDoElCCxY.exe, pid: 1420, offset: 0x00123200, length: 0x00000400
CAPE extracted potentially suspicious content
aDoElCCxY.exe: Extracted Shellcode
aDoElCCxY.exe: Extracted Shellcode
The binary likely contains encrypted or compressed data.
section: name: .rsrc, entropy: 7.89, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x0005ae00, virtual_size: 0x0005acf8

Screenshots


Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

C:\Windows\WindowsShell.Manifest
\Device\KsecDD
C:\Users\user\AppData\Local\Temp\aDoElCCxY.exe
C:\Users
C:\Users\user
C:\Users\user\AppData
C:\Users\user\AppData\Local
C:\Users\user\AppData\Local\Temp
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\AppPatch\sysmain.sdb
C:\Users\user\AppData\Local\Temp\
C:\Users\user\AppData\Local\Temp\*.*
C:\Users\user\AppData\Local\Temp\ui\SwDRM.dll
C:\Windows\WindowsShell.Manifest
\Device\KsecDD
C:\Users\user\AppData\Local\Temp\aDoElCCxY.exe
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\AppPatch\sysmain.sdb
C:\Users\user\AppData\Local\Temp\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\system\CurrentControlSet\control\NetworkProvider\HwOrder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableImprovedZoneCheck
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
DisableUserModeCallbackFilter
HKEY_CURRENT_USER\Control Panel\Mouse
HKEY_CURRENT_USER\Control Panel\Mouse\SwapMouseButtons
HKEY_CURRENT_USER\Software\AutoIt v3\AutoIt
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\aDoElCCxY.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000809
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\AuthenticodeEnabled
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\aDoElCCxY.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DisableLocalOverride
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableImprovedZoneCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
DisableUserModeCallbackFilter
HKEY_CURRENT_USER\Control Panel\Mouse\SwapMouseButtons
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000809
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\AuthenticodeEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DisableLocalOverride
lpk.dll.LpkEditControl
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
kernel32.dll.GetNativeSystemInfo
cryptbase.dll.SystemFunction036
kernel32.dll.Wow64DisableWow64FsRedirection
kernel32.dll.Wow64RevertWow64FsRedirection
comctl32.dll.RegisterClassNameW
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
uxtheme.dll.OpenThemeData
imm32.dll.ImmGetContext
imm32.dll.ImmReleaseContext
imm32.dll.ImmAssociateContext
imm32.dll.ImmIsIME
shell32.dll.#66
ole32.dll.CoTaskMemFree
kernel32.dll.GetVersionExW
kernel32.dll.VirtualAlloc
advapi32.dll.CryptAcquireContextW
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDecrypt
advapi32.dll.CryptDeriveKey
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptHashData
advapi32.dll.CryptReleaseContext
user32.dll.MessageBoxA
ole32.dll.CoInitializeEx
ole32.dll.CoCreateInstance
apphelp.dll.ApphelpCheckRunAppEx
apphelp.dll.ApphelpQueryModuleDataEx
apphelp.dll.ApphelpParseModuleData
apphelp.dll.ApphelpCreateAppcompatData
apphelp.dll.SdbInitDatabaseEx
apphelp.dll.SdbReleaseDatabase
apphelp.dll.SdbUnpackAppCompatData
apphelp.dll.SdbQueryContext
"C:\Users\user\AppData\Local\Temp\aDoElCCxY.exe"

PE Information

Image Base 0x00400000
Entry Point 0x00427dcd
Reported Checksum 0x0012e343
Actual Checksum 0x0012e343
Minimum OS Version 5.1
Compile Time 2020-01-10 04:25:19
Import Hash afcdf79be1557326c854b6e20cb900a7

Sections

Name Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00001000 0x0008dcc4 0x0008de00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.68
.rdata 0x0008f000 0x0002e10e 0x0002e200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.76
.data 0x000be000 0x00008f74 0x00005200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 1.20
.rsrc 0x000c7000 0x0005acf8 0x0005ae00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.89
.reloc 0x00122000 0x0000711c 0x00007200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6.78

Imports

Library WSOCK32.dll:
0x48f7c8 WSACleanup
0x48f7cc socket
0x48f7d0 inet_ntoa
0x48f7d4 setsockopt
0x48f7d8 ntohs
0x48f7dc recvfrom
0x48f7e0 ioctlsocket
0x48f7e4 htons
0x48f7e8 WSAStartup
0x48f7ec __WSAFDIsSet
0x48f7f0 select
0x48f7f4 accept
0x48f7f8 listen
0x48f7fc bind
0x48f800 closesocket
0x48f804 WSAGetLastError
0x48f808 recv
0x48f80c sendto
0x48f810 send
0x48f814 inet_addr
0x48f818 gethostbyname
0x48f81c gethostname
0x48f820 connect
Library VERSION.dll:
0x48f76c GetFileVersionInfoW
0x48f774 VerQueryValueW
Library WINMM.dll:
0x48f7b8 timeGetTime
0x48f7bc waveOutSetVolume
0x48f7c0 mciSendStringW
Library COMCTL32.dll:
0x48f08c ImageList_Destroy
0x48f090 ImageList_Remove
0x48f098 ImageList_BeginDrag
0x48f09c ImageList_DragEnter
0x48f0a0 ImageList_DragLeave
0x48f0a4 ImageList_EndDrag
0x48f0a8 ImageList_DragMove
0x48f0b0 ImageList_Create
Library MPR.dll:
0x48f3f8 WNetUseConnectionW
0x48f400 WNetGetConnectionW
0x48f404 WNetAddConnection2W
Library WININET.dll:
0x48f780 InternetCloseHandle
0x48f784 InternetOpenW
0x48f788 InternetSetOptionW
0x48f78c InternetCrackUrlW
0x48f790 HttpQueryInfoW
0x48f798 HttpOpenRequestW
0x48f79c HttpSendRequestW
0x48f7a0 FtpOpenFileW
0x48f7a4 FtpGetFileSize
0x48f7a8 InternetOpenUrlW
0x48f7ac InternetReadFile
0x48f7b0 InternetConnectW
Library PSAPI.DLL:
Library IPHLPAPI.DLL:
0x48f154 IcmpCreateFile
0x48f158 IcmpCloseHandle
0x48f15c IcmpSendEcho
Library USERENV.dll:
0x48f754 UnloadUserProfile
0x48f75c LoadUserProfileW
Library UxTheme.dll:
0x48f764 IsThemeActive
Library KERNEL32.dll:
0x48f164 DuplicateHandle
0x48f168 CreateThread
0x48f16c WaitForSingleObject
0x48f170 HeapAlloc
0x48f174 GetProcessHeap
0x48f178 HeapFree
0x48f17c Sleep
0x48f180 GetCurrentThreadId
0x48f184 MultiByteToWideChar
0x48f188 MulDiv
0x48f18c GetVersionExW
0x48f190 IsWow64Process
0x48f194 GetSystemInfo
0x48f198 FreeLibrary
0x48f19c LoadLibraryA
0x48f1a0 GetProcAddress
0x48f1a4 SetErrorMode
0x48f1a8 GetModuleFileNameW
0x48f1ac WideCharToMultiByte
0x48f1b0 lstrcpyW
0x48f1b4 lstrlenW
0x48f1b8 GetModuleHandleW
0x48f1c0 VirtualFreeEx
0x48f1c4 OpenProcess
0x48f1c8 VirtualAllocEx
0x48f1cc WriteProcessMemory
0x48f1d0 ReadProcessMemory
0x48f1d4 CreateFileW
0x48f1d8 SetFilePointerEx
0x48f1dc SetEndOfFile
0x48f1e0 ReadFile
0x48f1e4 WriteFile
0x48f1e8 FlushFileBuffers
0x48f1ec TerminateProcess
0x48f1f4 Process32FirstW
0x48f1f8 Process32NextW
0x48f1fc SetFileTime
0x48f200 GetFileAttributesW
0x48f204 FindFirstFileW
0x48f20c GetLongPathNameW
0x48f210 GetShortPathNameW
0x48f214 DeleteFileW
0x48f218 FindNextFileW
0x48f21c CopyFileExW
0x48f220 MoveFileW
0x48f224 CreateDirectoryW
0x48f228 RemoveDirectoryW
0x48f22c SetSystemPowerState
0x48f234 FindResourceW
0x48f238 LoadResource
0x48f23c LockResource
0x48f240 SizeofResource
0x48f244 EnumResourceNamesW
0x48f248 OutputDebugStringW
0x48f24c GetTempPathW
0x48f250 GetTempFileNameW
0x48f254 DeviceIoControl
0x48f258 GetLocalTime
0x48f25c CompareStringW
0x48f260 GetCurrentProcess
0x48f26c GetStdHandle
0x48f270 CreatePipe
0x48f274 InterlockedExchange
0x48f278 TerminateThread
0x48f27c LoadLibraryExW
0x48f280 FindResourceExW
0x48f284 CopyFileW
0x48f288 VirtualFree
0x48f28c FormatMessageW
0x48f290 GetExitCodeProcess
0x48f2b8 GetDriveTypeW
0x48f2bc GetDiskFreeSpaceExW
0x48f2c0 GetDiskFreeSpaceW
0x48f2c8 SetVolumeLabelW
0x48f2cc CreateHardLinkW
0x48f2d0 SetFileAttributesW
0x48f2d4 CreateEventW
0x48f2d8 SetEvent
0x48f2e4 GlobalLock
0x48f2e8 GlobalUnlock
0x48f2ec GlobalAlloc
0x48f2f0 GetFileSize
0x48f2f4 GlobalFree
0x48f2fc Beep
0x48f300 GetSystemDirectoryW
0x48f304 HeapReAlloc
0x48f308 HeapSize
0x48f30c GetComputerNameW
0x48f314 GetCurrentProcessId
0x48f31c CreateProcessW
0x48f320 GetProcessId
0x48f324 SetPriorityClass
0x48f328 LoadLibraryW
0x48f32c VirtualAlloc
0x48f330 IsDebuggerPresent
0x48f338 lstrcmpiW
0x48f33c DecodePointer
0x48f340 GetLastError
0x48f344 RaiseException
0x48f358 GetCurrentThread
0x48f35c CloseHandle
0x48f360 GetFullPathNameW
0x48f364 EncodePointer
0x48f368 ExitProcess
0x48f36c GetModuleHandleExW
0x48f370 ExitThread
0x48f378 ResumeThread
0x48f37c GetCommandLineW
0x48f384 IsValidCodePage
0x48f388 GetACP
0x48f38c GetOEMCP
0x48f390 GetCPInfo
0x48f394 SetLastError
0x48f3a0 TlsAlloc
0x48f3a4 TlsGetValue
0x48f3a8 TlsSetValue
0x48f3ac TlsFree
0x48f3b0 GetStartupInfoW
0x48f3b4 GetStringTypeW
0x48f3b8 SetStdHandle
0x48f3bc GetFileType
0x48f3c0 GetConsoleCP
0x48f3c4 GetConsoleMode
0x48f3c8 RtlUnwind
0x48f3cc ReadConsoleW
0x48f3d4 GetDateFormatW
0x48f3d8 GetTimeFormatW
0x48f3dc LCMapStringW
0x48f3e8 WriteConsoleW
0x48f3ec FindClose
Library USER32.dll:
0x48f4cc AdjustWindowRectEx
0x48f4d0 CopyImage
0x48f4d4 SetWindowPos
0x48f4d8 GetCursorInfo
0x48f4dc RegisterHotKey
0x48f4e0 ClientToScreen
0x48f4e8 IsCharAlphaW
0x48f4ec IsCharAlphaNumericW
0x48f4f0 IsCharLowerW
0x48f4f4 IsCharUpperW
0x48f4f8 GetMenuStringW
0x48f4fc GetSubMenu
0x48f500 GetCaretPos
0x48f504 IsZoomed
0x48f508 MonitorFromPoint
0x48f50c GetMonitorInfoW
0x48f510 SetWindowLongW
0x48f518 FlashWindow
0x48f51c GetClassLongW
0x48f524 IsDialogMessageW
0x48f528 GetSysColor
0x48f52c InflateRect
0x48f530 DrawFocusRect
0x48f534 DrawTextW
0x48f538 FrameRect
0x48f53c DrawFrameControl
0x48f540 FillRect
0x48f544 PtInRect
0x48f550 SetCursor
0x48f554 GetWindowDC
0x48f558 GetSystemMetrics
0x48f55c GetActiveWindow
0x48f560 CharNextW
0x48f564 wsprintfW
0x48f568 RedrawWindow
0x48f56c DrawMenuBar
0x48f570 DestroyMenu
0x48f574 SetMenu
0x48f57c CreateMenu
0x48f580 IsDlgButtonChecked
0x48f584 DefDlgProcW
0x48f588 CallWindowProcW
0x48f58c ReleaseCapture
0x48f590 SetCapture
0x48f598 mouse_event
0x48f59c ExitWindowsEx
0x48f5a0 SetActiveWindow
0x48f5a4 FindWindowExW
0x48f5a8 EnumThreadWindows
0x48f5ac SetMenuDefaultItem
0x48f5b0 InsertMenuItemW
0x48f5b4 IsMenu
0x48f5b8 TrackPopupMenuEx
0x48f5bc GetCursorPos
0x48f5c0 DeleteMenu
0x48f5c4 SetRect
0x48f5c8 GetMenuItemID
0x48f5cc GetMenuItemCount
0x48f5d0 SetMenuItemInfoW
0x48f5d4 GetMenuItemInfoW
0x48f5d8 SetForegroundWindow
0x48f5dc IsIconic
0x48f5e0 FindWindowW
0x48f5e4 MonitorFromRect
0x48f5e8 keybd_event
0x48f5ec SendInput
0x48f5f0 GetAsyncKeyState
0x48f5f4 SetKeyboardState
0x48f5f8 GetKeyboardState
0x48f5fc GetKeyState
0x48f600 VkKeyScanW
0x48f604 LoadStringW
0x48f608 DialogBoxParamW
0x48f60c MessageBeep
0x48f610 EndDialog
0x48f614 SendDlgItemMessageW
0x48f618 GetDlgItem
0x48f61c SetWindowTextW
0x48f620 CopyRect
0x48f624 ReleaseDC
0x48f628 GetDC
0x48f62c EndPaint
0x48f630 BeginPaint
0x48f634 GetClientRect
0x48f638 GetMenu
0x48f63c DestroyWindow
0x48f640 EnumWindows
0x48f644 GetDesktopWindow
0x48f648 IsWindow
0x48f64c IsWindowEnabled
0x48f650 IsWindowVisible
0x48f654 EnableWindow
0x48f658 InvalidateRect
0x48f65c GetWindowLongW
0x48f664 AttachThreadInput
0x48f668 GetFocus
0x48f66c GetWindowTextW
0x48f670 ScreenToClient
0x48f674 SendMessageTimeoutW
0x48f678 EnumChildWindows
0x48f67c CharUpperBuffW
0x48f680 GetParent
0x48f684 GetDlgCtrlID
0x48f688 SendMessageW
0x48f68c MapVirtualKeyW
0x48f690 PostMessageW
0x48f694 GetWindowRect
0x48f69c CloseDesktop
0x48f6a0 CloseWindowStation
0x48f6a4 OpenDesktopW
0x48f6b0 OpenWindowStationW
0x48f6b8 MessageBoxW
0x48f6bc DefWindowProcW
0x48f6c0 SetClipboardData
0x48f6c4 EmptyClipboard
0x48f6cc CloseClipboard
0x48f6d0 GetClipboardData
0x48f6d8 OpenClipboard
0x48f6dc BlockInput
0x48f6e0 GetMessageW
0x48f6e4 LockWindowUpdate
0x48f6e8 DispatchMessageW
0x48f6ec TranslateMessage
0x48f6f0 PeekMessageW
0x48f6f4 UnregisterHotKey
0x48f6f8 CheckMenuRadioItem
0x48f6fc CharLowerBuffW
0x48f700 MoveWindow
0x48f704 SetFocus
0x48f708 PostQuitMessage
0x48f70c KillTimer
0x48f710 CreatePopupMenu
0x48f718 SetTimer
0x48f71c ShowWindow
0x48f720 CreateWindowExW
0x48f724 RegisterClassExW
0x48f728 LoadIconW
0x48f72c LoadCursorW
0x48f730 GetSysColorBrush
0x48f734 GetForegroundWindow
0x48f738 MessageBoxA
0x48f73c DestroyIcon
0x48f744 LoadImageW
0x48f748 GetClassNameW
Library GDI32.dll:
0x48f0c4 StrokePath
0x48f0c8 DeleteObject
0x48f0d0 ExtCreatePen
0x48f0d4 GetDeviceCaps
0x48f0d8 EndPath
0x48f0dc SetPixel
0x48f0e0 CloseFigure
0x48f0e8 CreateCompatibleDC
0x48f0ec SelectObject
0x48f0f0 StretchBlt
0x48f0f4 GetDIBits
0x48f0f8 LineTo
0x48f0fc AngleArc
0x48f100 MoveToEx
0x48f104 Ellipse
0x48f108 DeleteDC
0x48f10c GetPixel
0x48f110 CreateDCW
0x48f114 GetStockObject
0x48f118 GetTextFaceW
0x48f11c CreateFontW
0x48f120 SetTextColor
0x48f124 PolyDraw
0x48f128 BeginPath
0x48f12c Rectangle
0x48f130 SetViewportOrgEx
0x48f134 GetObjectW
0x48f138 SetBkMode
0x48f13c RoundRect
0x48f140 SetBkColor
0x48f144 CreatePen
0x48f148 CreateSolidBrush
0x48f14c StrokeAndFillPath
Library COMDLG32.dll:
0x48f0b8 GetOpenFileNameW
0x48f0bc GetSaveFileNameW
Library ADVAPI32.dll:
0x48f000 GetAce
0x48f004 RegEnumValueW
0x48f008 RegDeleteValueW
0x48f00c RegDeleteKeyW
0x48f010 RegEnumKeyExW
0x48f014 RegSetValueExW
0x48f018 RegOpenKeyExW
0x48f01c RegCloseKey
0x48f020 RegQueryValueExW
0x48f024 RegConnectRegistryW
0x48f02c InitializeAcl
0x48f034 OpenThreadToken
0x48f038 OpenProcessToken
0x48f040 DuplicateTokenEx
0x48f04c GetLengthSid
0x48f050 CopySid
0x48f054 LogonUserW
0x48f060 RegCreateKeyExW
0x48f064 FreeSid
0x48f068 GetTokenInformation
0x48f070 GetAclInformation
0x48f074 AddAce
0x48f07c GetUserNameW
Library SHELL32.dll:
0x48f48c DragQueryPoint
0x48f490 ShellExecuteExW
0x48f494 DragQueryFileW
0x48f498 SHEmptyRecycleBinW
0x48f4a0 SHBrowseForFolderW
0x48f4a4 SHCreateShellItem
0x48f4a8 SHGetDesktopFolder
0x48f4b0 SHGetFolderPathW
0x48f4b4 SHFileOperationW
0x48f4b8 ExtractIconExW
0x48f4bc Shell_NotifyIconW
0x48f4c0 ShellExecuteW
0x48f4c4 DragFinish
Library ole32.dll:
0x48f828 CoTaskMemAlloc
0x48f82c CoTaskMemFree
0x48f830 CLSIDFromString
0x48f834 ProgIDFromCLSID
0x48f838 CLSIDFromProgID
0x48f840 MkParseDisplayName
0x48f848 CoCreateInstance
0x48f84c IIDFromString
0x48f850 StringFromGUID2
0x48f858 OleInitialize
0x48f85c OleUninitialize
0x48f860 CoInitialize
0x48f864 CoUninitialize
0x48f870 CoGetObject
0x48f874 CoSetProxyBlanket
0x48f878 CoCreateInstanceEx
Library OLEAUT32.dll:
0x48f40c LoadTypeLibEx
0x48f410 VariantCopyInd
0x48f414 SysReAllocString
0x48f418 SysFreeString
0x48f428 SafeArrayAccessData
0x48f42c SafeArrayAllocData
0x48f438 RegisterTypeLib
0x48f43c CreateStdDispatch
0x48f440 DispCallFunc
0x48f444 VariantChangeType
0x48f448 SysStringLen
0x48f450 VarR8FromDec
0x48f454 SafeArrayGetVartype
0x48f458 VariantCopy
0x48f45c VariantClear
0x48f460 OleLoadPicture
0x48f470 UnRegisterTypeLib
0x48f474 CreateDispTypeInfo
0x48f478 SysAllocString
0x48f47c VariantInit

.text
`.rdata
@.data
.rsrc
@.reloc
9=tXL
;=$dL
(SVWh
rCSVWj
,SVWh
D$<DdL
D$`DdL
D$8DdL
D$`DdL
;5hdL
;=hdL
D$$PVj
D$(PVj
D$d|)I
D$p$*I
!"#$%%%%%%&&'()*+%%%%%%&&'()*+,,,,,,--./012RRRRRRRRRRRR3345566789::::;<=<=>?>@ABC>@ABCRRRRRDEFGHIJKLMNO
;5DRL
9=$2L
~\xAI
F\xAI
VWhp3I
T% {I
V%0{I
(5P{I
(=`{I
(5P{I
(=`{I
;=DRL
(5 }I
(%p}I
;5DRL
SVWUj
95xXL
D$8Pj
^jchM?F
PhhRK
Qh,,I
QhL,I
QQSVWh
LhHyK
2hXyK
}*j%h
Rh<-I
RhL-I
Rh<-I
Sh,-I
Sh\,I
Sh\-I
Qhl,I
Vh6kE
D$D$@
j;_f9;j
[SVSh
PhuOF
Sh(OF
@VPQj
Rh<,I
Shl-I
T$$Rh<,I
Ph|-I
PPWPj
FDH/J
QQVWh
t$$Vj
D$<Pj
t4PhL'
Qh|,I
Vh,,I
PVh,,I
D$tPVj
,SVWh
F;54XL
D$ Pj
D$ Pj
D$ Pj
*;5PXL
_9=4XL
G;=4XL
SVjDj
GetNativeSystemInfo
kernel32.dll
[:>:]]
[:<:]]
bad allocation
CorExitProcess
RoInitialize
RoUninitialize
Unknown exception
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CreateEventExW
CreateSemaphoreExW
SetThreadStackGuarantee
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
FlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
GetLogicalProcessorInformation
CreateSymbolicLinkW
SetDefaultDllDirectories
EnumSystemLocalesEx
CompareStringEx
GetDateFormatEx
GetLocaleInfoEx
GetTimeFormatEx
GetUserDefaultLocaleName
IsValidLocaleName
LCMapStringEx
GetCurrentPackageId
GetTickCount64
GetFileInformationByHandleExW
SetFileInformationByHandleW
log10
atan2
floor
ldexp
_cabs
_hypot
frexp
_logb
_nextafter
(null)
`h````
=\uI=
Eb2]A=
2ieO=
|W8A=
V%A+=
>,'1D=
?g)([|X>=
r7Yr7=
.K="=
?Dj0Q:W$=
Lyc>=
?C;0=
?4j<=
Nl,"=
5s3R6=
#wi#:=
m0_$@
m0_$@
m0_$@
exp10
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
MessageBoxW
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationW
GetProcessWindowStation
e+000
CreateFile2
i^^?(>
Y:/(A6>
MVx:>
[j&,>
F\IE>
B'=>>
in]D>
F"VM>
30}->
0)LK>
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`RTTI
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
1#SNAN
1#IND
1#INF
1#QNAN
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
alpha
lower
upper
alnum
ascii
blank
cntrl
digit
graph
print
punct
space
xdigit
ACCEPT
COMMIT
PRUNE
no error
\ at end of pattern
\c at end of pattern
unrecognized character follows \
numbers out of order in {} quantifier
number too big in {} quantifier
missing terminating ] for character class
invalid escape sequence in character class
range out of order in character class
nothing to repeat
operand of unlimited repeat could match the empty string
internal error: unexpected repeat
unrecognized character after (? or (?-
POSIX named classes are supported only within a class
missing )
reference to non-existent subpattern
erroffset passed as NULL
unknown option bit(s) set
missing ) after comment
parentheses nested too deeply
regular expression is too large
failed to get memory
unmatched parentheses
internal error: code overflow
unrecognized character after (?<
lookbehind assertion is not fixed length
malformed number or name after (?(
conditional group contains more than two branches
assertion expected after (?(
(?R or (?[+-]digits must be followed by )
unknown POSIX class name
POSIX collating elements are not supported
this version of PCRE is compiled without UTF support
spare error
character value in \x{} or \o{} is too large
invalid condition (?(0)
\C not allowed in lookbehind assertion
PCRE does not support \L, \l, \N{name}, \U, or \u
number after (?C is > 255
closing ) for (?C expected
recursive call could loop indefinitely
unrecognized character after (?P
syntax error in subpattern name (missing terminator)
two named subpatterns have the same name
invalid UTF-8 string
support for \P, \p, and \X has not been compiled
malformed \P or \p sequence
unknown property name after \P or \p
subpattern name is too long (maximum 32 characters)
too many named subpatterns (maximum 10000)
repeated subpattern is too long
octal value is greater than \377 in 8-bit non-UTF-8 mode
internal error: overran compiling workspace
internal error: previously-checked referenced subpattern not found
DEFINE group contains more than one branch
repeating a DEFINE group is not allowed
inconsistent NEWLINE options
\g is not followed by a braced, angle-bracketed, or quoted name/number or by a plain number
a numbered reference must not be zero
an argument is not allowed for (*ACCEPT), (*FAIL), or (*COMMIT)
(*VERB) not recognized or malformed
number is too big
subpattern name expected
digit expected after (?+
] is an invalid data character in JavaScript compatibility mode
different names for subpatterns of the same number are not allowed
(*MARK) must have an argument
this version of PCRE is not compiled with Unicode property support
\c must be followed by an ASCII character
\k is not followed by a braced, angle-bracketed, or quoted name
internal error: unknown opcode in find_fixedlength()
\N is not supported in a class
too many forward references
disallowed Unicode code point (>= 0xd800 && <= 0xdfff)
invalid UTF-16 string
name is too long in (*MARK), (*PRUNE), (*SKIP), or (*THEN)
character value in \u.... sequence is too large
invalid UTF-32 string
setting UTF is disabled by the application
non-hex character in \x{} (closing brace missing?)
non-octal character in \o{} (closing brace missing?)
missing opening brace after \o
parentheses are too deeply nested
invalid range in character class
group name must start with a non-digit
parentheses are too deeply nested (stack check)
Arabic
Armenian
Avestan
Balinese
Bamum
Batak
Bengali
Bopomofo
Brahmi
Braille
Buginese
Buhid
Canadian_Aboriginal
Carian
Chakma
Cherokee
Common
Coptic
Cuneiform
Cypriot
Cyrillic
Deseret
Devanagari
Egyptian_Hieroglyphs
Ethiopic
Georgian
Glagolitic
Gothic
Greek
Gujarati
Gurmukhi
Hangul
Hanunoo
Hebrew
Hiragana
Imperial_Aramaic
Inherited
Inscriptional_Pahlavi
Inscriptional_Parthian
Javanese
Kaithi
Kannada
Katakana
Kayah_Li
Kharoshthi
Khmer
Latin
Lepcha
Limbu
Linear_B
Lycian
Lydian
Malayalam
Mandaic
Meetei_Mayek
Meroitic_Cursive
Meroitic_Hieroglyphs
Mongolian
Myanmar
New_Tai_Lue
Ogham
Ol_Chiki
Old_Italic
Old_Persian
Old_South_Arabian
Old_Turkic
Oriya
Osmanya
Phags_Pa
Phoenician
Rejang
Runic
Samaritan
Saurashtra
Sharada
Shavian
Sinhala
Sora_Sompeng
Sundanese
Syloti_Nagri
Syriac
Tagalog
Tagbanwa
Tai_Le
Tai_Tham
Tai_Viet
Takri
Tamil
Telugu
Thaana
Tibetan
Tifinagh
Ugaritic
This is a third-party compiled AutoIt script.
DllGetClassObject
GetModuleHandleExW
GetSystemWow64DirectoryW
RegDeleteKeyExW
advapi32.dll
Error text not found (please report)
DEFINE
UTF16)
NO_AUTO_POSSESS)
NO_START_OPT)
LIMIT_MATCH=
LIMIT_RECURSION=
CRLF)
ANYCRLF)
BSR_ANYCRLF)
BSR_UNICODE)
argument is not a compiled regular expression
argument not compiled in 16 bit mode
internal error: opcode not recognized
internal error: missing capturing bracket
failed to get memory
WSOCK32.dll
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
VERSION.dll
timeGetTime
mciSendStringW
waveOutSetVolume
WINMM.dll
InitCommonControlsEx
ImageList_Create
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
COMCTL32.dll
WNetAddConnection2W
WNetUseConnectionW
WNetCancelConnection2W
WNetGetConnectionW
MPR.dll
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetQueryDataAvailable
WININET.dll
GetProcessMemoryInfo
PSAPI.DLL
IcmpCreateFile
IcmpSendEcho
IcmpCloseHandle
IPHLPAPI.DLL
LoadUserProfileW
CreateEnvironmentBlock
UnloadUserProfile
DestroyEnvironmentBlock
USERENV.dll
IsThemeActive
UxTheme.dll
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
GetLastError
DecodePointer
lstrcmpiW
GetCurrentDirectoryW
IsDebuggerPresent
SetCurrentDirectoryW
GetFullPathNameW
CloseHandle
GetCurrentThread
GetCurrentProcess
DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
GetLongPathNameW
GetShortPathNameW
DeleteFileW
FindNextFileW
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
GetLocalTime
CompareStringW
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
LoadLibraryW
VirtualAlloc
KERNEL32.dll
DestroyIcon
MessageBoxA
GetForegroundWindow
GetSysColorBrush
LoadCursorW
LoadIconW
RegisterClassExW
CreateWindowExW
ShowWindow
SetTimer
RegisterWindowMessageW
CreatePopupMenu
KillTimer
PostQuitMessage
SetFocus
MoveWindow
DefWindowProcW
MessageBoxW
GetUserObjectSecurity
OpenWindowStationW
GetProcessWindowStation
SetProcessWindowStation
OpenDesktopW
CloseWindowStation
CloseDesktop
SetUserObjectSecurity
GetWindowRect
PostMessageW
MapVirtualKeyW
SendMessageW
GetDlgCtrlID
GetParent
GetClassNameW
CharUpperBuffW
EnumChildWindows
SendMessageTimeoutW
ScreenToClient
GetWindowTextW
GetFocus
AttachThreadInput
GetWindowThreadProcessId
GetWindowLongW
InvalidateRect
EnableWindow
IsWindowVisible
IsWindowEnabled
IsWindow
GetDesktopWindow
EnumWindows
DestroyWindow
GetMenu
GetClientRect
BeginPaint
EndPaint
GetDC
ReleaseDC
CopyRect
SetWindowTextW
GetDlgItem
SendDlgItemMessageW
EndDialog
MessageBeep
DialogBoxParamW
LoadStringW
VkKeyScanW
GetKeyState
GetKeyboardState
SetKeyboardState
GetAsyncKeyState
SendInput
keybd_event
SystemParametersInfoW
FindWindowW
IsIconic
SetForegroundWindow
GetMenuItemInfoW
SetMenuItemInfoW
GetMenuItemCount
GetMenuItemID
CheckMenuRadioItem
DeleteMenu
GetCursorPos
TrackPopupMenuEx
IsMenu
InsertMenuItemW
SetMenuDefaultItem
EnumThreadWindows
FindWindowExW
SetActiveWindow
ExitWindowsEx
mouse_event
CreateIconFromResourceEx
LoadImageW
MonitorFromRect
CharLowerBuffW
UnregisterHotKey
PeekMessageW
TranslateMessage
DispatchMessageW
LockWindowUpdate
GetMessageW
BlockInput
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
CountClipboardFormats
EmptyClipboard
SetClipboardData
SetRect
AdjustWindowRectEx
CopyImage
SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
USER32.dll
GetDeviceCaps
DeleteObject
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
DeleteDC
GetPixel
CreateDCW
GetStockObject
GetTextFaceW
CreateFontW
SetTextColor
CreateSolidBrush
CreatePen
SetBkColor
RoundRect
SetBkMode
GetObjectW
SetViewportOrgEx
Rectangle
BeginPath
PolyDraw
Ellipse
MoveToEx
AngleArc
LineTo
CloseFigure
SetPixel
EndPath
StrokePath
StrokeAndFillPath
ExtCreatePen
GDI32.dll
GetOpenFileNameW
GetSaveFileNameW
COMDLG32.dll
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
GetSecurityDescriptorDacl
GetAclInformation
GetAce
AddAce
SetSecurityDescriptorDacl
InitiateSystemShutdownExW
GetUserNameW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
ADVAPI32.dll
ShellExecuteW
Shell_NotifyIconW
ExtractIconExW
SHFileOperationW
SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHCreateShellItem
SHBrowseForFolderW
SHGetPathFromIDListW
SHEmptyRecycleBinW
DragQueryFileW
ShellExecuteExW
DragQueryPoint
DragFinish
SHELL32.dll
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket
ole32.dll
OLEAUT32.dll
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineW
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
SetEnvironmentVariableA
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
AU3!P/I
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVtype_info@@
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
jqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
jurrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrruj
juuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuj
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
J>>>>>>>>>>>>>>>>ACA>>>>>>>>>G
>S]]]]]]]]]]]]]]]]]]]]]]]]]]]>
>S]]a]aaa]]]]]]a```____R_R_U]>
>_]]QQQQQQRQRQQQ_``__STTRRRR]>
>\]FIIIIIIIIIIFQ`LLLLLL_TRRR]>
IQ```a\a_`_URR]>
IQ^LLLLLL___RR]>
IQ`_``a\a\_SRU]>
IQ````ca\a__a]]>
IQ`LLLLLL\]a_a]>
$$$IQ````aca_a\]_]>
C]]]]]]]]]]]]]]]]]]]]]]]]]]]]>
C_]a`a]]ac]a]a]a]a`a\a\a\ac]]>
DKLKKKLKKLKKKKLKLKLKLMKKKKLKL>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>J
$C(%Y
F9MYs
3>4zk
M9E\C
RK6n>
IwUri
aBH[%p
.\dD%vJ
Yl8/W
>N'TF
CAU3!EA06PA
PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
?!?'?-?2?<?F?R?^?~?
3 3t9
?#?'?+?/?3?
<u=k?
>/>U>k>y>
=!>2>
:$>+>_>f>
> ?F?q?
4?5U5
<$=4=8=<=
?L?P?T?X?\?`?
<"<&<
3 3(30383@3
< <$<(<,<0<4<8<<<@<D<H<L<P<
3h4l4
4(4H4
static
FControl Panel\Mouse
SwapMouseButtons
EAutoIt v3
TaskbarCreated
Script Paused
/AutoIt3ExecuteScript
/AutoIt3ExecuteLine
/AutoIt3OutputDebug
/ErrorStdOut
CMDLINE
CMDLINERAW
>>>AUTOIT NO CMDEXECUTE<<<
AutoIt v3 GUI
SCRIPT
#comments-end
#comments-start
EWM_GETCONTROLNAME
EFILECLOSE
FILECOPY
FILECREATENTFSLINK
FILECREATESHORTCUT
FILEDELETE
FILEEXISTS
FILEFINDFIRSTFILE
FILEFINDNEXTFILE
FILEFLUSH
FILEGETATTRIB
FILEGETENCODING
FILEGETLONGNAME
FILEGETPOS
FILEGETSHORTCUT
FILEGETSHORTNAME
FILEGETSIZE
FILEGETTIME
FILEGETVERSION
FILEINSTALL
FILEMOVE
FILEOPEN
FILEOPENDIALOG
FILEREAD
FILEREADLINE
FILEREADTOARRAY
FILERECYCLE
FILERECYCLEEMPTY
FILESAVEDIALOG
FILESELECTFOLDER
FILESETATTRIB
FILESETEND
FILESETPOS
FILESETTIME
FILEWRITE
FILEWRITELINE
FLOOR
FTPSETPROXY
FUNCNAME
GUICREATE
GUICTRLCREATEAVI
GUICTRLCREATEBUTTON
GUICTRLCREATECHECKBOX
GUICTRLCREATECOMBO
GUICTRLCREATECONTEXTMENU
GUICTRLCREATEDATE
GUICTRLCREATEDUMMY
GUICTRLCREATEEDIT
GUICTRLCREATEGRAPHIC
GUICTRLCREATEGROUP
GUICTRLCREATEICON
GUICTRLCREATEINPUT
GUICTRLCREATELABEL
GUICTRLCREATELIST
GUICTRLCREATELISTVIEW
GUICTRLCREATELISTVIEWITEM
GUICTRLCREATEMENU
GUICTRLCREATEMENUITEM
GUICTRLCREATEMONTHCAL
GUICTRLCREATEOBJ
GUICTRLCREATEPIC
GUICTRLCREATEPROGRESS
GUICTRLCREATERADIO
GUICTRLCREATESLIDER
GUICTRLCREATETAB
GUICTRLCREATETABITEM
GUICTRLCREATETREEVIEW
GUICTRLCREATETREEVIEWITEM
GUICTRLCREATEUPDOWN
GUICTRLDELETE
GUICTRLGETHANDLE
GUICTRLGETSTATE
GUICTRLREAD
GUICTRLRECVMSG
GUICTRLREGISTERLISTVIEWSORT
GUICTRLSENDMSG
GUICTRLSENDTODUMMY
GUICTRLSETBKCOLOR
GUICTRLSETCOLOR
GUICTRLSETCURSOR
GUICTRLSETDATA
GUICTRLSETDEFBKCOLOR
GUICTRLSETDEFCOLOR
GUICTRLSETFONT
GUICTRLSETGRAPHIC
GUICTRLSETIMAGE
GUICTRLSETLIMIT
GUICTRLSETONEVENT
GUICTRLSETPOS
GUICTRLSETRESIZING
GUICTRLSETSTATE
GUICTRLSETSTYLE
GUICTRLSETTIP
GUIDELETE
GUIGETCURSORINFO
GUIGETMSG
GUIGETSTYLE
GUIREGISTERMSG
GUISETACCELERATORS
GUISETBKCOLOR
GUISETCOORD
GUISETCURSOR
GUISETFONT
GUISETHELP
GUISETICON
GUISETONEVENT
GUISETSTATE
GUISETSTYLE
GUISTARTGROUP
GUISWITCH
HOTKEYSET
HTTPSETPROXY
HTTPSETUSERAGENT
INETCLOSE
INETGET
INETGETINFO
INETGETSIZE
INETREAD
INIDELETE
INIREAD
INIREADSECTION
INIREADSECTIONNAMES
INIRENAMESECTION
INIWRITE
INIWRITESECTION
INPUTBOX
ISADMIN
ISARRAY
ISBINARY
ISBOOL
ISDECLARED
ISDLLSTRUCT
ISFLOAT
ISFUNC
ISHWND
ISINT
ISKEYWORD
ISMAP
ISNUMBER
ISOBJ
ISPTR
ISSTRING
MAPAPPEND
MAPEXISTS
MAPKEYS
MAPREMOVE
MEMGETSTATS
MOUSECLICK
MOUSECLICKDRAG
MOUSEDOWN
MOUSEGETCURSOR
MOUSEGETPOS
MOUSEMOVE
MOUSEUP
MOUSEWHEEL
MSGBOX
NUMBER
OBJCREATE
OBJCREATEINTERFACE
OBJEVENT
OBJGET
OBJNAME
ONAUTOITEXITREGISTER
ONAUTOITEXITUNREGISTER
PIXELCHECKSUM
PIXELGETCOLOR
PIXELSEARCH
PROCESSCLOSE
PROCESSEXISTS
PROCESSGETSTATS
PROCESSLIST
PROCESSSETPRIORITY
PROCESSWAIT
PROCESSWAITCLOSE
PROGRESSOFF
PROGRESSON
PROGRESSSET
RANDOM
REGDELETE
REGENUMKEY
REGENUMVAL
REGREAD
REGWRITE
ROUND
RUNAS
RUNASWAIT
RUNWAIT
SENDKEEPACTIVE
SETERROR
SETEXTENDED
SHELLEXECUTE
SHELLEXECUTEWAIT
SHUTDOWN
SLEEP
SOUNDPLAY
SOUNDSETWAVEVOLUME
SPLASHIMAGEON
SPLASHOFF
SPLASHTEXTON
SRANDOM
STATUSBARGETTEXT
STDERRREAD
STDINWRITE
STDIOCLOSE
STDOUTREAD
STRING
STRINGADDCR
STRINGCOMPARE
STRINGFORMAT
STRINGFROMASCIIARRAY
STRINGINSTR
STRINGISALNUM
STRINGISALPHA
STRINGISASCII
STRINGISDIGIT
STRINGISFLOAT
STRINGISINT
STRINGISLOWER
STRINGISSPACE
STRINGISUPPER
STRINGISXDIGIT
STRINGLEFT
STRINGLEN
STRINGLOWER
STRINGMID
STRINGREGEXP
STRINGREGEXPREPLACE
STRINGREPLACE
STRINGREVERSE
STRINGRIGHT
STRINGSPLIT
STRINGSTRIPCR
STRINGSTRIPWS
STRINGTOASCIIARRAY
STRINGTOBINARY
STRINGTRIMLEFT
STRINGTRIMRIGHT
STRINGUPPER
TCPACCEPT
TCPCLOSESOCKET
TCPCONNECT
TCPLISTEN
TCPNAMETOIP
TCPRECV
TCPSEND
TCPSHUTDOWN
TCPSTARTUP
TIMERDIFF
TIMERINIT
TOOLTIP
TRAYCREATEITEM
TRAYCREATEMENU
TRAYGETMSG
TRAYITEMDELETE
TRAYITEMGETHANDLE
TRAYITEMGETSTATE
TRAYITEMGETTEXT
TRAYITEMSETONEVENT
TRAYITEMSETSTATE
TRAYITEMSETTEXT
TRAYSETCLICK
TRAYSETICON
TRAYSETONEVENT
TRAYSETPAUSEICON
TRAYSETSTATE
TRAYSETTOOLTIP
TRAYTIP
UBOUND
UDPBIND
UDPCLOSESOCKET
UDPOPEN
UDPRECV
UDPSEND
UDPSHUTDOWN
UDPSTARTUP
VARGETTYPE
WINACTIVATE
WINACTIVE
WINCLOSE
WINEXISTS
WINFLASH
WINGETCARETPOS
WINGETCLASSLIST
WINGETCLIENTSIZE
WINGETHANDLE
WINGETPOS
WINGETPROCESS
WINGETSTATE
WINGETTEXT
WINGETTITLE
WINKILL
WINLIST
WINMENUSELECTITEM
WINMINIMIZEALL
WINMINIMIZEALLUNDO
WINMOVE
WINSETONTOP
WINSETSTATE
WINSETTITLE
WINSETTRANS
WINWAIT
WINWAITACTIVE
WINWAITCLOSE
WINWAITNOTACTIVE
CAutoIt
FSoftware\AutoIt v3\AutoIt
CCALL
DLLCALLBACKREGISTER
DRIVEGETFILESYSTEM
AUTOITWINSETTITLE
AUTOITWINGETTITLE
CONSOLEWRITEERROR
DLLCALLBACKGETPTR
DLLSTRUCTGETDATA
DLLSTRUCTSETDATA
CONTROLGETHANDLE
DLLSTRUCTGETSIZE
CONTROLTREEVIEW
AUTOITSETOPTION
DLLSTRUCTGETPTR
ADLIBUNREGISTER
DRIVESPACETOTAL
DLLSTRUCTCREATE
CONTROLGETFOCUS
DLLCALLBACKFREE
CONTROLLISTVIEW
DRIVESPACEFREE
CONTROLCOMMAND
DUMMYSPEEDTEST
CONTROLGETTEXT
CONTROLSETTEXT
DRIVEGETSERIAL
BINARYTOSTRING
CONTROLDISABLE
DLLCALLADDRESS
DRIVEGETDRIVE
CONTROLGETPOS
ADLIBREGISTER
DRIVESETLABEL
FILECHANGEDIR
DRIVEGETLABEL
CONTROLENABLE
CONTROLFOCUS
CONTROLCLICK
DRIVEGETTYPE
CONSOLEWRITE
CONTROLSEND
CONTROLSHOW
DRIVEMAPADD
DRIVEMAPDEL
CONSOLEREAD
DRIVEMAPGET
CONTROLMOVE
CONTROLHIDE
DRIVESTATUS
@EXITMETHOD
DIRGETSIZE
BLOCKINPUT
\Include\
DIRCREATE
BITROTATE
BINARYMID
BINARYLEN
ENVUPDATE
DIRREMOVE
@EXITCODE
close all
DLLCLOSE
BITSHIFT
#include
CEILING
DIRCOPY
DLLOPEN
EXECUTE
DLLCALL
CLIPGET
DIRMOVE
CLIPPUT
CDTRAY
ENVGET
ASSIGN
BINARY
BITXOR
d1r0,2
BITAND
ENVSET
BITNOT
BREAK
BITOR
#OnAutoItStartRegister
#pragma compile
#requireadmin
#include-once
#notrayicon
d250m0
d10m0
GUIDataSeparatorChar
MouseClickDownDelay
MouseClickDragDelay
WinDetectHiddenText
WinTitleMatchMode
WinSearchChildren
SendKeyDownDelay
ExpandVarStrings
WinTextMatchMode
ExpandEnvStrings
SendCapsLockMode
GUIEventOptions
MustDeclareVars
MouseClickDelay
TrayOnEventMode
MouseCoordMode
CaretCoordMode
SendAttachMode
PixelCoordMode
GUIOnEventMode
GUICloseOnESC
TrayIconDebug
GUIResizeMode
TrayAutoPause
TrayIconHide
WinWaitDelay
GUICoordMode
TrayMenuMode
SendKeyDelay
SetExitCode
TCPTimeout
d0r0,1023
d1r1,2
d100m0
d0r0,3
%.15g
d124c
\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
mscoree.dll
combase.dll
am/pm
Ija-JP
zh-CN
ko-KR
zh-TW
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
en-US
kernel32.dll
runtime error
Program:
<program name unknown>
Microsoft Visual C++ Runtime Library
(null)
UTF-8
UTF-16LE
UNICODE
zh-CHS
ar-SA
bg-BG
ca-ES
cs-CZ
da-DK
de-DE
el-GR
fi-FI
fr-FR
he-IL
hu-HU
is-IS
it-IT
nl-NL
nb-NO
pl-PL
pt-BR
ro-RO
ru-RU
hr-HR
sk-SK
sq-AL
sv-SE
th-TH
tr-TR
ur-PK
id-ID
uk-UA
be-BY
sl-SI
et-EE
lv-LV
lt-LT
fa-IR
vi-VN
hy-AM
az-AZ-Latn
eu-ES
mk-MK
tn-ZA
xh-ZA
zu-ZA
af-ZA
ka-GE
fo-FO
hi-IN
mt-MT
se-NO
ms-MY
kk-KZ
ky-KG
sw-KE
uz-UZ-Latn
tt-RU
bn-IN
pa-IN
gu-IN
ta-IN
te-IN
kn-IN
ml-IN
mr-IN
sa-IN
mn-MN
cy-GB
gl-ES
kok-IN
syr-SY
div-MV
quz-BO
ns-ZA
mi-NZ
ar-IQ
de-CH
en-GB
es-MX
fr-BE
it-CH
nl-BE
nn-NO
pt-PT
sr-SP-Latn
sv-FI
az-AZ-Cyrl
se-SE
ms-BN
uz-UZ-Cyrl
quz-EC
ar-EG
zh-HK
de-AT
en-AU
es-ES
fr-CA
sr-SP-Cyrl
se-FI
quz-PE
ar-LY
zh-SG
de-LU
en-CA
es-GT
fr-CH
hr-BA
smj-NO
ar-DZ
zh-MO
de-LI
en-NZ
es-CR
fr-LU
bs-BA-Latn
smj-SE
ar-MA
en-IE
es-PA
fr-MC
sr-BA-Latn
sma-NO
ar-TN
en-ZA
es-DO
sr-BA-Cyrl
sma-SE
ar-OM
en-JM
es-VE
sms-FI
ar-YE
en-CB
es-CO
smn-FI
ar-SY
en-BZ
es-PE
ar-JO
en-TT
es-AR
ar-LB
en-ZW
es-EC
ar-KW
en-PH
es-CL
ar-AE
es-UY
ar-BH
es-PY
ar-QA
es-BO
es-SV
es-HN
es-NI
es-PR
zh-CHT
af-za
ar-ae
ar-bh
ar-dz
ar-eg
ar-iq
ar-jo
ar-kw
ar-lb
ar-ly
ar-ma
ar-om
ar-qa
ar-sa
ar-sy
ar-tn
ar-ye
az-az-cyrl
az-az-latn
be-by
bg-bg
bn-in
bs-ba-latn
ca-es
cs-cz
cy-gb
da-dk
de-at
de-ch
de-de
de-li
de-lu
div-mv
el-gr
en-au
en-bz
en-ca
en-cb
en-gb
en-ie
en-jm
en-nz
en-ph
en-tt
en-us
en-za
en-zw
es-ar
es-bo
es-cl
es-co
es-cr
es-do
es-ec
es-es
es-gt
es-hn
es-mx
es-ni
es-pa
es-pe
es-pr
es-py
es-sv
es-uy
es-ve
et-ee
eu-es
fa-ir
fi-fi
fo-fo
fr-be
fr-ca
fr-ch
fr-fr
fr-lu
fr-mc
gl-es
gu-in
he-il
hi-in
hr-ba
hr-hr
hu-hu
hy-am
id-id
is-is
it-ch
it-it
ja-jp
ka-ge
kk-kz
kn-in
kok-in
ko-kr
ky-kg
lt-lt
lv-lv
mi-nz
mk-mk
ml-in
mn-mn
mr-in
ms-bn
ms-my
mt-mt
nb-no
nl-be
nl-nl
nn-no
ns-za
pa-in
pl-pl
pt-br
pt-pt
quz-bo
quz-ec
quz-pe
ro-ro
ru-ru
sa-in
se-fi
se-no
se-se
sk-sk
sl-si
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sq-al
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
sv-fi
sv-se
sw-ke
syr-sy
ta-in
te-in
th-th
tn-za
tr-tr
tt-ru
uk-ua
ur-pk
uz-uz-cyrl
uz-uz-latn
vi-vn
xh-za
zh-chs
zh-cht
zh-cn
zh-hk
zh-mo
zh-sg
zh-tw
zu-za
USER32.DLL
CONOUT$
BInclude
F@GUI_CTRLID
@GUI_WINHANDLE
@GUI_CTRLHANDLE
@TRAY_ID
0123456789ABCDEF
BACKSPACE
DELETE
ENTER
ESCAPE
INSERT
RIGHT
SPACE
PRINTSCREEN
SCROLLLOCK
NUMLOCK
PAUSE
CAPSLOCK
NUMPAD0
NUMPAD1
NUMPAD2
NUMPAD3
NUMPAD4
NUMPAD5
NUMPAD6
NUMPAD7
NUMPAD8
NUMPAD9
NUMPADMULT
NUMPADADD
NUMPADSUB
NUMPADDOT
NUMPADDIV
APPSKEY
LCTRL
RCTRL
LSHIFT
RSHIFT
NUMPADENTER
BROWSER_BACK
BROWSER_FORWARD
BROWSER_REFRESH
BROWSER_STOP
BROWSER_SEARCH
BROWSER_FAVORTIES
BROWSER_HOME
VOLUME_MUTE
VOLUME_DOWN
VOLUME_UP
MEDIA_NEXT
MEDIA_PREV
MEDIA_STOP
MEDIA_PLAY_PAUSE
LAUNCH_MAIL
LAUNCH_MEDIA
LAUNCH_APP1
LAUNCH_APP2
OEM_102
MOUSE_LBUTTON
MOUSE_RBUTTON
MOUSE_MBUTTON
MOUSE_XBUTTON1
MOUSE_XBUTTON2
CTRLDOWN
CTRLUP
ALTDOWN
ALTUP
SHIFTDOWN
SHIFTUP
LWINDOWN
LWINUP
RWINDOWN
RWINUP
ELSEIF
ENDIF
WHILE
UNTIL
EXITLOOP
CONTINUELOOP
SELECT
ENDSELECT
SWITCH
ENDSWITCH
CONTINUECASE
REDIM
LOCAL
GLOBAL
CONST
STATIC
ENDFUNC
RETURN
BYREF
ENDWITH
FALSE
DEFAULT
VOLATILE
ERROR
EXTENDED
PROGRAMFILESDIR
COMMONFILESDIR
MYDOCUMENTSDIR
APPDATACOMMONDIR
DESKTOPCOMMONDIR
DOCUMENTSCOMMONDIR
FAVORITESCOMMONDIR
PROGRAMSCOMMONDIR
STARTMENUCOMMONDIR
STARTUPCOMMONDIR
LOCALAPPDATADIR
APPDATADIR
DESKTOPDIR
FAVORITESDIR
PROGRAMSDIR
STARTMENUDIR
STARTUPDIR
COMPUTERNAME
WINDOWSDIR
SYSTEMDIR
SW_HIDE
SW_MINIMIZE
SW_MAXIMIZE
SW_RESTORE
SW_SHOW
SW_SHOWDEFAULT
SW_ENABLE
SW_DISABLE
SW_SHOWMAXIMIZED
SW_SHOWMINIMIZED
SW_SHOWMINNOACTIVE
SW_SHOWNA
SW_SHOWNOACTIVATE
SW_SHOWNORMAL
SW_LOCK
SW_UNLOCK
TRAYICONVISIBLE
TRAYICONFLASHING
SCRIPTFULLPATH
SCRIPTNAME
SCRIPTDIR
SCRIPTLINENUMBER
WORKINGDIR
OSTYPE
OSVERSION
OSBUILD
OSSERVICEPACK
OSLANG
PROCESSORARCH
OSARCH
CPUARCH
KBLAYOUT
AUTOITVERSION
AUTOITEXE
IPADDRESS1
IPADDRESS2
IPADDRESS3
IPADDRESS4
DESKTOPWIDTH
DESKTOPHEIGHT
DESKTOPDEPTH
DESKTOPREFRESH
COMPILED
COMSPEC
USERNAME
TEMPDIR
USERPROFILEDIR
HOMEDRIVE
HOMEPATH
HOMESHARE
LOGONSERVER
LOGONDOMAIN
LOGONDNSDOMAIN
INETGETBYTESREAD
INETGETACTIVE
NUMPARAMS
HOTKEYPRESSED
AUTOITPID
AUTOITUNICODE
AUTOITX64
UNICODE
MUILANG
\P{Lu}
\P{Nd}
\P{L}
\P{Xan}
\b(?=\w)
\p{Xps}
\P{Xps}
\P{Xwd}
\p{Nd}
K\P{Ll}
\p{L}
\p{Xsp}
\p{Xwd}
\p{Lu}
\P{Xsp}
\p{Xan}
\b(?<=\w)
\p{Ll}
SOFTWARE\Classes\
\CLSID
\IPC$
runas
Error allocating memory.
SeAssignPrimaryTokenPrivilege
SeIncreaseQuotaPrivilege
SeBackupPrivilege
SeRestorePrivilege
winsta0
default
winsta0\default
ComboBox
ListBox
SHELLDLL_DefView
largeicons
details
smallicons
CLASS
CLASSNN
REGEXPCLASS
INSTANCE
[LAST
ACTIVE
[ACTIVE
HANDLE=
[HANDLE:
REGEXP=
[REGEXPTITLE:
CLASSNAME=
[CLASS:
HANDLE
REGEXPTITLE
TITLE
ThumbnailClass
AutoIt3GUI
Container
CWINDESCRIPTION
DESCRIPTION
SOURCE
HELPFILE
HELPCONTEXT
LASTDLLERROR
SCRIPTLINE
RETCODE
RAISE
CLEAR
E@COM_EVENTOBJ
Ecdecl
boolean
short
ushort
dword
ulong
variant
int64
uint64
float
double
hresult
handle
int_ptr
long_ptr
lresult
lparam
uint_ptr
ulong_ptr
dword_ptr
wparam
idispatch
object
struct
clsid
InterfaceDispatch
QueryInterface
AddRef
Release
Error:
^ ERROR
Error:
Run Script:
AutoIt script files (*.au3, *.a3x)
*.au3;*.a3x
All files (*.*)
#include depth exceeded. Make sure there are no recursive includes
Error opening the file
>>>AUTOIT SCRIPT<<<
Bad directive syntax error
Unterminated string
Cannot parse #include
Unterminated group of comments
Shell_TrayWnd
REMOVE
EXISTS
APPEND
blank
question
warning
Line:
BUTTON
#32770
\\?\UNC\
StringFileInfo\
\VarFileInfo\Translation
04090000
DefaultLangCodepage
%u.%u.%u.%u
0.0.0.0
open
alias PlayMe
status PlayMe mode
close PlayMe
play PlayMe wait
play PlayMe
SeShutdownPrivilege
MIDDLE
PRIMARY
SECONDARY
False
%4d%02d%02d%02d%02d%02d
Default
^ ERROR
cdrom
removable
fixed
network
ramdisk
unknown
close
closed
type cdaudio alias cd wait
set cd door
wait
close cd wait
PhysicalDrive
Removable
Fixed
Network
CDROM
RAMDisk
Unknown
ATAPI
Fibre
iSCSI
Virtual
FileBackedVirtual
READY
INVALID
NOTREADY
READONLY
UNKNOWN
\??\%s
GUI_RUNDEFMSG
<local>
Environment
DISPLAY
msctls_progress32
AUTOITCALLVARIABLE%d
^[A-Z\d_]+$
255.255.255.255
Int32
Int64
Double
String
Array
DLLStruct
Reference
Object
Keyword
Binary
Function
UserFunction
NULL Pointer assignment
Incorrect Parameter format
AUTOIT.ERROR
_NewEnum
get__NewEnum
Null Object assignment in FOR..IN loop
Incorrect Object type in FOR..IN loop
Not an Object type
Failed to create object
Invalid parameter
CALLARGARRAY
Variable must be of type 'Object'.
Variable is not of type 'Object'.
Incorrect parameters to object property !
WIN32_NT
WIN_10
WIN_2016
WIN_81
WIN_2012R2
WIN_2012
WIN_8
WIN_2008R2
WIN_7
WIN_2008
WIN_VISTA
WIN_2003
WIN_XPe
WIN_XP
InstallLanguage
SYSTEM\CurrentControlSet\Control\Nls\Language
SchemeLangID
Control Panel\Appearance
3, 3, 14, 1
USERPROFILE
USERDOMAIN
USERDNSDOMAIN
SeDebugPrivilege
winapi
stdcall
ubyte
HKEY_LOCAL_MACHINE
HKEY_CLASSES_ROOT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_USER
HKEY_USERS
REG_EXPAND_SZ
REG_SZ
REG_MULTI_SZ
REG_DWORD
REG_QWORD
REG_BINARY
(*UCP)\X
ISVISIBLE
ISENABLED
TABLEFT
TABRIGHT
CURRENTTAB
SHOWDROPDOWN
HIDEDROPDOWN
ADDSTRING
DELSTRING
FINDSTRING
SETCURRENTSELECTION
GETCURRENTSELECTION
SELECTSTRING
ISCHECKED
CHECK
UNCHECK
GETSELECTED
GETLINECOUNT
GETCURRENTLINE
GETCURRENTCOL
EDITPASTE
GETLINE
SENDCOMMANDID
GETITEMCOUNT
GETSUBITEMCOUNT
GETTEXT
GETSELECTEDCOUNT
ISSELECTED
SELECTALL
SELECTCLEAR
SELECTINVERT
DESELECT
FINDITEM
VIEWCHANGE
GETTOTALCOUNT
COLLAPSE
EXPAND
msctls_statusbar321
tooltips_class32
%d/%02d/%02d
button
Combobox
Listbox
SysDateTimePick32
SysMonthCal32
Msctls_Progress32
msctls_trackbar32
SysAnimate32
msctls_updown32
SysTabControl32
SysTreeView32
SysListView32
-----
@GUI_DRAGID
@GUI_DROPID
@GUI_DRAGFILE
Kalign
struct
endstruct
ubyte
boolean
wchar
short
ushort
dword
ulong
int64
uint64
handle
float
double
int_ptr
uint_ptr
long_ptr
ulong_ptr
dword_ptr
lresult
lparam
wparam
SCRIPT
Context1
Script &Paused
E&xit
Unknown macro.
*Unable to get a list of running processes.
Badly formated Enum statement
Assert Failed!
Func reassign not allowed.*Func reassign on global level not allowed.
String missing closing quote.!Badly formated variable or macro.*Missing separator character after keyword.
VS_VERSION_INFO
StringFileInfo
080904B0
VarFileInfo
Translation
This file is not on VirusTotal.

Process Tree


aDoElCCxY.exe, PID: 1420, Parent PID: 252
Full Path: C:\Users\user\AppData\Local\Temp\aDoElCCxY.exe
Command Line: "C:\Users\user\AppData\Local\Temp\aDoElCCxY.exe"

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Type Extracted Shellcode
Size 110592 bytes
Virtual Address 0x00150000
Process aDoElCCxY.exe
PID 1420
Path C:\Users\user\AppData\Local\Temp\aDoElCCxY.exe
MD5 4f6b87f1d63ab0ef0d5560636aa582e3
SHA1 bd7e3f67886d45e6e6bb22321fe743e69e8a505e
SHA256 fb5b84e405f774f76c9b77007c97d9238a759aa9fa23a4513388fd508a78d7b0
CRC32 EE892C12
Ssdeep 6:EVruCgLNhlNbEZbSSq5tuCKLmYDworsdpz362:8rCPYZtq5MlSgwogpT
Yara None matched
CAPE Yara None matched
Download Download ZIP
Type Extracted Shellcode
Size 106496 bytes
Virtual Address 0x001C0000
Process aDoElCCxY.exe
PID 1420
Path C:\Users\user\AppData\Local\Temp\aDoElCCxY.exe
MD5 1aaeec8430520e5d0adb2f23f11976ef
SHA1 f548d485717bde608529b0277b84035b61822162
SHA256 145b8077fb9acbcffeef0278b936a4f5093ad6d3697218082457637134f29e06
CRC32 802EECC9
Ssdeep 192:ntHTDKtQQXKahc9mLqhf/Tgk6aS3FLQMYl:nh8iahAHTI/LQMq
Yara
  • shellcode_patterns - Matched shellcode byte patterns
CAPE Yara None matched
Download Download ZIP
Sorry! No process dumps.

Comments



No comments posted

Processing ( 5.283 seconds )

  • 1.556 CAPE
  • 1.463 TargetInfo
  • 1.29 Static
  • 0.491 BehaviorAnalysis
  • 0.313 Strings
  • 0.127 TrID
  • 0.03 Deduplicate
  • 0.006 NetworkAnalysis
  • 0.005 AnalysisInfo
  • 0.002 Debug

Signatures ( 0.271 seconds )

  • 0.021 stealth_timeout
  • 0.017 Doppelganging
  • 0.016 decoy_document
  • 0.015 NewtWire Behavior
  • 0.015 api_spamming
  • 0.012 injection_createremotethread
  • 0.011 mimics_filetime
  • 0.011 InjectionCreateRemoteThread
  • 0.01 injection_runpe
  • 0.009 InjectionInterProcess
  • 0.009 InjectionProcessHollowing
  • 0.009 antivm_generic_disk
  • 0.009 antiav_detectreg
  • 0.008 stealth_file
  • 0.008 reads_self
  • 0.008 ransomware_files
  • 0.007 Extraction
  • 0.007 virus
  • 0.006 bootkit
  • 0.005 antidebug_guardpages
  • 0.005 exploit_heapspray
  • 0.005 hancitor_behavior
  • 0.004 stack_pivot
  • 0.004 infostealer_ftp
  • 0.003 Raccoon Behavior
  • 0.003 persistence_autorun
  • 0.003 antiav_detectfile
  • 0.003 ransomware_extensions
  • 0.002 InjectionSetWindowLong
  • 0.002 antianalysis_detectreg
  • 0.002 browser_security
  • 0.002 infostealer_bitcoin
  • 0.002 infostealer_im
  • 0.002 infostealer_mail
  • 0.001 tinba_behavior
  • 0.001 rat_nanocore
  • 0.001 infostealer_browser
  • 0.001 injection_explorer
  • 0.001 TransactedHollowing
  • 0.001 shifu_behavior
  • 0.001 antidbg_windows
  • 0.001 cerber_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_vbox_files
  • 0.001 antivm_vbox_keys
  • 0.001 geodo_banking_trojan
  • 0.001 bot_drive
  • 0.001 modify_proxy
  • 0.001 disables_browser_warn
  • 0.001 masquerade_process_name

Reporting ( 0.001 seconds )

  • 0.001 CompressResults
Task ID 121553
Mongo ID 5e1dddfda21c7f1a1b480fe7
Cuckoo release 1.3-CAPE
Delete